mystart.incredibar.com entfernen

cdtueb · 08.07.2012, 09:27

Hallo,

ich habe dieses mystart.incredibar.com seit 2 Tagen auf meinem Rechner. Hab jetzt versucht nach dieser Anleitung hxxp://de.fasterpccleanclean.com/mystart-by-incredibar-entfernen/#deletefiles
Das Ding zu entfernen, aber ich habe bei jedem Schritt nicht die angegeben Daten gefunden.

Ich hab jetzt mal Malwarebytes darüberlaufen lassen

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Susi :: SUSISPC [Administrator]

Schutz: Aktiviert

06.07.2012 14:11:31
mbam-log-2012-07-06 (14-11-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 526126
Laufzeit: 3 Stunde(n), 22 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Susi\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Susi\Downloads\SoftonicDownloader_fuer_picasa.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Susi\Favorites\Free Porn Movies - Tube Galore . com.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und noch den ESET Online Scanner, weil ich in einem anderen Forenbeitrag gesehen habe, dass der auch hilft

Code:

ATTFilter

C:\Program Files\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application
C:\Users\Susi\AppData\Local\Temp\is1373634743\MyBabylonTB.exe	Win32/Toolbar.Babylon application
C:\Users\Susi\FoxTabPDFCreator\message.exe	a variant of Win32/InstallCore.A application
C:\Windows\Temp\hss_update.exe	a variant of Win32/HotSpotShield application

Symptome an meinem Rechner sind, dass meine Browser jeden Tab mit mystart.incredibar öffnen und die Schrift des Browsers sich geändert hat.

Vielen dank schonmal für die Hilfe.

Liebe Grüße
Chris

cosinus · 11.07.2012, 21:17

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

cdtueb · 13.07.2012, 07:34

Ich hab den AdwCleaner drüber laufen lassen. Hier der Code:

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/13/2012 at 08:32:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Susi - SUSISPC
# Running from : C:\Users\Susi\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Susi\AppData\Local\Conduit
Folder Found : C:\Users\Susi\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Susi\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Susi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\ConduitCommon
Folder Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\extensions\ffxtlbr@incredibar.com
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Askcom.xml
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Conduit.xml
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&i=26

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", true);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "9-10-2011");
Found : user_pref("CT2319825.DSInstall", true);
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Sun Oct 09 2011 11:49:41 GMT+0200");
Found : user_pref("CT2319825.FeedPollDate11908299", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.FirstServerDate", "9-10-2011");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", true);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HPInstall", false);
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Found : user_pref("CT2319825.InstalledDate", "Sun Oct 09 2011 11:34:39 GMT+0200");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsAlertDBUpdated", true);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsInitSetupIni", true);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", false);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.IsProtectorsInit", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_3.7.0.6", "Sun Oct 09 2011 19:41:58 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.7.0.6");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6");
Found : user_pref("CT2319825.RadioLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Found : user_pref("CT2319825.SavedHomepage", "hxxp://www.yahoo.de");
Found : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
Found : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2319825.SearchProtectorEnabled", true);
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.SendProtectorDataViaLogin", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Sun Oct 09 2011 11:34:36 GMT+0200");
Found : user_pref("CT2319825.SettingsLastCheckTime", "Sun Oct 09 2011 19:41:52 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
Found : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Oct 09 2011 11:34:36 GMT+0200");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN77399982343598620");
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Sun Oct 09 2011 11:34:41 GMT+0200");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "3236353332313937");
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.isAppTrackingManagerOn", true);
Found : user_pref("CT2319825.isFirstRadioInstallation", false);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Susi\\AppData\\Roaming\\Mozilla\\Fi[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "349e73dd-cd07-4cca-811c-0f373b0f12f0");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 09 2011 19:42:05 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 09 2011 11:34:38 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "227e771c-92d6-461f-b9f9-3a8af01adb1c");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.de");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&loc=FF_NT");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6,ffxtlbr@incredib[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341676582686");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "DE023FC252A771F2B7841C10B7F802CA");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "ce8aa8950000000000000026f2ed6140");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15527");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15527");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", true);
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8y8EVMiW");
Found : user_pref("extensions.incredibar.upn2n", "92824656932326798");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "ce8aa8950000000000000026f2ed6140");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15527");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8y8EVMiW");
Found : user_pref("extensions.incredibar_i.upn2n", "92824656932326798");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8y8EVMiW&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default 
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wblifemk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Susi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20265 octets] - [13/07/2012 08:32:56]

########## EOF - C:\AdwCleaner[R1].txt - [20394 octets] ##########

Schonmal tausend Dank für deine Hilfe.

cosinus · 13.07.2012, 15:07

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

cdtueb · 13.07.2012, 17:02

Hallo,

ich hab jetzt alles gelöscht... hoffe ich

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/13/2012 at 17:54:34
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Susi - SUSISPC
# Running from : C:\Users\Susi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Susi\AppData\Local\Conduit
Folder Deleted : C:\Users\Susi\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Susi\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Susi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\ConduitCommon
Folder Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\extensions\ffxtlbr@incredibar.com
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\prefs.js

C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\user.js ... Deleted !

Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CTID", "CT2319825");
Deleted : user_pref("CT2319825.CurrentServerDate", "9-10-2011");
Deleted : user_pref("CT2319825.DSInstall", true);
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Sun Oct 09 2011 11:49:41 GMT+0200");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.FirstServerDate", "9-10-2011");
Deleted : user_pref("CT2319825.FirstTime", true);
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HPInstall", false);
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2319825.InstalledDate", "Sun Oct 09 2011 11:34:39 GMT+0200");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsAlertDBUpdated", true);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsInitSetupIni", true);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.IsProtectorsInit", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_3.7.0.6", "Sun Oct 09 2011 19:41:58 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.SavedHomepage", "hxxp://www.yahoo.de");
Deleted : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
Deleted : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2319825.SearchProtectorEnabled", true);
Deleted : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2319825.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Sun Oct 09 2011 11:34:36 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Sun Oct 09 2011 19:41:52 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
Deleted : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Oct 09 2011 11:34:36 GMT+0200");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.ToolbarDisabled", true);
Deleted : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2319825.UserID", "UN77399982343598620");
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Sun Oct 09 2011 11:34:41 GMT+0200");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "3236353332313937");
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.initDone", true);
Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2319825.isFirstRadioInstallation", false);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.revertSettingsEnabled", true);
Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Susi\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "349e73dd-cd07-4cca-811c-0f373b0f12f0");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 09 2011 19:42:05 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 09 2011 11:34:38 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "227e771c-92d6-461f-b9f9-3a8af01adb1c");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.de");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&loc=FF_NT");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6,ffxtlbr@incredib[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341676582686");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "DE023FC252A771F2B7841C10B7F802CA");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "ce8aa8950000000000000026f2ed6140");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15527");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15527");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", true);
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8y8EVMiW");
Deleted : user_pref("extensions.incredibar.upn2n", "92824656932326798");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "ce8aa8950000000000000026f2ed6140");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15527");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8y8EVMiW");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824656932326798");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8y8EVMiW&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default 
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wblifemk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Susi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20396 octets] - [13/07/2012 08:32:56]
AdwCleaner[R2].txt - [20457 octets] - [13/07/2012 08:33:27]
AdwCleaner[S1].txt - [21015 octets] - [13/07/2012 17:54:34]

########## EOF - C:\AdwCleaner[S1].txt - [21144 octets] ##########

Vielen Dank schonmal falls jetzt allers erledigt ist.

