| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich Mystart / "Incredibar" Toolbar?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 13:08
| #1 |
 |  Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo! Auch ich habe mir die Incredibar-Toolbar von softonic eingefangen werde sie nicht mehr los. Ich habe sie in Firefox deaktiviert und via Systemsteuerung deinstalliert, aber alle Browser öffnen nach wie vor die Mystart-Seite. Ich weiß nun nicht mehr weiter und bin auch nicht sehr fit, was Computer betrifft. Zuerst hatte ich den CCleaner runtergeladen und ausgefführt, hat nichts gefunden. Habe mir dann Defogger runtergeladen und ausgeführt, hat aber scheinbar auch nicht funktioniert: defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:42 on 12/07/2012 (Jasmin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL habe ich trotzdem laufen lassen (angehängte Dateien) und mit Malwarebytes einen Quickscan durchgeführt, wurde aber nichts gefunden: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jasmin :: JASMIN-PC [Administrator] Schutz: Aktiviert 12.07.2012 13:37:28 mbam-log-2012-07-12 (13-37-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212754 Laufzeit: 2 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und: 2012/07/12 13:36:42 +0200 JASMIN-PC Jasmin MESSAGE Starting protection 2012/07/12 13:36:47 +0200 JASMIN-PC Jasmin MESSAGE Protection started successfully 2012/07/12 13:36:50 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection 2012/07/12 13:36:54 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully 2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Starting database refresh 2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Stopping IP protection 2012/07/12 13:39:08 +0200 JASMIN-PC Jasmin MESSAGE IP Protection stopped 2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Database refreshed successfully 2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection 2012/07/12 13:39:17 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully Stört Avira da vielleicht? Ich hoffe, das sind die richtigen Logfiles. Vielen Dank & Grüße, Jasmin |
|
14.07.2012, 16:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wie entferne ich Mystart / "Incredibar" Toolbar? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
15.07.2012, 19:15
| #3 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne!
__________________Hier die Log Dateien vom Scan mit malwarebytes, ich hoffe, das ist jetzt alles richtig so. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jasmin :: JASMIN-PC [Administrator] Schutz: Aktiviert 15.07.2012 13:23:04 mbam-log-2012-07-15 (13-23-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 570235 Laufzeit: 3 Stunde(n), 6 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=330248fca0ffed4693e348a80cf07328
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 05:53:54
# local_time=2012-07-15 07:53:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2355750 2355750 0 0
# compatibility_mode=5893 16776574 100 94 1785355 93993782 0 0
# compatibility_mode=8192 67108863 100 0 232 232 0 0
# scanned=366551
# found=0
# cleaned=0
# scan_time=10902
Jasmin |
|
15.07.2012, 20:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar?Code:
ATTFilter C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2012, 20:54
| #5 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Ja, das mit softonic kommt nie wieder vor - hinterher ist man schlauer  Log vom AdwCleaner Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/15/2012 at 21:49:57
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
Found : Web Assistant Updater
***** [Files / Folders] *****
Folder Found : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Program Files\Web Assistant
***** [Registry] *****
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15526");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15526");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15526");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Found : "name": "MyStart Search",
Found : "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Found : "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
*************************
AdwCleaner[R1].txt - [10015 octets] - [15/07/2012 21:49:57]
########## EOF - C:\AdwCleaner[R1].txt - [10144 octets] ##########
Jasmin |
|
16.07.2012, 10:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> Wie entferne ich Mystart / "Incredibar" Toolbar? |
|
16.07.2012, 15:38
| #7 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne, hier die Datei Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:32:18
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Web Assistant Updater
***** [Files / Folders] *****
Folder Deleted : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Program Files\Web Assistant
***** [Registry] *****
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26 --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js
C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15526");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15526");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15526");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Deleted : "name": "MyStart Search",
Deleted : "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Deleted : "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
*************************
AdwCleaner[R1].txt - [10106 octets] - [15/07/2012 21:49:57]
AdwCleaner[S1].txt - [9285 octets] - [16/07/2012 16:32:18]
########## EOF - C:\AdwCleaner[S1].txt - [9413 octets] ##########
Jasmin |
|
16.07.2012, 16:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar? Hätte da mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Toolbar bzw. Weiterleitung nun weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2012, 16:46
| #9 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne! 1.) Ja 2.) alles da 3.) Firefox und IE sind sauber, Chrome öffnet in neuen Tabs immer noch die Incredibar Liebe Grüße, Jasmin |
|
16.07.2012, 16:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2012, 22:27
| #11 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne, hier die neue OTL-Datei Code:
ATTFilter OTL logfile created on: 16.07.2012 22:51:17 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jasmin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,73% Memory free 7,79 Gb Paging File | 2,40 Gb Available in Paging File | 30,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 647,54 Gb Total Space | 382,98 Gb Free Space | 59,14% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 17,58 Gb Free Space | 35,16% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.03.27 23:24:08 | 007,535,616 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files (x86)\PHotkey\GPMTray.exe PRC - [2012.03.27 23:19:34 | 000,826,880 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.24 23:13:16 | 003,458,560 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.02.22 04:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.02.02 08:55:04 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe PRC - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe PRC - [2011.03.30 23:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.13 02:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe PRC - [2009.12.19 00:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe ========== Modules (No Company Name) ========== MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.29 16:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R) SRV:64bit: - [2012.03.29 16:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012.03.29 16:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2012.03.29 16:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2012.02.03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R) SRV:64bit: - [2012.01.18 01:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV:64bit: - [2012.01.09 21:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.19 18:43:22 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.12 18:10:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.31 00:43:34 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) Intel(R) SRV - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.01.31 11:24:02 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.10.13 23:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service) SRV - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.12 23:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.29 02:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.02.29 02:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R) DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) Intel(R) DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R) DRV:64bit: - [2012.02.14 21:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.02.10 04:54:50 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.11.30 20:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.11.30 20:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.14 05:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 01:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.09.11 23:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{2BA89279-9AC6-4258-A5AC-5C19D94CC8CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 10:23:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 10:46:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.18 10:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions [2012.07.10 18:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\k97kkewp.default\extensions [2012.06.18 10:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B46B66F-8E2A-45C3-A55C-3444AF55136F}: DhcpNameServer = 202.96.209.5 202.96.209.133 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.16 22:49:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe [2012.07.16 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Scanner & Cleaner [2012.07.15 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.15 16:47:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe [2012.07.14 01:18:59 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\WebApp [2012.07.14 01:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\CyberLink [2012.07.14 01:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\CyberLink [2012.07.14 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\OsX_SerialCloner2-1 Folder [2012.07.12 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes [2012.07.12 13:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.12 13:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 13:34:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.12 13:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.12 13:34:17 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.12 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Google [2012.07.10 17:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.05 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion [2012.07.05 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner [2012.07.05 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serial Cloner [2012.07.05 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serial Cloner [2012.07.04 12:07:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Desktop [2012.07.04 12:06:01 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Downloads [2012.07.04 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Virologie.Data [2012.07.04 12:03:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\bewerbungen [2012.07.04 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\dokumente [2012.07.04 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\briefe [2012.07.04 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Word Vorlagen [2012.07.04 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Sims [2012.07.04 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\RKI [2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.06.18 22:59:40 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\EndNote [2012.06.18 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Virologie.Data [2012.06.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Adobe [2012.06.18 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.06.18 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Winamp [2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2012.06.18 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\MA Virologie [2012.06.18 11:51:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Macromedia [2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird [2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Thunderbird [2012.06.18 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Games [2012.06.18 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\EndNote [2012.06.18 11:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd [2012.06.18 11:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft [2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote [2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote [2012.06.18 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X5 [2012.06.18 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers [2012.06.18 10:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.18 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.06.18 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.06.18 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.18 10:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.18 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Help [2012.06.18 10:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.06.18 10:42:08 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.06.18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Avira [2012.06.18 10:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.18 10:29:43 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.18 10:29:43 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.18 10:29:43 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Mozilla [2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Mozilla [2012.06.18 10:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.18 10:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.18 10:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.06.18 10:21:54 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Adobe [2012.06.18 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Youcam [2012.06.18 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\CyberLink [2012.06.18 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Google [2012.06.18 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Power2Go [2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Searches [2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.06.18 10:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Identities [2012.06.18 10:18:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Contacts [2012.06.18 10:18:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.18 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\VirtualStore [2012.06.18 10:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Intel [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Vorlagen [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Verlauf [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Temporary Internet Files [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Startmenü [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\SendTo [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Recent [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Netzwerkumgebung [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Lokale Einstellungen [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Videos [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Musik [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Eigene Dateien [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Bilder [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Druckumgebung [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Cookies [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Anwendungsdaten [2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Anwendungsdaten [2012.06.18 10:17:47 | 000,000,000 | --SD | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Videos [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Saved Games [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Pictures [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Music [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Links [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Favorites [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Downloads [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Documents [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop [2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.06.18 10:17:47 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\AppData [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Temp [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Roaming [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Macromedia [2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema [2012.06.18 10:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Rescue Disk 10 [2012.06.18 10:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo [2012.06.18 10:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo [2012.06.18 10:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo [2012.06.18 10:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek [2012.06.18 10:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2012.06.18 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT [2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion_Services [2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Aldi_Foto [2012.06.18 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics [2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-Bit) [2012.06.18 10:11:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2012.06.18 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2012.06.18 10:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.06.18 10:11:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5 [2012.06.18 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2012.06.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady [2012.06.18 10:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2012.06.18 10:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.06.18 10:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.06.18 10:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.06.18 10:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\watchmi [2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\watchmi [2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal [2012.06.18 10:07:12 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.06.18 10:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2012.06.18 10:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe [2012.07.16 22:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.16 22:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.16 18:26:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 16:40:47 | 000,694,664 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.07.16 16:40:47 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012.07.16 16:40:47 | 000,691,426 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.07.16 16:40:47 | 000,689,960 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012.07.16 16:40:47 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.07.16 16:40:47 | 000,679,576 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012.07.16 16:40:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.16 16:40:47 | 000,632,414 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2012.07.16 16:40:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.16 16:40:47 | 000,610,436 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2012.07.16 16:40:47 | 000,552,004 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012.07.16 16:40:47 | 000,148,544 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2012.07.16 16:40:47 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012.07.16 16:40:47 | 000,135,074 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012.07.16 16:40:47 | 000,133,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012.07.16 16:40:47 | 000,133,174 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.07.16 16:40:47 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.07.16 16:40:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.16 16:40:47 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.07.16 16:40:47 | 000,121,760 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2012.07.16 16:40:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.16 16:40:47 | 000,089,670 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012.07.16 16:40:46 | 008,573,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.16 16:39:07 | 000,012,652 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs [2012.07.16 16:34:06 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2012.07.16 16:34:01 | 3138,514,944 | -HS- | M] () -- C:\hiberfil.sys [2012.07.16 14:13:13 | 000,729,438 | ---- | M] () -- C:\Users\Jasmin\Documents\Virologie.enl [2012.07.15 21:49:16 | 000,624,883 | ---- | M] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe [2012.07.15 16:47:29 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe [2012.07.14 13:46:35 | 000,408,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 13:36:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 13:34:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.12 12:41:47 | 000,050,477 | ---- | M] () -- C:\Users\Jasmin\Desktop\Defogger.exe [2012.07.11 22:21:49 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.10 18:04:24 | 000,140,690 | ---- | M] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg [2012.07.10 17:50:33 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.05 21:55:12 | 000,000,447 | ---- | M] () -- C:\user.js [2012.07.05 21:54:50 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Serial Cloner.lnk [2012.07.04 12:21:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.06.18 16:09:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.06.18 10:50:42 | 000,002,723 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.06.18 10:46:27 | 000,002,703 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk [2012.06.18 10:46:27 | 000,002,697 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk [2012.06.18 10:46:27 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.06.18 10:23:35 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.17 15:47:37 | 000,213,216 | ---- | M] () -- C:\Users\Jasmin\Desktop\Virologie.enl [1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 21:49:15 | 000,624,883 | ---- | C] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe [2012.07.12 13:34:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 12:41:45 | 000,050,477 | ---- | C] () -- C:\Users\Jasmin\Desktop\Defogger.exe [2012.07.10 18:04:14 | 000,140,690 | ---- | C] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg [2012.07.10 17:50:33 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.05 22:05:48 | 000,012,652 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs [2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js [2012.07.05 21:54:50 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Serial Cloner.lnk [2012.07.04 12:21:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.04 12:03:53 | 000,213,216 | ---- | C] () -- C:\Users\Jasmin\Desktop\Virologie.enl [2012.06.18 22:26:46 | 000,729,438 | ---- | C] () -- C:\Users\Jasmin\Documents\Virologie.enl [2012.06.18 18:58:56 | 3138,514,944 | -HS- | C] () -- C:\hiberfil.sys [2012.06.18 16:09:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.06.18 11:50:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.18 10:50:42 | 000,002,723 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.06.18 10:46:27 | 000,002,703 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk [2012.06.18 10:46:27 | 000,002,697 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk [2012.06.18 10:46:27 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.06.18 10:46:27 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.06.18 10:23:35 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.18 10:23:35 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.18 10:18:31 | 000,001,409 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.06.18 10:18:26 | 000,001,443 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.18 10:12:02 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONmediathek.lnk [2012.06.18 10:12:02 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONplay.lnk [2012.06.18 10:09:55 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012.06.18 10:09:45 | 000,002,678 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.18 10:09:37 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 10:09:36 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 10:09:22 | 000,002,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012.04.11 09:57:27 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.04.11 09:57:25 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.04.11 09:57:23 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.04.11 09:57:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.04.11 09:57:20 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== LOP Check ========== [2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote [2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner [2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird [2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp [2009.07.14 07:08:49 | 000,022,712 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.18 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Adobe [2012.06.18 10:35:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Avira [2012.07.14 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\CyberLink [2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote [2012.07.12 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Google [2012.06.18 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Identities [2012.06.18 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Intel [2012.03.14 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Macromedia [2012.07.12 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes [2011.04.12 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs [2012.07.04 15:11:05 | 000,000,000 | --SD | M] -- C:\Users\Jasmin\AppData\Roaming\Microsoft [2012.06.18 10:23:50 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mozilla [2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner [2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird [2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp [2012.07.16 16:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2012.03.14 23:50:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jasmin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.03.13 08:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Jasmin |
|
17.07.2012, 13:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
[2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 13:54
| #13 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne! Hier die Datei Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins folder moved successfully.