Mit freundlichen Grüßen
Chris

cosinus · 13.07.2012, 21:26

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

cdtueb · 15.07.2012, 09:14

Hallo,

also mein PC funktioniert wieder uneingeschränkt,ich vermisse auch keine Ordner und habe auch keine leere Ordner.

Ist dann mein PC wieder frei von dem Dreck?

Tausend Danke für die Hilfe. Wirklich freundlich, dass du mir geholfen hast.

Mit freundlichen Grüßen
Chris

cosinus · 15.07.2012, 16:55

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

cdtueb · 15.07.2012, 17:59

Hier hab ich den OTL-Scan gemacht, folgendes kam dabei raus

Code:

ATTFilter

OTL logfile created on: 15.07.2012 18:24:36 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Susi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,82% Memory free
6,70 Gb Paging File | 4,82 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 347,12 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32
 
Computer Name: SUSISPC | User Name: Susi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.15 18:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
PRC - [2012.05.09 08:15:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 08:15:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.09 08:15:42 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:15:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.01.13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.08.20 21:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.16 23:15:06 | 000,250,416 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.06.16 22:33:44 | 000,322,608 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2010.06.16 22:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.09.17 18:37:48 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 18:45:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Programme\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.02.28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 18:25:58 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 18:23:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 18:23:35 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.11 07:44:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 07:44:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 07:44:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012.05.11 07:28:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 07:27:18 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 07:27:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.01.13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll
MOD - [2011.01.13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll
MOD - [2010.08.20 21:45:36 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.08.20 21:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll
MOD - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009.04.22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll
MOD - [2008.12.10 15:53:52 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:51 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3257.27091__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:50 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:50 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.12.10 15:53:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.12.10 15:53:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.12.10 15:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.12.10 15:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.12.10 15:53:47 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.12.10 15:53:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.12.10 15:53:46 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.12.10 15:53:46 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.12.10 15:53:46 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.12.10 15:53:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.12.10 15:53:46 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.12.10 15:53:46 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2008.12.10 15:53:46 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.12.10 15:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.12.10 15:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.12.10 15:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.12.10 15:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.12.10 15:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.12.01 22:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.11 21:56:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.21 19:40:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 08:15:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 08:15:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.06.16 23:16:06 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.06.16 23:15:06 | 000,250,416 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.06.16 22:33:44 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.16 22:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.09 08:15:51 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 08:15:51 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.14 00:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010.03.26 21:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009.01.13 11:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.12.02 00:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.11 19:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.10.31 17:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.01 17:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007.10.12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2006.11.16 15:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 15:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005.12.06 05:30:19 | 000,916,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2003.10.02 16:47:14 | 000,666,624 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PRISMUSB.sys -- (PRISM_USB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAAA&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_uid=0d4ceed7-8276-43fe-8b48-3ce36973acd1&apn_sauid=D24C71D2-EAB5-4C97-81A6-21D0D8BDC426
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=VlJ_dVdxAy5Qh1NNir7kUC7EDh8?q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Susi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 19:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 16:45:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 19:40:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 16:45:55 | 000,000,000 | ---D | M]
 
[2011.02.02 15:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Extensions
[2012.07.13 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\o0s18t4g.default\extensions
[2011.10.18 06:52:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\o0s18t4g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.21 19:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 20:13:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.21 19:40:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 19:40:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 19:40:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 19:40:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 19:40:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 19:40:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 19:40:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe File not found
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02670AA7-B7BA-46C7-B222-EA954B1D6FF9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{511DDCBA-5A36-4920-B8F9-A0F5359919F5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 18:22:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.07.14 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012.07.14 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.07.06 22:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.06 14:10:07 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2012.07.06 14:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.06 14:10:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.06 14:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.06 14:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.24 12:02:48 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Local\Macromedia
[3 C:\Users\Susi\*.tmp files -> C:\Users\Susi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 18:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.07.15 18:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.07.15 18:15:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 18:15:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 18:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 18:15:30 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 12:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 19:21:31 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.14 19:21:31 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.14 19:21:31 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.14 19:21:31 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.14 17:46:54 | 000,001,010 | ---- | M] () -- C:\Users\Susi\Desktop\PDF-Viewer.lnk
[2012.07.12 21:09:15 | 000,328,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.06 08:03:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.06 07:55:16 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.06 07:54:42 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.07.03 18:04:16 | 000,017,229 | ---- | M] () -- C:\Users\Susi\Desktop\TueSem_12_TerminplanPS.pdf
[2012.06.30 15:01:12 | 000,369,891 | ---- | M] () -- C:\Users\Susi\Desktop\Bot. Familien Übersicht.pdf
[3 C:\Users\Susi\*.tmp files -> C:\Users\Susi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.14 17:46:54 | 000,001,010 | ---- | C] () -- C:\Users\Susi\Desktop\PDF-Viewer.lnk
[2012.07.06 07:55:15 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.06 07:54:42 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.07.03 18:04:16 | 000,017,229 | ---- | C] () -- C:\Users\Susi\Desktop\TueSem_12_TerminplanPS.pdf
[2012.06.30 15:01:09 | 000,369,891 | ---- | C] () -- C:\Users\Susi\Desktop\Bot. Familien Übersicht.pdf
[2011.05.09 21:02:20 | 000,033,792 | ---- | C] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.31 11:53:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.03.31 11:53:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.01.28 18:56:56 | 000,070,656 | ---- | C] () -- C:\Users\Susi\Rilke_Blaue%20Hortensie_Hausarbeit%20doc
[2011.01.12 11:49:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.12 11:49:37 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.12 11:49:37 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.12 11:49:37 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.12 11:49:37 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.12 11:49:37 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.12 11:49:37 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.12 11:49:37 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.12 11:49:37 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.12 11:49:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.12 11:49:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.12 11:49:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.12 11:49:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.12 11:49:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.12 11:49:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.12 11:49:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.12 11:49:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.12 11:49:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.12 11:49:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.10.03 00:36:48 | 000,226,064 | ---- | C] () -- C:\Users\Susi\Ludovico Einaudi-Divenire-Sheetzbox.pdf
[2010.07.01 11:54:24 | 006,162,022 | ---- | C] () -- C:\Users\Susi\13-blumentopf-helping_hand.mp3
[2009.11.16 07:55:18 | 000,000,760 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\setup_ldm.iss
[2009.05.05 06:50:46 | 000,010,228 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2011.06.29 08:31:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EPSON
[2009.09.14 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Blitware
[2010.08.28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Canon
[2012.01.31 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoft
[2011.07.04 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.11 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EPSON
[2011.07.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EuroTalk
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2010.03.26 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ICQ
[2009.08.16 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\IrfanView
[2009.12.17 09:06:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Leadertech
[2011.10.09 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Scribus
[2009.05.05 06:50:52 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Template
[2012.07.06 12:16:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Tobit
[2011.01.19 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\XSManager
[2009.09.14 21:31:09 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012.07.15 13:22:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.15 18:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.11 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Adobe
[2010.05.28 16:10:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Apple Computer
[2009.05.03 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ATI
[2012.01.07 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Avira
[2009.09.14 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Blitware
[2010.08.28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Canon
[2009.05.11 23:01:58 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Corel
[2009.09.27 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\CyberLink
[2010.10.02 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DivX
[2012.01.31 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoft
[2011.07.04 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.11 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EPSON
[2011.07.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EuroTalk
[2009.05.03 00:59:10 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Google
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2010.03.26 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ICQ
[2009.05.03 00:53:22 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Identities
[2011.01.12 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\InstallShield
[2009.08.16 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\IrfanView
[2009.12.17 09:06:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Leadertech
[2009.05.02 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Macromedia
[2012.07.06 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Media Center Programs
[2012.07.06 12:25:50 | 000,000,000 | --SD | M] -- C:\Users\Susi\AppData\Roaming\Microsoft
[2011.02.02 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Mozilla
[2009.05.04 16:04:15 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Nero
[2011.10.09 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Scribus
[2012.07.14 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Skype
[2009.05.05 06:50:52 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Template
[2012.07.06 12:16:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Tobit
[2011.01.19 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\XSManager
[2010.08.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.06.18 18:41:57 | 015,739,760 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys
[2007.11.01 21:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.12.01 22:47:28 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >