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\user.js moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jasmin
->Temp folder emptied: 4876730 bytes
->Temporary Internet Files folder emptied: 7196455 bytes
->FireFox cache emptied: 117533406 bytes
->Google Chrome cache emptied: 7015808 bytes
->Flash cache emptied: 58330 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 465438 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 107260766 bytes
Total Files Cleaned = 233,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jasmin
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_144753
Files\Folders moved on Reboot...
C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.17 14:49:50 | 000,000,081 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5
Registry entries deleted on Reboot...
Jasmin |
|
18.07.2012, 13:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Mystart / "Incredibar" Toolbar? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2012, 14:07
| #15 |
| | Wie entferne ich Mystart / "Incredibar" Toolbar? Hallo Arne, hier das Log Code:
ATTFilter 15:02:16.0674 4272 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:02:16.0924 4272 ============================================================
15:02:16.0934 4272 Current date / time: 2012/07/18 15:02:16.0924
15:02:16.0934 4272 SystemInfo:
15:02:16.0934 4272
15:02:16.0934 4272 OS Version: 6.1.7601 ServicePack: 1.0
15:02:16.0934 4272 Product type: Workstation
15:02:16.0934 4272 ComputerName: JASMIN-PC
15:02:16.0934 4272 UserName: Jasmin
15:02:16.0934 4272 Windows directory: C:\Windows
15:02:16.0934 4272 System windows directory: C:\Windows
15:02:16.0934 4272 Running under WOW64
15:02:16.0934 4272 Processor architecture: Intel x64
15:02:16.0934 4272 Number of processors: 4
15:02:16.0934 4272 Page size: 0x1000
15:02:16.0934 4272 Boot type: Normal boot
15:02:16.0934 4272 ============================================================
15:02:19.0904 4272 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0904 4272 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0914 4272 ============================================================
15:02:19.0914 4272 \Device\Harddisk0\DR0:
15:02:19.0914 4272 MBR partitions:
15:02:19.0914 4272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:19.0914 4272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F13000
15:02:19.0914 4272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50F45800, BlocksNum 0x6400000
15:02:19.0914 4272 \Device\Harddisk1\DR1:
15:02:19.0914 4272 MBR partitions:
15:02:19.0914 4272 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:02:19.0914 4272 ============================================================
15:02:19.0944 4272 C: <-> \Device\Harddisk0\DR0\Partition1
15:02:19.0984 4272 D: <-> \Device\Harddisk0\DR0\Partition2
15:02:20.0024 4272 F: <-> \Device\Harddisk1\DR1\Partition0
15:02:20.0024 4272 ============================================================
15:02:20.0024 4272 Initialize success
15:02:20.0024 4272 ============================================================
15:03:49.0704 7808 ============================================================
15:03:49.0704 7808 Scan started
15:03:49.0704 7808 Mode: Manual; SigCheck; TDLFS;
15:03:49.0704 7808 ============================================================
15:03:51.0174 7808 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:51.0334 7808 1394ohci - ok
15:03:51.0414 7808 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:51.0454 7808 ACPI - ok
15:03:51.0494 7808 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:51.0574 7808 AcpiPmi - ok
15:03:51.0654 7808 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:51.0674 7808 AdobeARMservice - ok
15:03:51.0814 7808 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:51.0844 7808 AdobeFlashPlayerUpdateSvc - ok
15:03:51.0934 7808 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:03:51.0984 7808 adp94xx - ok
15:03:52.0064 7808 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:03:52.0104 7808 adpahci - ok
15:03:52.0134 7808 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:03:52.0164 7808 adpu320 - ok
15:03:52.0194 7808 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:52.0374 7808 AeLookupSvc - ok
15:03:52.0444 7808 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:52.0524 7808 AFD - ok
15:03:52.0584 7808 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:52.0614 7808 agp440 - ok
15:03:52.0644 7808 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:52.0714 7808 ALG - ok
15:03:52.0754 7808 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:52.0784 7808 aliide - ok
15:03:52.0794 7808 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:52.0824 7808 amdide - ok
15:03:52.0864 7808 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:03:52.0904 7808 AmdK8 - ok
15:03:52.0924 7808 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:03:52.0964 7808 AmdPPM - ok
15:03:53.0004 7808 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:03:53.0034 7808 amdsata - ok
15:03:53.0084 7808 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:03:53.0124 7808 amdsbs - ok
15:03:53.0124 7808 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:03:53.0154 7808 amdxata - ok
15:03:53.0214 7808 AMPPAL (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\AMPPAL.sys
15:03:53.0264 7808 AMPPAL - ok
15:03:53.0274 7808 AMPPALP (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\amppal.sys
15:03:53.0304 7808 AMPPALP - ok
15:03:53.0434 7808 AMPPALR3 (fb70f8c1283c8cc6bfaa6f9971107e68) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:03:53.0494 7808 AMPPALR3 - ok
15:03:53.0684 7808 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:53.0724 7808 AntiVirSchedulerService - ok
15:03:53.0774 7808 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:53.0804 7808 AntiVirService - ok
15:03:53.0874 7808 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:54.0044 7808 AppID - ok
15:03:54.0084 7808 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:54.0194 7808 AppIDSvc - ok
15:03:54.0214 7808 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:54.0314 7808 Appinfo - ok
15:03:54.0354 7808 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:03:54.0384 7808 arc - ok
15:03:54.0404 7808 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:03:54.0434 7808 arcsas - ok
15:03:54.0484 7808 ASLDRService (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
15:03:54.0504 7808 ASLDRService - ok
15:03:54.0544 7808 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:54.0644 7808 AsyncMac - ok
15:03:54.0674 7808 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:54.0704 7808 atapi - ok
15:03:54.0794 7808 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:54.0914 7808 AudioEndpointBuilder - ok
15:03:54.0934 7808 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:55.0044 7808 AudioSrv - ok
15:03:55.0094 7808 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:03:55.0114 7808 avgntflt - ok
15:03:55.0164 7808 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:03:55.0194 7808 avipbb - ok
15:03:55.0224 7808 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:03:55.0244 7808 avkmgr - ok
15:03:55.0294 7808 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:55.0384 7808 AxInstSV - ok
15:03:55.0474 7808 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:03:55.0544 7808 b06bdrv - ok
15:03:55.0624 7808 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:55.0674 7808 b57nd60a - ok
15:03:55.0724 7808 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:55.0774 7808 BDESVC - ok
15:03:55.0794 7808 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:55.0914 7808 Beep - ok
15:03:56.0004 7808 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:56.0134 7808 BFE - ok
15:03:56.0244 7808 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:03:56.0414 7808 BITS - ok
15:03:56.0484 7808 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:03:56.0534 7808 blbdrive - ok
15:03:56.0674 7808 Bluetooth Device Monitor (a52ea1d8c2900055323c93ddb252a3da) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:03:56.0744 7808 Bluetooth Device Monitor - ok