Mit freundlichen Grüßen
Chris

cosinus · 15.07.2012, 18:58

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAAA&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_uid=0d4ceed7-8276-43fe-8b48-3ce36973acd1&apn_sauid=D24C71D2-EAB5-4C97-81A6-21D0D8BDC426
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=VlJ_dVdxAy5Qh1NNir7kUC7EDh8?q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
[2012.07.06 07:55:16 | 000,000,447 | ---- | M] () -- C:\user.js
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

cdtueb · 16.07.2012, 17:11

Hier mal wieder das Ergebnis:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "yahoo.de" removed from browser.startup.homepage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667d0b7f-625d-11de-9192-002421177311}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667d0b7f-625d-11de-9192-002421177311}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
C:\user.js moved successfully.
C:\Users\Susi\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\install.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andrea
->Temp folder emptied: 1681767 bytes
->Temporary Internet Files folder emptied: 68695425 bytes
->Java cache emptied: 58259 bytes
->Flash cache emptied: 2585 bytes
 
User: Chris
->Temp folder emptied: 6819705 bytes
->Temporary Internet Files folder emptied: 4830165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42636081 bytes
->Flash cache emptied: 1316 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Susi
->Temp folder emptied: 1603515668 bytes
->Temporary Internet Files folder emptied: 1280472757 bytes
->Java cache emptied: 2087463 bytes
->FireFox cache emptied: 300080960 bytes
->Flash cache emptied: 15896695 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178535106 bytes
RecycleBin emptied: 110250163 bytes
 
Total Files Cleaned = 3.448,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andrea
->Flash cache emptied: 0 bytes
 
User: Chris
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Susi
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_172752

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

PendingFileRenameOperations files...
File C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

Registry entries deleted on Reboot...

Mit freundlichen Grüßen
Chris

cdtueb · 18.07.2012, 11:59

Hier der Report

Code:

ATTFilter

12:51:50.0087 6112	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
12:51:50.0214 6112	============================================================
12:51:50.0214 6112	Current date / time: 2012/07/18 12:51:50.0214
12:51:50.0215 6112	SystemInfo:
12:51:50.0215 6112	
12:51:50.0215 6112	OS Version: 6.0.6002 ServicePack: 2.0
12:51:50.0215 6112	Product type: Workstation
12:51:50.0215 6112	ComputerName: SUSISPC
12:51:50.0215 6112	UserName: Susi
12:51:50.0215 6112	Windows directory: C:\Windows
12:51:50.0215 6112	System windows directory: C:\Windows
12:51:50.0215 6112	Processor architecture: Intel x86
12:51:50.0215 6112	Number of processors: 2
12:51:50.0215 6112	Page size: 0x1000
12:51:50.0215 6112	Boot type: Normal boot
12:51:50.0215 6112	============================================================
12:51:52.0374 6112	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:52.0392 6112	============================================================
12:51:52.0392 6112	\Device\Harddisk0\DR0:
12:51:52.0392 6112	MBR partitions:
12:51:52.0392 6112	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48054800
12:51:52.0422 6112	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805503F, BlocksNum 0x2801E82
12:51:52.0422 6112	============================================================
12:51:52.0460 6112	C: <-> \Device\Harddisk0\DR0\Partition0
12:51:52.0478 6112	D: <-> \Device\Harddisk0\DR0\Partition1
12:51:52.0478 6112	============================================================
12:51:52.0478 6112	Initialize success
12:51:52.0478 6112	============================================================
12:53:00.0912 4460	============================================================
12:53:00.0912 4460	Scan started
12:53:00.0912 4460	Mode: Manual; SigCheck; TDLFS; 
12:53:00.0912 4460	============================================================
12:53:03.0830 4460	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:53:03.0997 4460	ACPI - ok
12:53:04.0490 4460	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:53:04.0508 4460	AdobeARMservice - ok
12:53:05.0136 4460	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:05.0159 4460	AdobeFlashPlayerUpdateSvc - ok
12:53:05.0382 4460	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:53:05.0412 4460	adp94xx - ok
12:53:05.0442 4460	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:53:05.0472 4460	adpahci - ok
12:53:05.0850 4460	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:53:05.0883 4460	adpu160m - ok
12:53:06.0201 4460	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:53:06.0226 4460	adpu320 - ok
12:53:06.0308 4460	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:53:06.0432 4460	AeLookupSvc - ok
12:53:06.0495 4460	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:53:06.0566 4460	AFD - ok
12:53:06.0616 4460	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:53:06.0637 4460	agp440 - ok
12:53:06.0697 4460	ahcix86s        (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
12:53:06.0723 4460	ahcix86s - ok
12:53:07.0035 4460	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:53:07.0070 4460	aic78xx - ok
12:53:07.0257 4460	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:53:07.0401 4460	ALG - ok
12:53:07.0550 4460	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:53:07.0581 4460	aliide - ok
12:53:07.0640 4460	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:53:07.0662 4460	amdagp - ok
12:53:07.0771 4460	amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
12:53:07.0786 4460	amdide - ok
12:53:07.0830 4460	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:53:07.0888 4460	AmdK7 - ok
12:53:08.0096 4460	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:53:08.0167 4460	AmdK8 - ok
12:53:08.0421 4460	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:53:08.0441 4460	AntiVirSchedulerService - ok
12:53:08.0521 4460	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:53:08.0540 4460	AntiVirService - ok
12:53:08.0626 4460	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:53:08.0707 4460	Appinfo - ok
12:53:08.0734 4460	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:53:08.0757 4460	arc - ok
12:53:08.0794 4460	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:53:08.0817 4460	arcsas - ok
12:53:08.0857 4460	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:08.0915 4460	AsyncMac - ok
12:53:09.0086 4460	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:53:09.0107 4460	atapi - ok
12:53:09.0469 4460	Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
12:53:09.0616 4460	Ati External Event Utility - ok
12:53:11.0169 4460	atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:11.0806 4460	atikmdag - ok
12:53:12.0299 4460	AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:53:12.0315 4460	AtiPcie - ok
12:53:12.0408 4460	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:12.0483 4460	AudioEndpointBuilder - ok
12:53:12.0491 4460	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:12.0528 4460	Audiosrv - ok
12:53:12.0607 4460	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
12:53:12.0627 4460	avgntflt - ok
12:53:12.0667 4460	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
12:53:12.0688 4460	avipbb - ok
12:53:12.0883 4460	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:53:12.0901 4460	avkmgr - ok
12:53:13.0012 4460	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:53:13.0103 4460	Beep - ok
12:53:13.0330 4460	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:53:13.0424 4460	BFE - ok
12:53:13.0678 4460	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:53:13.0773 4460	BITS - ok
12:53:14.0221 4460	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:53:14.0434 4460	blbdrive - ok
12:53:14.0956 4460	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:53:15.0040 4460	bowser - ok
12:53:15.0105 4460	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:53:15.0136 4460	BrFiltLo - ok
12:53:15.0227 4460	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:53:15.0297 4460	BrFiltUp - ok
12:53:16.0150 4460	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:53:16.0256 4460	Browser - ok
12:53:16.0884 4460	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:53:17.0158 4460	Brserid - ok
12:53:17.0672 4460	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:53:17.0756 4460	BrSerWdm - ok
12:53:17.0876 4460	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:53:18.0010 4460	BrUsbMdm - ok
12:53:18.0146 4460	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:53:18.0299 4460	BrUsbSer - ok
12:53:18.0342 4460	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:53:18.0443 4460	BTHMODEM - ok
12:53:18.0504 4460	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:18.0555 4460	cdfs - ok
12:53:18.0609 4460	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:18.0659 4460	cdrom - ok
12:53:18.0710 4460	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:53:18.0768 4460	CertPropSvc - ok
12:53:19.0005 4460	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:53:19.0090 4460	circlass - ok
12:53:19.0440 4460	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:53:19.0480 4460	CLFS - ok
12:53:20.0543 4460	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:20.0594 4460	clr_optimization_v2.0.50727_32 - ok
12:53:21.0000 4460	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:21.0040 4460	clr_optimization_v4.0.30319_32 - ok
12:53:21.0236 4460	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:53:21.0336 4460	cmdide - ok
12:53:21.0426 4460	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
12:53:21.0507 4460	cmnsusbser - ok
12:53:21.0539 4460	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
12:53:21.0560 4460	Compbatt - ok
12:53:21.0565 4460	COMSysApp - ok
12:53:21.0747 4460	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:53:21.0768 4460	crcdisk - ok
12:53:21.0861 4460	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:53:21.0921 4460	Crusoe - ok
12:53:22.0187 4460	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:53:22.0278 4460	CryptSvc - ok
12:53:22.0648 4460	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:53:22.0741 4460	DcomLaunch - ok
12:53:23.0159 4460	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:53:23.0231 4460	DfsC - ok
12:53:24.0136 4460	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:53:24.0368 4460	DFSR - ok
12:53:24.0698 4460	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:53:24.0756 4460	Dhcp - ok
12:53:24.0874 4460	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:53:24.0901 4460	disk - ok
12:53:24.0968 4460	DNIMp50         (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
12:53:24.0980 4460	DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
12:53:24.0981 4460	DNIMp50 - detected UnsignedFile.Multi.Generic (1)
12:53:25.0041 4460	DNISp50         (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
12:53:25.0063 4460	DNISp50 ( UnsignedFile.Multi.Generic ) - warning
12:53:25.0063 4460	DNISp50 - detected UnsignedFile.Multi.Generic (1)
12:53:25.0116 4460	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:53:25.0163 4460	Dnscache - ok
12:53:25.0226 4460	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:53:25.0317 4460	dot3svc - ok
12:53:25.0371 4460	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:53:25.0435 4460	DPS - ok
12:53:25.0489 4460	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:53:25.0525 4460	drmkaud - ok
12:53:26.0340 4460	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:26.0401 4460	DXGKrnl - ok
12:53:26.0462 4460	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:53:26.0556 4460	E1G60 - ok
12:53:26.0642 4460	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:53:26.0678 4460	EapHost - ok
12:53:26.0748 4460	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:53:26.0771 4460	Ecache - ok
12:53:27.0189 4460	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:53:27.0344 4460	ehRecvr - ok
12:53:27.0374 4460	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:53:27.0420 4460	ehSched - ok
12:53:27.0492 4460	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:53:27.0529 4460	ehstart - ok
12:53:27.0597 4460	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:53:27.0635 4460	elxstor - ok
12:53:29.0215 4460	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:53:29.0347 4460	EMDMgmt - ok
12:53:30.0033 4460	EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
12:53:30.0091 4460	EPSON_EB_RPCV4_01 - ok
12:53:30.0481 4460	EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
12:53:30.0530 4460	EPSON_PM_RPCV4_01 - ok
12:53:30.0571 4460	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:53:30.0611 4460	ErrDev - ok
12:53:31.0106 4460	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:53:31.0158 4460	EventSystem - ok
12:53:31.0248 4460	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:53:31.0349 4460	exfat - ok
12:53:31.0835 4460	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:53:31.0909 4460	fastfat - ok
12:53:31.0957 4460	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:53:32.0006 4460	fdc - ok
12:53:32.0029 4460	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:53:32.0070 4460	fdPHost - ok
12:53:32.0180 4460	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:53:32.0262 4460	FDResPub - ok
12:53:32.0362 4460	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:53:32.0383 4460	FileInfo - ok