15:03:56.0854 7808 Bluetooth Media Service (091210450ca7ced08f360d9d7fec5d11) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:03:56.0934 7808 Bluetooth Media Service - ok
15:03:57.0054 7808 Bluetooth OBEX Service (392450754e17ff778cbc5b9d20583ad1) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:03:57.0124 7808 Bluetooth OBEX Service - ok
15:03:57.0274 7808 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:03:57.0314 7808 bowser - ok
15:03:57.0354 7808 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:03:57.0404 7808 BrFiltLo - ok
15:03:57.0424 7808 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:03:57.0474 7808 BrFiltUp - ok
15:03:57.0504 7808 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:57.0614 7808 Browser - ok
15:03:57.0674 7808 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:57.0734 7808 Brserid - ok
15:03:57.0764 7808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:57.0804 7808 BrSerWdm - ok
15:03:57.0824 7808 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:57.0874 7808 BrUsbMdm - ok
15:03:57.0894 7808 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:57.0934 7808 BrUsbSer - ok
15:03:57.0974 7808 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:03:58.0084 7808 BthEnum - ok
15:03:58.0134 7808 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:03:58.0184 7808 BTHMODEM - ok
15:03:58.0224 7808 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:03:58.0284 7808 BthPan - ok
15:03:58.0364 7808 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:03:58.0414 7808 BTHPORT - ok
15:03:58.0464 7808 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:58.0554 7808 bthserv - ok
15:03:58.0634 7808 BTHSSecurityMgr (fa2d081709a764f6bee16b7ffe03e36c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:03:58.0654 7808 BTHSSecurityMgr - ok
15:03:58.0684 7808 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:03:58.0734 7808 BTHUSB - ok
15:03:58.0784 7808 btmaux (988cc6cc49303665d3b2435c51505c3f) C:\Windows\system32\DRIVERS\btmaux.sys
15:03:58.0884 7808 btmaux - ok
15:03:58.0964 7808 btmhsf (2b4b508afac2a563931af1fe875a5b16) C:\Windows\system32\DRIVERS\btmhsf.sys
15:03:59.0034 7808 btmhsf - ok
15:03:59.0074 7808 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:59.0184 7808 cdfs - ok
15:03:59.0244 7808 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:59.0274 7808 cdrom - ok
15:03:59.0334 7808 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:59.0444 7808 CertPropSvc - ok
15:03:59.0504 7808 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:03:59.0544 7808 circlass - ok
15:03:59.0604 7808 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:59.0644 7808 CLFS - ok
15:03:59.0694 7808 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:59.0724 7808 clr_optimization_v2.0.50727_32 - ok
15:03:59.0804 7808 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:59.0824 7808 clr_optimization_v2.0.50727_64 - ok
15:03:59.0894 7808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:59.0924 7808 clr_optimization_v4.0.30319_32 - ok
15:03:59.0954 7808 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:59.0984 7808 clr_optimization_v4.0.30319_64 - ok
15:04:00.0024 7808 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
15:04:00.0044 7808 clwvd - ok
15:04:00.0074 7808 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:04:00.0114 7808 CmBatt - ok
15:04:00.0144 7808 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:04:00.0174 7808 cmdide - ok
15:04:00.0254 7808 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:04:00.0334 7808 CNG - ok
15:04:00.0374 7808 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:04:00.0404 7808 Compbatt - ok
15:04:00.0444 7808 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:04:00.0504 7808 CompositeBus - ok
15:04:00.0514 7808 COMSysApp - ok
15:04:00.0634 7808 cphs (236172c3a418b9a0f26b416a72f5a556) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:04:00.0674 7808 cphs - ok
15:04:00.0704 7808 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:04:00.0734 7808 crcdisk - ok
15:04:00.0804 7808 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:04:00.0864 7808 CryptSvc - ok
15:04:00.0944 7808 CyberLink PowerDVD 10 MS Monitor Service (7f5cd87ca5bdb4d83f992d8c77201483) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
15:04:00.0964 7808 CyberLink PowerDVD 10 MS Monitor Service - ok
15:04:01.0024 7808 CyberLink PowerDVD 10 MS Service (9faf58e876a3b1db3030a0a5805f2d86) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
15:04:01.0054 7808 CyberLink PowerDVD 10 MS Service - ok
15:04:01.0144 7808 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:01.0274 7808 DcomLaunch - ok
15:04:01.0324 7808 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:04:01.0434 7808 defragsvc - ok
15:04:01.0494 7808 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:04:01.0584 7808 DfsC - ok
15:04:01.0654 7808 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:04:01.0774 7808 Dhcp - ok
15:04:01.0794 7808 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:04:01.0904 7808 discache - ok
15:04:01.0954 7808 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:04:01.0984 7808 Disk - ok
15:04:02.0014 7808 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:04:02.0074 7808 Dnscache - ok
15:04:02.0124 7808 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:04:02.0234 7808 dot3svc - ok
15:04:02.0254 7808 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:04:02.0354 7808 DPS - ok
15:04:02.0394 7808 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:04:02.0434 7808 drmkaud - ok
15:04:02.0534 7808 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:04:02.0604 7808 DXGKrnl - ok
15:04:02.0654 7808 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:04:02.0764 7808 EapHost - ok
15:04:03.0004 7808 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:04:03.0174 7808 ebdrv - ok
15:04:03.0274 7808 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:04:03.0334 7808 EFS - ok
15:04:03.0424 7808 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:04:03.0514 7808 ehRecvr - ok
15:04:03.0534 7808 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:04:03.0614 7808 ehSched - ok
15:04:03.0804 7808 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:04:03.0854 7808 elxstor - ok
15:04:03.0884 7808 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:04:03.0904 7808 ErrDev - ok
15:04:03.0974 7808 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:04:04.0094 7808 EventSystem - ok
15:04:04.0244 7808 EvtEng (52ae29a233832e0c704fd7fc534af9fb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:04:04.0294 7808 EvtEng - ok
15:04:04.0344 7808 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:04:04.0444 7808 exfat - ok
15:04:04.0484 7808 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:04:04.0594 7808 fastfat - ok
15:04:04.0684 7808 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:04:04.0784 7808 Fax - ok
15:04:04.0814 7808 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:04:04.0864 7808 fdc - ok
15:04:04.0904 7808 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:04:05.0004 7808 fdPHost - ok
15:04:05.0024 7808 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:04:05.0124 7808 FDResPub - ok
15:04:05.0164 7808 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:04:05.0194 7808 FileInfo - ok
15:04:05.0204 7808 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:04:05.0294 7808 Filetrace - ok
15:04:05.0324 7808 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:04:05.0364 7808 flpydisk - ok
15:04:05.0384 7808 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:04:05.0424 7808 FltMgr - ok
15:04:05.0534 7808 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:04:05.0624 7808 FontCache - ok
15:04:05.0694 7808 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:05.0714 7808 FontCache3.0.0.0 - ok
15:04:05.0774 7808 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:04:05.0804 7808 FsDepends - ok
15:04:05.0824 7808 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:04:05.0854 7808 Fs_Rec - ok
15:04:05.0884 7808 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:04:05.0934 7808 fvevol - ok