12:53:32.0501 4460	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:53:32.0567 4460	Filetrace - ok
12:53:32.0627 4460	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:32.0685 4460	flpydisk - ok
12:53:33.0156 4460	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:53:33.0183 4460	FltMgr - ok
12:53:33.0397 4460	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:53:33.0468 4460	FontCache - ok
12:53:33.0851 4460	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:33.0876 4460	FontCache3.0.0.0 - ok
12:53:33.0917 4460	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:33.0991 4460	Fs_Rec - ok
12:53:34.0264 4460	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:53:34.0299 4460	gagp30kx - ok
12:53:34.0580 4460	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:53:34.0597 4460	GoogleDesktopManager-051210-111108 - ok
12:53:36.0134 4460	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:53:36.0217 4460	gpsvc - ok
12:53:36.0393 4460	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:53:36.0416 4460	gusvc - ok
12:53:36.0780 4460	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:53:36.0887 4460	HdAudAddService - ok
12:53:37.0194 4460	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:37.0325 4460	HDAudBus - ok
12:53:37.0425 4460	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:53:37.0523 4460	HidBth - ok
12:53:37.0547 4460	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:53:37.0622 4460	HidIr - ok
12:53:37.0650 4460	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:53:37.0696 4460	hidserv - ok
12:53:37.0752 4460	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:53:37.0816 4460	HidUsb - ok
12:53:38.0121 4460	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:53:38.0178 4460	hkmsvc - ok
12:53:38.0435 4460	HotspotShieldService (7dd31c0d40edef77036aca98a109cce2) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
12:53:38.0493 4460	HotspotShieldService ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0493 4460	HotspotShieldService - detected UnsignedFile.Multi.Generic (1)
12:53:38.0682 4460	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:53:38.0710 4460	HpCISSs - ok
12:53:38.0814 4460	HssDrv          (0d6b32306c362750ec6576f1d90c52f7) C:\Windows\system32\DRIVERS\HssDrv.sys
12:53:38.0830 4460	HssDrv - ok
12:53:38.0884 4460	HssSrv          (5036ca3f9101df26931f177746a7f7de) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
12:53:38.0940 4460	HssSrv ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0940 4460	HssSrv - detected UnsignedFile.Multi.Generic (1)
12:53:38.0963 4460	HssTrayService  (6f0928f669e3dbf353446a7c09a1f08b) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
12:53:38.0999 4460	HssTrayService ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0999 4460	HssTrayService - detected UnsignedFile.Multi.Generic (1)
12:53:39.0021 4460	HssWd - ok
12:53:39.0077 4460	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:53:39.0189 4460	HTTP - ok
12:53:39.0209 4460	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:53:39.0250 4460	i2omp - ok
12:53:39.0302 4460	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:39.0346 4460	i8042prt - ok
12:53:39.0463 4460	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:53:39.0505 4460	iaStorV - ok
12:53:40.0538 4460	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:40.0631 4460	idsvc - ok
12:53:40.0847 4460	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:53:40.0868 4460	iirsp - ok
12:53:41.0584 4460	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:53:41.0645 4460	IKEEXT - ok
12:53:42.0639 4460	IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
12:53:42.0810 4460	IntcAzAudAddService - ok
12:53:43.0545 4460	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:53:43.0567 4460	intelide - ok
12:53:43.0615 4460	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:43.0666 4460	intelppm - ok
12:53:44.0046 4460	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:53:44.0120 4460	IPBusEnum - ok
12:53:44.0282 4460	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:44.0354 4460	IpFilterDriver - ok
12:53:44.0561 4460	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:53:44.0645 4460	iphlpsvc - ok
12:53:44.0651 4460	IpInIp - ok
12:53:44.0798 4460	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:53:44.0856 4460	IPMIDRV - ok
12:53:44.0966 4460	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:53:45.0012 4460	IPNAT - ok
12:53:45.0042 4460	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:53:45.0082 4460	IRENUM - ok
12:53:45.0165 4460	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:53:45.0189 4460	isapnp - ok
12:53:45.0250 4460	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:45.0281 4460	iScsiPrt - ok
12:53:45.0322 4460	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:53:45.0355 4460	iteatapi - ok
12:53:45.0451 4460	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:53:45.0481 4460	iteraid - ok
12:53:46.0333 4460	jswpsapi        (78d233d835a8876035ac559afe02b940) C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
12:53:46.0654 4460	jswpsapi ( UnsignedFile.Multi.Generic ) - warning
12:53:46.0655 4460	jswpsapi - detected UnsignedFile.Multi.Generic (1)
12:53:46.0747 4460	jswpslwf        (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
12:53:46.0802 4460	jswpslwf - ok
12:53:46.0902 4460	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:46.0922 4460	kbdclass - ok
12:53:46.0973 4460	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:47.0038 4460	kbdhid - ok
12:53:47.0120 4460	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:47.0181 4460	KeyIso - ok
12:53:47.0417 4460	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
12:53:47.0453 4460	KSecDD - ok
12:53:47.0529 4460	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:53:47.0613 4460	KtmRm - ok
12:53:47.0684 4460	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:53:47.0751 4460	LanmanServer - ok
12:53:47.0814 4460	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:53:47.0867 4460	LanmanWorkstation - ok
12:53:47.0895 4460	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:47.0949 4460	lltdio - ok
12:53:48.0000 4460	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:53:48.0089 4460	lltdsvc - ok
12:53:48.0137 4460	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:53:48.0215 4460	lmhosts - ok
12:53:48.0430 4460	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:53:48.0456 4460	LSI_FC - ok
12:53:48.0480 4460	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:53:48.0503 4460	LSI_SAS - ok
12:53:48.0546 4460	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:53:48.0569 4460	LSI_SCSI - ok
12:53:48.0597 4460	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:53:48.0689 4460	luafv - ok
12:53:48.0782 4460	LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
12:53:48.0799 4460	LVPr2Mon - ok
12:53:48.0898 4460	LVPrcMon        (4fd5a6335fb4fc1f758088b2f90613fe) C:\Windows\system32\drivers\LVPrcMon.sys
12:53:48.0917 4460	LVPrcMon ( UnsignedFile.Multi.Generic ) - warning
12:53:48.0917 4460	LVPrcMon - detected UnsignedFile.Multi.Generic (1)
12:53:49.0041 4460	LVPrcSrv        (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:53:49.0059 4460	LVPrcSrv - ok
12:53:49.0193 4460	LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
12:53:49.0214 4460	LVRS - ok
12:53:49.0309 4460	LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
12:53:49.0326 4460	LVUSBSta - ok
12:53:49.0405 4460	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:53:49.0425 4460	MBAMProtector - ok
12:53:50.0113 4460	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:50.0150 4460	MBAMService - ok
12:53:50.0308 4460	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:53:50.0349 4460	Mcx2Svc - ok
12:53:50.0392 4460	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:53:50.0406 4460	megasas - ok
12:53:50.0992 4460	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:53:51.0027 4460	MegaSR - ok
12:53:51.0239 4460	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:53:51.0304 4460	MMCSS - ok
12:53:51.0424 4460	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:53:51.0494 4460	Modem - ok
12:53:51.0550 4460	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:53:51.0591 4460	monitor - ok
12:53:51.0762 4460	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:53:51.0783 4460	mouclass - ok
12:53:51.0946 4460	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:51.0987 4460	mouhid - ok
12:53:52.0244 4460	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:53:52.0271 4460	MountMgr - ok
12:53:52.0629 4460	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:53:52.0679 4460	MozillaMaintenance - ok
12:53:52.0737 4460	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:53:52.0764 4460	mpio - ok
12:53:52.0906 4460	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:53:52.0951 4460	mpsdrv - ok
12:53:53.0033 4460	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:53:53.0099 4460	MpsSvc - ok
12:53:53.0147 4460	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:53:53.0167 4460	Mraid35x - ok
12:53:53.0266 4460	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:53:53.0305 4460	MRxDAV - ok
12:53:53.0677 4460	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:53.0725 4460	mrxsmb - ok
12:53:53.0980 4460	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:54.0060 4460	mrxsmb10 - ok
12:53:54.0346 4460	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:54.0384 4460	mrxsmb20 - ok
12:53:54.0561 4460	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
12:53:54.0589 4460	msahci - ok
12:53:54.0833 4460	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:53:54.0864 4460	msdsm - ok
12:53:54.0951 4460	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:53:55.0000 4460	MSDTC - ok
12:53:55.0099 4460	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:53:55.0169 4460	Msfs - ok
12:53:55.0213 4460	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:53:55.0234 4460	msisadrv - ok
12:53:55.0707 4460	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:53:55.0780 4460	MSiSCSI - ok
12:53:55.0785 4460	msiserver - ok
12:53:55.0839 4460	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:55.0895 4460	MSKSSRV - ok
12:53:55.0942 4460	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:55.0996 4460	MSPCLOCK - ok
12:53:56.0011 4460	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:53:56.0052 4460	MSPQM - ok
12:53:56.0143 4460	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:53:56.0157 4460	MsRPC - ok
12:53:56.0310 4460	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:56.0321 4460	mssmbios - ok
12:53:56.0337 4460	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:53:56.0360 4460	MSTEE - ok
12:53:56.0385 4460	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:53:56.0397 4460	Mup - ok
12:53:56.0964 4460	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:53:57.0057 4460	napagent - ok
12:53:57.0565 4460	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:57.0591 4460	NativeWifiP - ok
12:53:57.0670 4460	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:53:57.0707 4460	NDIS - ok
12:53:57.0806 4460	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:57.0876 4460	NdisTapi - ok
12:53:57.0964 4460	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:58.0016 4460	Ndisuio - ok
12:53:58.0067 4460	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:58.0148 4460	NdisWan - ok