15:04:05.0964 7808 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:04:05.0994 7808 gagp30kx - ok
15:04:06.0044 7808 GFNEXSrv (4e1d0a246e10cfddbf856432418de404) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
15:04:06.0064 7808 GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
15:04:06.0064 7808 GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
15:04:06.0134 7808 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:04:06.0254 7808 gpsvc - ok
15:04:06.0314 7808 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0344 7808 gupdate - ok
15:04:06.0364 7808 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0394 7808 gupdatem - ok
15:04:06.0434 7808 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:06.0464 7808 gusvc - ok
15:04:06.0514 7808 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:04:06.0584 7808 hcw85cir - ok
15:04:06.0654 7808 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:04:06.0704 7808 HdAudAddService - ok
15:04:06.0754 7808 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:04:06.0804 7808 HDAudBus - ok
15:04:06.0834 7808 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:04:06.0874 7808 HidBatt - ok
15:04:06.0924 7808 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:04:06.0974 7808 HidBth - ok
15:04:07.0014 7808 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:04:07.0054 7808 HidIr - ok
15:04:07.0074 7808 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:04:07.0174 7808 hidserv - ok
15:04:07.0224 7808 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:04:07.0244 7808 HidUsb - ok
15:04:07.0294 7808 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:04:07.0394 7808 hkmsvc - ok
15:04:07.0424 7808 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:04:07.0504 7808 HomeGroupListener - ok
15:04:07.0544 7808 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:04:07.0604 7808 HomeGroupProvider - ok
15:04:07.0644 7808 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:04:07.0674 7808 HpSAMD - ok
15:04:07.0774 7808 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:04:07.0894 7808 HTTP - ok
15:04:07.0904 7808 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:04:07.0924 7808 hwpolicy - ok
15:04:07.0974 7808 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:04:08.0004 7808 i8042prt - ok
15:04:08.0084 7808 iaStor (c224331a54571c8c9162f7714400bbbd) C:\Windows\system32\drivers\iaStor.sys
15:04:08.0134 7808 iaStor - ok
15:04:08.0204 7808 IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:04:08.0224 7808 IAStorDataMgrSvc - ok
15:04:08.0304 7808 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:04:08.0344 7808 iaStorV - ok
15:04:08.0364 7808 ibtfltcoex (60cc7ae9aedb4d1e7923bd053b176d97) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:04:08.0404 7808 ibtfltcoex - ok
15:04:08.0594 7808 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:08.0664 7808 idsvc - ok
15:04:09.0624 7808 igfx (3fb253e8059a1aac3a8b83a31d094cc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:10.0284 7808 igfx - ok
15:04:10.0414 7808 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:04:10.0444 7808 iirsp - ok
15:04:10.0524 7808 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:04:10.0654 7808 IKEEXT - ok
15:04:10.0704 7808 intaud_WaveExtensible (a387d6de360c3b2284b23000b212910a) C:\Windows\system32\drivers\intelaud.sys
15:04:10.0724 7808 intaud_WaveExtensible - ok
15:04:11.0084 7808 IntcAzAudAddService (059dddedbe5701dc3b779d32798108ac) C:\Windows\system32\drivers\RTKVHD64.sys
15:04:11.0324 7808 IntcAzAudAddService - ok
15:04:11.0494 7808 IntcDAud (6c9fffeca9fed31347d211c5d1ffbd2d) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:04:11.0554 7808 IntcDAud - ok
15:04:11.0674 7808 Intel(R) Capability Licensing Service Interface (832ce330dd987227b7dea8c03f22aefa) C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:04:11.0724 7808 Intel(R) Capability Licensing Service Interface - ok
15:04:11.0744 7808 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:04:11.0774 7808 intelide - ok
15:04:11.0824 7808 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:04:11.0854 7808 intelppm - ok
15:04:11.0894 7808 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:04:12.0004 7808 IPBusEnum - ok
15:04:12.0044 7808 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:12.0144 7808 IpFilterDriver - ok
15:04:12.0224 7808 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:04:12.0344 7808 iphlpsvc - ok
15:04:12.0384 7808 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:04:12.0434 7808 IPMIDRV - ok
15:04:12.0474 7808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:04:12.0574 7808 IPNAT - ok
15:04:12.0594 7808 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:04:12.0654 7808 IRENUM - ok
15:04:12.0694 7808 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:04:12.0714 7808 isapnp - ok
15:04:12.0764 7808 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:04:12.0804 7808 iScsiPrt - ok
15:04:12.0844 7808 iusb3hcs (846354992ebb373f452eb9182d501b08) C:\Windows\system32\drivers\iusb3hcs.sys
15:04:12.0864 7808 iusb3hcs - ok
15:04:12.0934 7808 iusb3hub (1d88a23853387d34d52cc8f9ddbfc56c) C:\Windows\system32\drivers\iusb3hub.sys
15:04:12.0964 7808 iusb3hub - ok
15:04:13.0054 7808 iusb3xhc (fc5efd7c797df19dfb999f0605a7924e) C:\Windows\system32\drivers\iusb3xhc.sys
15:04:13.0104 7808 iusb3xhc - ok
15:04:13.0154 7808 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
15:04:13.0184 7808 iwdbus - ok
15:04:13.0254 7808 jhi_service (13e838ea8652f8451f29301d3b56b17b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:04:13.0284 7808 jhi_service - ok
15:04:13.0334 7808 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:04:13.0354 7808 kbdclass - ok
15:04:13.0404 7808 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:04:13.0444 7808 kbdhid - ok
15:04:13.0484 7808 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:13.0514 7808 KeyIso - ok
15:04:13.0594 7808 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:04:13.0634 7808 KSecDD - ok
15:04:13.0674 7808 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:04:13.0714 7808 KSecPkg - ok
15:04:13.0754 7808 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:04:13.0854 7808 ksthunk - ok
15:04:13.0924 7808 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:04:14.0034 7808 KtmRm - ok
15:04:14.0094 7808 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:04:14.0204 7808 LanmanServer - ok
15:04:14.0234 7808 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:04:14.0334 7808 LanmanWorkstation - ok
15:04:14.0394 7808 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:04:14.0484 7808 lltdio - ok
15:04:14.0544 7808 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:04:14.0654 7808 lltdsvc - ok
15:04:14.0684 7808 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:04:14.0774 7808 lmhosts - ok
15:04:14.0874 7808 LMS (bd9457699ac9c1a0fe43398043617279) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:04:14.0904 7808 LMS - ok
15:04:14.0954 7808 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:04:14.0984 7808 LSI_FC - ok
15:04:15.0014 7808 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:04:15.0044 7808 LSI_SAS - ok
15:04:15.0074 7808 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:04:15.0104 7808 LSI_SAS2 - ok
15:04:15.0154 7808 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:04:15.0184 7808 LSI_SCSI - ok
15:04:15.0234 7808 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:04:15.0334 7808 luafv - ok
15:04:15.0384 7808 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:04:15.0404 7808 MBAMProtector - ok
15:04:15.0604 7808 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:04:15.0664 7808 MBAMService - ok
15:04:15.0694 7808 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:04:15.0744 7808 Mcx2Svc - ok
15:04:15.0774 7808 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:04:15.0804 7808 megasas - ok
15:04:15.0874 7808 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:04:15.0914 7808 MegaSR - ok
15:04:15.0964 7808 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\drivers\HECIx64.sys