12:53:58.0197 4460	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:53:58.0228 4460	NDProxy - ok
12:53:58.0786 4460	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
12:53:58.0840 4460	Nero BackItUp Scheduler 3 - ok
12:53:58.0965 4460	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:53:59.0025 4460	NetBIOS - ok
12:53:59.0322 4460	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:53:59.0388 4460	netbt - ok
12:53:59.0432 4460	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:59.0451 4460	Netlogon - ok
12:53:59.0732 4460	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:53:59.0795 4460	Netman - ok
12:54:00.0095 4460	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:54:00.0191 4460	netprofm - ok
12:54:00.0502 4460	netr28u         (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
12:54:00.0617 4460	netr28u - ok
12:54:01.0044 4460	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:01.0065 4460	NetTcpPortSharing - ok
12:54:01.0208 4460	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:54:01.0228 4460	nfrd960 - ok
12:54:01.0377 4460	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:54:01.0428 4460	NlaSvc - ok
12:54:02.0301 4460	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
12:54:02.0352 4460	NMIndexingService - ok
12:54:02.0388 4460	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:54:02.0419 4460	Npfs - ok
12:54:02.0565 4460	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:54:02.0642 4460	nsi - ok
12:54:02.0675 4460	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:54:02.0731 4460	nsiproxy - ok
12:54:03.0814 4460	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:54:03.0882 4460	Ntfs - ok
12:54:04.0115 4460	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:54:04.0169 4460	ntrigdigi - ok
12:54:04.0205 4460	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:54:04.0271 4460	Null - ok
12:54:04.0386 4460	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:54:04.0410 4460	nvraid - ok
12:54:04.0594 4460	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:54:04.0622 4460	nvstor - ok
12:54:04.0830 4460	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:54:04.0854 4460	nv_agp - ok
12:54:04.0862 4460	NwlnkFlt - ok
12:54:04.0871 4460	NwlnkFwd - ok
12:54:06.0669 4460	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:06.0745 4460	odserv - ok
12:54:06.0906 4460	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:54:06.0961 4460	ohci1394 - ok
12:54:07.0253 4460	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:07.0274 4460	ose - ok
12:54:07.0350 4460	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:07.0516 4460	p2pimsvc - ok
12:54:07.0528 4460	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:07.0566 4460	p2psvc - ok
12:54:07.0633 4460	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:54:07.0709 4460	Parport - ok
12:54:07.0753 4460	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:54:07.0775 4460	partmgr - ok
12:54:07.0801 4460	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:54:07.0891 4460	Parvdm - ok
12:54:07.0981 4460	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:54:08.0033 4460	PcaSvc - ok
12:54:08.0208 4460	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:54:08.0233 4460	pci - ok
12:54:08.0277 4460	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:54:08.0298 4460	pciide - ok
12:54:08.0697 4460	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:54:08.0721 4460	pcmcia - ok
12:54:09.0794 4460	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:54:09.0908 4460	PEAUTH - ok
12:54:10.0073 4460	pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
12:54:10.0089 4460	pepifilter - ok
12:54:10.0572 4460	PID_08A0        (36eddcefdd036fffa95aa84d1645dd67) C:\Windows\system32\DRIVERS\LV302AV.SYS
12:54:10.0682 4460	PID_08A0 - ok
12:54:11.0535 4460	PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
12:54:11.0723 4460	PID_PEPI - ok
12:54:13.0363 4460	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:54:13.0477 4460	pla - ok
12:54:14.0373 4460	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
12:54:14.0415 4460	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:54:14.0415 4460	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:54:14.0695 4460	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:54:14.0741 4460	PlugPlay - ok
12:54:14.0951 4460	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:15.0013 4460	PNRPAutoReg - ok
12:54:15.0023 4460	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:15.0063 4460	PNRPsvc - ok
12:54:15.0311 4460	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:54:15.0422 4460	PolicyAgent - ok
12:54:15.0760 4460	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:54:15.0820 4460	PptpMiniport - ok
12:54:16.0005 4460	PRISM_USB       (d3f3b511e2ce1e385c68c9881ad5b867) C:\Windows\system32\DRIVERS\PRISMUSB.sys
12:54:16.0122 4460	PRISM_USB - ok
12:54:16.0280 4460	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
12:54:16.0315 4460	Processor - ok
12:54:16.0354 4460	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:54:16.0419 4460	ProfSvc - ok
12:54:16.0509 4460	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:54:16.0520 4460	ProtectedStorage - ok
12:54:16.0759 4460	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:54:16.0826 4460	PSched - ok
12:54:16.0889 4460	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:54:16.0906 4460	PxHelp20 - ok
12:54:17.0095 4460	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:54:17.0140 4460	ql2300 - ok
12:54:17.0231 4460	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:54:17.0243 4460	ql40xx - ok
12:54:17.0382 4460	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:54:17.0568 4460	QWAVE - ok
12:54:17.0629 4460	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:54:17.0682 4460	QWAVEdrv - ok
12:54:17.0703 4460	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:54:17.0759 4460	RasAcd - ok
12:54:17.0780 4460	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:54:17.0838 4460	RasAuto - ok
12:54:17.0935 4460	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:17.0968 4460	Rasl2tp - ok
12:54:18.0060 4460	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:54:18.0113 4460	RasMan - ok
12:54:18.0157 4460	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:18.0207 4460	RasPppoe - ok
12:54:18.0388 4460	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:54:18.0445 4460	RasSstp - ok
12:54:18.0490 4460	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:54:18.0526 4460	rdbss - ok
12:54:18.0549 4460	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:18.0590 4460	RDPCDD - ok
12:54:18.0623 4460	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:54:18.0662 4460	rdpdr - ok
12:54:18.0665 4460	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:54:18.0689 4460	RDPENCDD - ok
12:54:18.0754 4460	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:54:18.0809 4460	RDPWD - ok
12:54:18.0848 4460	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:54:18.0872 4460	RemoteAccess - ok
12:54:18.0932 4460	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:54:18.0972 4460	RemoteRegistry - ok
12:54:19.0196 4460	RichVideo       (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
12:54:19.0216 4460	RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:54:19.0216 4460	RichVideo - detected UnsignedFile.Multi.Generic (1)
12:54:19.0243 4460	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:54:19.0262 4460	RpcLocator - ok
12:54:19.0313 4460	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:54:19.0341 4460	RpcSs - ok
12:54:19.0373 4460	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:54:19.0410 4460	rspndr - ok
12:54:19.0581 4460	RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
12:54:19.0634 4460	RTHDMIAzAudService - ok
12:54:19.0731 4460	RTL8169         (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:54:19.0744 4460	RTL8169 - ok
12:54:19.0822 4460	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:54:19.0836 4460	SamSs - ok
12:54:19.0876 4460	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:54:19.0891 4460	sbp2port - ok
12:54:19.0967 4460	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:54:20.0016 4460	SCardSvr - ok
12:54:20.0083 4460	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:54:20.0145 4460	Schedule - ok
12:54:20.0175 4460	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:54:20.0191 4460	SCPolicySvc - ok
12:54:20.0340 4460	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:54:20.0364 4460	SDRSVC - ok
12:54:20.0389 4460	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:54:20.0452 4460	secdrv - ok
12:54:20.0517 4460	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:54:20.0563 4460	seclogon - ok
12:54:20.0580 4460	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:54:20.0613 4460	SENS - ok
12:54:20.0635 4460	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:54:20.0673 4460	Serenum - ok
12:54:20.0711 4460	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:54:20.0744 4460	Serial - ok
12:54:20.0809 4460	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:54:20.0832 4460	sermouse - ok
12:54:20.0945 4460	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:54:20.0987 4460	SessionEnv - ok
12:54:21.0009 4460	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:54:21.0038 4460	sffdisk - ok
12:54:21.0055 4460	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:54:21.0086 4460	sffp_mmc - ok
12:54:21.0123 4460	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:54:21.0163 4460	sffp_sd - ok
12:54:21.0195 4460	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:54:21.0243 4460	sfloppy - ok
12:54:21.0272 4460	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:54:21.0314 4460	SharedAccess - ok
12:54:21.0594 4460	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:54:21.0686 4460	ShellHWDetection - ok
12:54:21.0729 4460	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:54:21.0752 4460	sisagp - ok
12:54:21.0812 4460	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:54:21.0851 4460	SiSRaid2 - ok
12:54:21.0877 4460	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:54:21.0903 4460	SiSRaid4 - ok
12:54:22.0156 4460	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:54:22.0349 4460	slsvc - ok
12:54:22.0561 4460	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:54:22.0597 4460	SLUINotify - ok
12:54:22.0773 4460	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:54:22.0840 4460	Smb - ok
12:54:22.0917 4460	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:54:22.0942 4460	SNMPTRAP - ok
12:54:23.0035 4460	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:54:23.0047 4460	spldr - ok
12:54:23.0177 4460	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:54:23.0207 4460	Spooler - ok
12:54:23.0319 4460	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:54:23.0382 4460	srv - ok
12:54:23.0543 4460	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:54:23.0617 4460	srv2 - ok
12:54:23.0720 4460	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:54:23.0756 4460	srvnet - ok
12:54:23.0812 4460	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:54:23.0891 4460	SSDPSRV - ok
12:54:24.0008 4460	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:54:24.0024 4460	ssmdrv - ok
12:54:24.0059 4460	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:54:24.0082 4460	SstpSvc - ok