15:04:15.0984 7808 MEIx64 - ok
15:04:16.0024 7808 MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
15:04:16.0044 7808 MemeoBackgroundService - ok
15:04:16.0074 7808 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:16.0184 7808 MMCSS - ok
15:04:16.0234 7808 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:04:16.0324 7808 Modem - ok
15:04:16.0354 7808 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:04:16.0384 7808 monitor - ok
15:04:16.0434 7808 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:04:16.0464 7808 mouclass - ok
15:04:16.0514 7808 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:04:16.0554 7808 mouhid - ok
15:04:16.0614 7808 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:04:16.0634 7808 mountmgr - ok
15:04:16.0694 7808 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:16.0724 7808 MozillaMaintenance - ok
15:04:16.0754 7808 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:04:16.0794 7808 mpio - ok
15:04:16.0834 7808 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:04:16.0934 7808 mpsdrv - ok
15:04:17.0024 7808 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:04:17.0154 7808 MpsSvc - ok
15:04:17.0184 7808 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:04:17.0234 7808 MRxDAV - ok
15:04:17.0264 7808 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:17.0324 7808 mrxsmb - ok
15:04:17.0374 7808 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:17.0414 7808 mrxsmb10 - ok
15:04:17.0434 7808 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:17.0474 7808 mrxsmb20 - ok
15:04:17.0504 7808 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:04:17.0534 7808 msahci - ok
15:04:17.0574 7808 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:04:17.0604 7808 msdsm - ok
15:04:17.0644 7808 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:04:17.0684 7808 MSDTC - ok
15:04:17.0724 7808 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:04:17.0804 7808 Msfs - ok
15:04:17.0844 7808 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:04:17.0944 7808 mshidkmdf - ok
15:04:17.0974 7808 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:04:17.0994 7808 msisadrv - ok
15:04:18.0034 7808 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:04:18.0144 7808 MSiSCSI - ok
15:04:18.0144 7808 msiserver - ok
15:04:18.0184 7808 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:04:18.0294 7808 MSKSSRV - ok
15:04:18.0304 7808 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:18.0404 7808 MSPCLOCK - ok
15:04:18.0434 7808 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:04:18.0524 7808 MSPQM - ok
15:04:18.0584 7808 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:04:18.0624 7808 MsRPC - ok
15:04:18.0654 7808 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:04:18.0684 7808 mssmbios - ok
15:04:18.0704 7808 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:04:18.0824 7808 MSTEE - ok
15:04:18.0854 7808 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:04:18.0894 7808 MTConfig - ok
15:04:18.0914 7808 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:04:18.0944 7808 Mup - ok
15:04:19.0074 7808 MyWiFiDHCPDNS (4d02a9a4aae43280d8631f232aad79bc) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:04:19.0104 7808 MyWiFiDHCPDNS - ok
15:04:19.0174 7808 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:04:19.0284 7808 napagent - ok
15:04:19.0354 7808 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:04:19.0424 7808 NativeWifiP - ok
15:04:19.0534 7808 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:04:19.0594 7808 NDIS - ok
15:04:19.0644 7808 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:19.0744 7808 NdisCap - ok
15:04:19.0784 7808 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:19.0874 7808 NdisTapi - ok
15:04:19.0894 7808 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:19.0994 7808 Ndisuio - ok
15:04:20.0024 7808 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:20.0134 7808 NdisWan - ok
15:04:20.0154 7808 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:04:20.0254 7808 NDProxy - ok
15:04:20.0294 7808 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:04:20.0394 7808 NetBIOS - ok
15:04:20.0434 7808 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:04:20.0544 7808 NetBT - ok
15:04:20.0584 7808 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:20.0614 7808 Netlogon - ok
15:04:20.0664 7808 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:04:20.0794 7808 Netman - ok
15:04:20.0834 7808 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:04:20.0954 7808 netprofm - ok
15:04:21.0054 7808 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:21.0084 7808 NetTcpPortSharing - ok
15:04:21.0824 7808 NETwNs64 (262225f08b891fd7f16b3b93a3177c1f) C:\Windows\system32\DRIVERS\Netwsw00.sys
15:04:22.0364 7808 NETwNs64 - ok
15:04:22.0514 7808 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:04:22.0544 7808 nfrd960 - ok
15:04:22.0604 7808 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:04:22.0714 7808 NlaSvc - ok
15:04:22.0754 7808 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:04:22.0844 7808 Npfs - ok
15:04:22.0854 7808 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:04:22.0964 7808 nsi - ok
15:04:22.0974 7808 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:04:23.0064 7808 nsiproxy - ok
15:04:23.0214 7808 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:04:23.0314 7808 Ntfs - ok
15:04:23.0414 7808 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:04:23.0514 7808 Null - ok
15:04:23.0684 7808 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:04:23.0724 7808 NVENETFD - ok
15:04:24.0494 7808 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:04:25.0074 7808 nvlddmkm - ok
15:04:25.0244 7808 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:04:25.0274 7808 nvraid - ok
15:04:25.0324 7808 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:04:25.0354 7808 nvstor - ok
15:04:25.0404 7808 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:04:25.0444 7808 nv_agp - ok
15:04:25.0564 7808 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:25.0594 7808 odserv - ok
15:04:25.0644 7808 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:04:25.0684 7808 ohci1394 - ok
15:04:25.0734 7808 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:25.0764 7808 ose - ok
15:04:25.0814 7808 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:25.0874 7808 p2pimsvc - ok
15:04:25.0924 7808 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:04:25.0984 7808 p2psvc - ok
15:04:26.0024 7808 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:04:26.0064 7808 Parport - ok
15:04:26.0094 7808 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:04:26.0124 7808 partmgr - ok
15:04:26.0174 7808 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:04:26.0234 7808 PcaSvc - ok
15:04:26.0274 7808 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:04:26.0304 7808 pci - ok
15:04:26.0324 7808 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:04:26.0354 7808 pciide - ok
15:04:26.0384 7808 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:04:26.0424 7808 pcmcia - ok
15:04:26.0444 7808 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:04:26.0474 7808 pcw - ok
15:04:26.0524 7808 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:04:26.0634 7808 PEAUTH - ok
15:04:26.0684 7808 PEGAGFN (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
15:04:26.0704 7808 PEGAGFN - ok
15:04:26.0784 7808 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:04:26.0814 7808 PerfHost - ok
15:04:26.0984 7808 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:04:27.0134 7808 pla - ok
15:04:27.0184 7808 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:04:27.0254 7808 PlugPlay - ok
15:04:27.0284 7808 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:04:27.0314 7808 PNRPAutoReg - ok
15:04:27.0354 7808 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:27.0384 7808 PNRPsvc - ok
15:04:27.0454 7808 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:04:27.0574 7808 PolicyAgent - ok
15:04:27.0634 7808 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:04:27.0754 7808 Power - ok