12:54:24.0192 4460	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:54:24.0247 4460	stisvc - ok
12:54:24.0346 4460	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:54:24.0367 4460	swenum - ok
12:54:24.0409 4460	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:54:24.0504 4460	swprv - ok
12:54:24.0558 4460	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:54:24.0570 4460	Symc8xx - ok
12:54:24.0611 4460	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:54:24.0630 4460	Sym_hi - ok
12:54:24.0671 4460	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:54:24.0690 4460	Sym_u3 - ok
12:54:24.0864 4460	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:54:24.0998 4460	SysMain - ok
12:54:25.0082 4460	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:54:25.0165 4460	TabletInputService - ok
12:54:25.0305 4460	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
12:54:25.0328 4460	taphss - ok
12:54:25.0375 4460	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:54:25.0434 4460	TapiSrv - ok
12:54:25.0447 4460	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:54:25.0488 4460	TBS - ok
12:54:25.0593 4460	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
12:54:25.0694 4460	Tcpip - ok
12:54:25.0719 4460	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
12:54:25.0791 4460	Tcpip6 - ok
12:54:25.0924 4460	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:54:26.0005 4460	tcpipreg - ok
12:54:26.0072 4460	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:54:26.0114 4460	TDPIPE - ok
12:54:26.0168 4460	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:54:26.0210 4460	TDTCP - ok
12:54:26.0356 4460	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:54:26.0428 4460	tdx - ok
12:54:26.0467 4460	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:54:26.0489 4460	TermDD - ok
12:54:26.0623 4460	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:54:26.0763 4460	TermService - ok
12:54:26.0817 4460	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:54:26.0843 4460	Themes - ok
12:54:26.0975 4460	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:54:27.0018 4460	THREADORDER - ok
12:54:27.0074 4460	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:54:27.0121 4460	TrkWks - ok
12:54:27.0261 4460	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:54:27.0299 4460	TrustedInstaller - ok
12:54:27.0358 4460	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:27.0381 4460	tssecsrv - ok
12:54:27.0401 4460	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:54:27.0437 4460	tunmp - ok
12:54:27.0465 4460	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:54:27.0477 4460	tunnel - ok
12:54:27.0516 4460	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:54:27.0528 4460	uagp35 - ok
12:54:27.0579 4460	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:54:27.0602 4460	udfs - ok
12:54:27.0641 4460	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:54:27.0676 4460	UI0Detect - ok
12:54:27.0791 4460	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:54:27.0814 4460	uliagpkx - ok
12:54:27.0961 4460	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:54:27.0989 4460	uliahci - ok
12:54:28.0014 4460	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:54:28.0036 4460	UlSata - ok
12:54:28.0054 4460	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:54:28.0077 4460	ulsata2 - ok
12:54:28.0100 4460	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:54:28.0124 4460	umbus - ok
12:54:28.0214 4460	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:54:28.0275 4460	upnphost - ok
12:54:28.0311 4460	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:54:28.0358 4460	usbaudio - ok
12:54:28.0406 4460	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:28.0441 4460	usbccgp - ok
12:54:28.0467 4460	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:54:28.0525 4460	usbcir - ok
12:54:28.0563 4460	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:54:28.0592 4460	usbehci - ok
12:54:28.0799 4460	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:54:28.0875 4460	usbhub - ok
12:54:28.0920 4460	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:54:29.0001 4460	usbohci - ok
12:54:29.0037 4460	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:54:29.0078 4460	usbprint - ok
12:54:29.0138 4460	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:54:29.0190 4460	usbscan - ok
12:54:29.0264 4460	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:29.0307 4460	USBSTOR - ok
12:54:29.0336 4460	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:54:29.0379 4460	usbuhci - ok
12:54:29.0490 4460	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:54:29.0526 4460	UxSms - ok
12:54:29.0677 4460	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:54:29.0757 4460	vds - ok
12:54:29.0782 4460	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:29.0838 4460	vga - ok
12:54:29.0935 4460	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:54:29.0977 4460	VgaSave - ok
12:54:30.0015 4460	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:54:30.0038 4460	viaagp - ok
12:54:30.0061 4460	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:54:30.0126 4460	ViaC7 - ok
12:54:30.0170 4460	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:54:30.0192 4460	viaide - ok
12:54:30.0317 4460	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:54:30.0339 4460	volmgr - ok
12:54:30.0510 4460	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:54:30.0619 4460	volmgrx - ok
12:54:30.0767 4460	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:54:30.0828 4460	volsnap - ok
12:54:30.0865 4460	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:54:30.0890 4460	vsmraid - ok
12:54:31.0396 4460	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:54:31.0557 4460	VSS - ok
12:54:31.0699 4460	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:54:31.0722 4460	W32Time - ok
12:54:31.0787 4460	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:54:31.0847 4460	WacomPen - ok
12:54:31.0864 4460	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:31.0882 4460	Wanarp - ok
12:54:31.0887 4460	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:31.0907 4460	Wanarpv6 - ok
12:54:32.0013 4460	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:54:32.0041 4460	wcncsvc - ok
12:54:32.0154 4460	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:54:32.0175 4460	WcsPlugInService - ok
12:54:32.0269 4460	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:54:32.0295 4460	Wd - ok
12:54:32.0383 4460	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:54:32.0473 4460	Wdf01000 - ok
12:54:32.0545 4460	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:32.0605 4460	WdiServiceHost - ok
12:54:32.0610 4460	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:32.0661 4460	WdiSystemHost - ok
12:54:32.0796 4460	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:54:32.0852 4460	WebClient - ok
12:54:32.0918 4460	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:54:32.0992 4460	Wecsvc - ok
12:54:33.0006 4460	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:54:33.0074 4460	wercplsupport - ok
12:54:33.0112 4460	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:54:33.0149 4460	WerSvc - ok
12:54:33.0341 4460	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:54:33.0356 4460	WinDefend - ok
12:54:33.0365 4460	WinHttpAutoProxySvc - ok
12:54:33.0530 4460	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:54:33.0563 4460	Winmgmt - ok
12:54:33.0968 4460	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:54:34.0103 4460	WinRM - ok
12:54:34.0209 4460	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:54:34.0281 4460	Wlansvc - ok
12:54:34.0337 4460	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
12:54:34.0374 4460	WmiAcpi - ok
12:54:34.0519 4460	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:54:34.0538 4460	wmiApSrv - ok
12:54:34.0773 4460	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:34.0862 4460	WMPNetworkSvc - ok
12:54:35.0046 4460	WN111v2         (bdd5c936c2c3ebf4ad3cc61cefdc5806) C:\Windows\system32\DRIVERS\WN111v2v.sys
12:54:35.0166 4460	WN111v2 - ok
12:54:35.0200 4460	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:54:35.0281 4460	WPCSvc - ok
12:54:35.0366 4460	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:54:35.0426 4460	WPDBusEnum - ok
12:54:35.0485 4460	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:54:35.0505 4460	WpdUsb - ok
12:54:36.0100 4460	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:54:36.0187 4460	WPFFontCache_v0400 - ok
12:54:36.0219 4460	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:54:36.0275 4460	ws2ifsl - ok
12:54:36.0349 4460	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:54:36.0387 4460	wscsvc - ok
12:54:36.0394 4460	WSearch - ok
12:54:36.0771 4460	WTGService      (62ebaacc7e419e85584e49658eef7b37) C:\Program Files\XSManager\WTGService.exe
12:54:36.0794 4460	WTGService - ok
12:54:37.0169 4460	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:54:37.0245 4460	wuauserv - ok
12:54:37.0479 4460	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:37.0568 4460	WUDFRd - ok
12:54:37.0713 4460	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:54:37.0781 4460	wudfsvc - ok
12:54:37.0823 4460	XS Stick Service (5bf0cdb3a02cbd9a2fcd98d38d8a8572) C:\Windows\service4g.exe
12:54:37.0842 4460	XS Stick Service - ok
12:54:38.0048 4460	YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:54:38.0075 4460	YahooAUService - ok
12:54:38.0138 4460	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:54:38.0824 4460	\Device\Harddisk0\DR0 - ok
12:54:38.0830 4460	Boot (0x1200)   (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0
12:54:38.0855 4460	\Device\Harddisk0\DR0\Partition0 - ok
12:54:38.0896 4460	Boot (0x1200)   (5c324b6b78203c724aad42907fead98b) \Device\Harddisk0\DR0\Partition1
12:54:38.0920 4460	\Device\Harddisk0\DR0\Partition1 - ok
12:54:38.0921 4460	============================================================
12:54:38.0921 4460	Scan finished
12:54:38.0921 4460	============================================================
12:54:38.0943 4552	Detected object count: 9
12:54:38.0943 4552	Actual detected object count: 9
12:58:48.0699 4552	DNIMp50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0699 4552	DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0703 4552	DNISp50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0703 4552	DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0705 4552	HotspotShieldService ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0705 4552	HotspotShieldService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0708 4552	HssSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0708 4552	HssSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0711 4552	HssTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0711 4552	HssTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0714 4552	jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0714 4552	jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0717 4552	LVPrcMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0717 4552	LVPrcMon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0719 4552	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0719 4552	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:48.0722 4552	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0722 4552	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