15:04:27.0856 7808 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:04:27.0966 7808 PptpMiniport - ok
15:04:28.0006 7808 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:04:28.0046 7808 Processor - ok
15:04:28.0096 7808 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:04:28.0156 7808 ProfSvc - ok
15:04:28.0176 7808 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:28.0196 7808 ProtectedStorage - ok
15:04:28.0236 7808 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:04:28.0316 7808 Psched - ok
15:04:28.0396 7808 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:04:28.0416 7808 PSI_SVC_2 - ok
15:04:28.0606 7808 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:04:28.0696 7808 ql2300 - ok
15:04:28.0846 7808 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:04:28.0876 7808 ql40xx - ok
15:04:28.0926 7808 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:04:28.0976 7808 QWAVE - ok
15:04:28.0996 7808 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:04:29.0046 7808 QWAVEdrv - ok
15:04:29.0066 7808 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:04:29.0156 7808 RasAcd - ok
15:04:29.0186 7808 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:29.0296 7808 RasAgileVpn - ok
15:04:29.0326 7808 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:04:29.0436 7808 RasAuto - ok
15:04:29.0486 7808 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:29.0586 7808 Rasl2tp - ok
15:04:29.0636 7808 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:04:29.0756 7808 RasMan - ok
15:04:29.0796 7808 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:29.0896 7808 RasPppoe - ok
15:04:29.0926 7808 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:04:30.0036 7808 RasSstp - ok
15:04:30.0066 7808 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:04:30.0166 7808 rdbss - ok
15:04:30.0196 7808 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:04:30.0236 7808 rdpbus - ok
15:04:30.0266 7808 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:30.0366 7808 RDPCDD - ok
15:04:30.0376 7808 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:04:30.0476 7808 RDPENCDD - ok
15:04:30.0496 7808 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:04:30.0606 7808 RDPREFMP - ok
15:04:30.0656 7808 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:04:30.0716 7808 RDPWD - ok
15:04:30.0776 7808 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:04:30.0806 7808 rdyboost - ok
15:04:30.0896 7808 RegSrvc (c480d028012881e0136962a49379688d) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:04:30.0916 7808 RegSrvc - ok
15:04:30.0946 7808 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:04:31.0056 7808 RemoteAccess - ok
15:04:31.0096 7808 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:04:31.0196 7808 RemoteRegistry - ok
15:04:31.0226 7808 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:04:31.0266 7808 RFCOMM - ok
15:04:31.0366 7808 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
15:04:31.0396 7808 RichVideo64 - ok
15:04:31.0426 7808 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:04:31.0526 7808 RpcEptMapper - ok
15:04:31.0556 7808 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:04:31.0596 7808 RpcLocator - ok
15:04:31.0676 7808 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:31.0776 7808 RpcSs - ok
15:04:31.0826 7808 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:04:31.0936 7808 rspndr - ok
15:04:31.0996 7808 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\System32\Drivers\RtsUStor.sys
15:04:32.0026 7808 RSUSBSTOR - ok
15:04:32.0116 7808 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:04:32.0166 7808 RTL8167 - ok
15:04:32.0276 7808 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:04:32.0326 7808 RTL8192su - ok
15:04:32.0346 7808 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:32.0386 7808 SamSs - ok
15:04:32.0416 7808 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:04:32.0446 7808 sbp2port - ok
15:04:32.0486 7808 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:04:32.0586 7808 SCardSvr - ok
15:04:32.0606 7808 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:04:32.0696 7808 scfilter - ok
15:04:32.0836 7808 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:04:32.0976 7808 Schedule - ok
15:04:33.0016 7808 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:04:33.0096 7808 SCPolicySvc - ok
15:04:33.0136 7808 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:04:33.0206 7808 SDRSVC - ok
15:04:33.0266 7808 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:04:33.0366 7808 secdrv - ok
15:04:33.0386 7808 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:04:33.0486 7808 seclogon - ok
15:04:33.0496 7808 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:04:33.0606 7808 SENS - ok
15:04:33.0616 7808 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:04:33.0676 7808 SensrSvc - ok
15:04:33.0706 7808 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:04:33.0756 7808 Serenum - ok
15:04:33.0796 7808 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:04:33.0846 7808 Serial - ok
15:04:33.0886 7808 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:04:33.0926 7808 sermouse - ok
15:04:33.0976 7808 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:04:34.0076 7808 SessionEnv - ok
15:04:34.0106 7808 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:04:34.0146 7808 sffdisk - ok
15:04:34.0156 7808 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:04:34.0196 7808 sffp_mmc - ok
15:04:34.0206 7808 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:04:34.0246 7808 sffp_sd - ok
15:04:34.0276 7808 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:04:34.0316 7808 sfloppy - ok
15:04:34.0376 7808 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:04:34.0496 7808 SharedAccess - ok
15:04:34.0556 7808 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:04:34.0666 7808 ShellHWDetection - ok
15:04:34.0696 7808 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:04:34.0726 7808 SiSRaid2 - ok
15:04:34.0756 7808 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:04:34.0786 7808 SiSRaid4 - ok
15:04:34.0846 7808 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:04:34.0946 7808 Smb - ok
15:04:34.0996 7808 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:04:35.0036 7808 SNMPTRAP - ok
15:04:35.0076 7808 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:04:35.0096 7808 spldr - ok
15:04:35.0156 7808 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:04:35.0266 7808 Spooler - ok
15:04:35.0516 7808 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:04:35.0736 7808 sppsvc - ok
15:04:35.0926 7808 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:04:36.0016 7808 sppuinotify - ok
15:04:36.0106 7808 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:04:36.0176 7808 srv - ok
15:04:36.0236 7808 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:04:36.0286 7808 srv2 - ok
15:04:36.0316 7808 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:04:36.0366 7808 srvnet - ok
15:04:36.0406 7808 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:04:36.0526 7808 SSDPSRV - ok
15:04:36.0546 7808 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:04:36.0646 7808 SstpSvc - ok
15:04:36.0666 7808 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:04:36.0696 7808 stexstor - ok
15:04:36.0776 7808 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:04:36.0846 7808 stisvc - ok
15:04:36.0886 7808 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:04:36.0906 7808 swenum - ok
15:04:36.0966 7808 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:04:37.0126 7808 swprv - ok
15:04:37.0196 7808 SynTP (bd4f51aef67ab7d57698bc4aad983d1f) C:\Windows\system32\drivers\SynTP.sys
15:04:37.0256 7808 SynTP - ok
15:04:37.0396 7808 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:04:37.0538 7808 SysMain - ok
15:04:37.0660 7808 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:04:37.0710 7808 TabletInputService - ok
15:04:37.0740 7808 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:04:37.0870 7808 TapiSrv - ok