cdtueb · 20.07.2012, 08:10

Hier der nächste Log:

Code:

ATTFilter

ComboFix 12-07-19.02 - Susi 20.07.2012   8:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1995 [GMT 2:00]
ausgeführt von:: c:\users\Susi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Susi\TEMP_PRJ.TMP
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!atapi.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 06:53 . 2012-07-20 06:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-20 06:53 . 2012-07-20 06:53	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2012-07-20 06:53 . 2012-07-20 06:53	--------	d-----w-	c:\users\Andrea\AppData\Local\temp
2012-07-18 16:39 . 2012-07-18 16:54	--------	d-----w-	c:\users\Chris\AppData\Local\Deployment
2012-07-18 16:39 . 2012-07-18 16:39	--------	d-----w-	c:\users\Chris\AppData\Local\Apps
2012-07-16 15:27 . 2012-07-16 15:27	--------	d-----w-	C:\_OTL
2012-07-14 15:46 . 2012-07-14 15:46	--------	d-----w-	c:\program files\Tracker Software
2012-07-12 05:09 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 06:16 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:16 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 06:16 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 06:16 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:16 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 06:16 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-06 20:06 . 2012-07-06 20:06	--------	d-----w-	c:\program files\ESET
2012-07-06 12:10 . 2012-07-06 12:10	--------	d-----w-	c:\users\Susi\AppData\Roaming\Malwarebytes
2012-07-06 12:10 . 2012-07-06 12:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-06 12:10 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-24 10:02 . 2012-06-24 10:02	--------	d-----w-	c:\users\Susi\AppData\Local\Macromedia
2012-06-21 17:40 . 2012-06-21 17:40	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 17:40 . 2012-06-21 17:40	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 19:56 . 2012-06-01 20:18	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-11 19:56 . 2011-11-23 16:35	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2012-07-20 05:44	6891424	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5048709A-BF77-4022-BA52-A64A71CE7E60}\mpengine.dll	ERROR(0x00000005)
2012-06-29 08:44 . 2008-11-24 09:42	6891424	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2012-06-02 22:19 . 2012-06-19 06:34	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:34	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:33	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:33	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 06:34	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 06:34	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 06:33	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 06:33	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 06:33	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-01 14:45 . 2012-06-01 14:45	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-01 14:45 . 2011-09-20 05:43	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-10-03 16:15	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-24 21:18 . 2012-05-24 21:18	4472832	----a-w-	c:\windows\system32\GPhotos.scr
2012-05-09 06:15 . 2012-01-07 21:19	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 06:15 . 2012-01-07 21:19	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-01 14:03 . 2012-06-14 04:54	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 04:54	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 04:54	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 04:54	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-07-20 05:47 . 2011-08-24 09:22	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-17 14:22 . 2011-03-17 14:22	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-17 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"starter4g"="c:\windows\starter4g.exe" [2009-09-17 157968]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-06-27 220552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2009-3-25 1748992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:56]
.
2012-07-20 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-05-15 11:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Duden Korrektor SysTray - c:\program files\Duden\Duden Korrektor\DKTray.exe
HKLM-Run-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\XSManager\WTGService.exe
c:\windows\service4g.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-20  09:06:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-20 07:05
.
Vor Suchlauf: 9 Verzeichnis(se), 371.599.609.856 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 371.541.561.344 Bytes frei
.
- - End Of File - - D925AEC07BF48A30F2417C69B171B480

cosinus · 16.07.2012, 22:02

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

cosinus · 18.07.2012, 19:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

13.07.2012, 21:26	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	mystart.incredibar.com entfernen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> mystart.incredibar.com entfernen

mystart.incredibar.com entfernen

Plagegeister aller Art und deren Bekämpfung: mystart.incredibar.com entfernen