15:04:37.0890 7808 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:04:37.0980 7808 TBS - ok
15:04:38.0210 7808 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:04:38.0320 7808 Tcpip - ok
15:04:38.0640 7808 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:04:38.0750 7808 TCPIP6 - ok
15:04:38.0880 7808 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:04:38.0980 7808 tcpipreg - ok
15:04:39.0000 7808 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:04:39.0040 7808 TDPIPE - ok
15:04:39.0070 7808 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:04:39.0100 7808 TDTCP - ok
15:04:39.0140 7808 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:04:39.0260 7808 tdx - ok
15:04:39.0290 7808 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:04:39.0320 7808 TermDD - ok
15:04:39.0400 7808 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:04:39.0530 7808 TermService - ok
15:04:39.0550 7808 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:04:39.0610 7808 Themes - ok
15:04:39.0640 7808 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:39.0800 7808 THREADORDER - ok
15:04:39.0833 7808 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:04:39.0956 7808 TrkWks - ok
15:04:40.0016 7808 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:04:40.0136 7808 TrustedInstaller - ok
15:04:40.0176 7808 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:40.0266 7808 tssecsrv - ok
15:04:40.0306 7808 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:04:40.0346 7808 TsUsbFlt - ok
15:04:40.0376 7808 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:04:40.0406 7808 TsUsbGD - ok
15:04:40.0456 7808 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:04:40.0546 7808 tunnel - ok
15:04:40.0576 7808 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:04:40.0606 7808 uagp35 - ok
15:04:40.0656 7808 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:04:40.0766 7808 udfs - ok
15:04:40.0806 7808 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:04:40.0846 7808 UI0Detect - ok
15:04:40.0896 7808 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:04:40.0926 7808 uliagpkx - ok
15:04:40.0966 7808 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:04:40.0996 7808 umbus - ok
15:04:41.0016 7808 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:04:41.0056 7808 UmPass - ok
15:04:41.0166 7808 UNS (f76057596ef65049869098677ab72c30) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:04:41.0206 7808 UNS - ok
15:04:41.0266 7808 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:04:41.0376 7808 upnphost - ok
15:04:41.0426 7808 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:41.0496 7808 usbccgp - ok
15:04:41.0536 7808 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:04:41.0596 7808 usbcir - ok
15:04:41.0626 7808 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:04:41.0676 7808 usbehci - ok
15:04:41.0746 7808 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
15:04:41.0776 7808 usbhub - ok
15:04:41.0806 7808 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:04:41.0836 7808 usbohci - ok
15:04:41.0876 7808 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:04:41.0906 7808 usbprint - ok
15:04:41.0956 7808 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:04:42.0006 7808 usbscan - ok
15:04:42.0046 7808 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:42.0096 7808 USBSTOR - ok
15:04:42.0136 7808 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:04:42.0176 7808 usbuhci - ok
15:04:42.0226 7808 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:04:42.0266 7808 usbvideo - ok
15:04:42.0286 7808 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:04:42.0386 7808 UxSms - ok
15:04:42.0406 7808 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:42.0436 7808 VaultSvc - ok
15:04:42.0466 7808 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:04:42.0496 7808 vdrvroot - ok
15:04:42.0576 7808 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:04:42.0706 7808 vds - ok
15:04:42.0746 7808 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:42.0786 7808 vga - ok
15:04:42.0806 7808 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:04:42.0896 7808 VgaSave - ok
15:04:42.0936 7808 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:04:42.0976 7808 vhdmp - ok
15:04:42.0996 7808 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:04:43.0026 7808 viaide - ok
15:04:43.0056 7808 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:04:43.0086 7808 volmgr - ok
15:04:43.0136 7808 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:04:43.0176 7808 volmgrx - ok
15:04:43.0226 7808 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:04:43.0266 7808 volsnap - ok
15:04:43.0346 7808 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:04:43.0376 7808 vsmraid - ok
15:04:43.0596 7808 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:04:43.0766 7808 VSS - ok
15:04:43.0936 7808 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:43.0986 7808 vwifibus - ok
15:04:43.0996 7808 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:44.0046 7808 vwififlt - ok
15:04:44.0086 7808 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:44.0126 7808 vwifimp - ok
15:04:44.0206 7808 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:04:44.0306 7808 W32Time - ok
15:04:44.0346 7808 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:04:44.0386 7808 WacomPen - ok
15:04:44.0436 7808 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0546 7808 WANARP - ok
15:04:44.0566 7808 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0676 7808 Wanarpv6 - ok
15:04:44.0746 7808 watchmi (63d7250ed2c2e3cd9b11139a608d6c39) C:\Program Files (x86)\watchmi\TvdService.exe
15:04:44.0776 7808 watchmi ( UnsignedFile.Multi.Generic ) - warning
15:04:44.0776 7808 watchmi - detected UnsignedFile.Multi.Generic (1)
15:04:44.0906 7808 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:04:45.0043 7808 wbengine - ok
15:04:45.0155 7808 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:04:45.0205 7808 WbioSrvc - ok
15:04:45.0235 7808 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:04:45.0305 7808 wcncsvc - ok
15:04:45.0305 7808 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:04:45.0355 7808 WcsPlugInService - ok
15:04:45.0405 7808 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:04:45.0435 7808 Wd - ok
15:04:45.0510 7808 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:04:45.0555 7808 Wdf01000 - ok
15:04:45.0585 7808 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0675 7808 WdiServiceHost - ok
15:04:45.0685 7808 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0735 7808 WdiSystemHost - ok
15:04:45.0774 7808 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:04:45.0824 7808 WebClient - ok
15:04:45.0864 7808 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:04:45.0944 7808 Wecsvc - ok
15:04:45.0954 7808 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:04:46.0024 7808 wercplsupport - ok
15:04:46.0064 7808 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:04:46.0124 7808 WerSvc - ok
15:04:46.0184 7808 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:46.0274 7808 WfpLwf - ok
15:04:46.0304 7808 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:04:46.0324 7808 WIMMount - ok
15:04:46.0364 7808 WinDefend - ok
15:04:46.0384 7808 WinHttpAutoProxySvc - ok
15:04:46.0444 7808 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:04:46.0554 7808 Winmgmt - ok
15:04:46.0704 7808 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:04:46.0864 7808 WinRM - ok
15:04:47.0014 7808 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:04:47.0054 7808 WinUsb - ok
15:04:47.0124 7808 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:04:47.0214 7808 Wlansvc - ok
15:04:47.0284 7808 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:04:47.0304 7808 wlcrasvc - ok
15:04:47.0484 7808 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:04:47.0604 7808 wlidsvc - ok
15:04:47.0724 7808 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:04:47.0764 7808 WmiAcpi - ok
15:04:47.0834 7808 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:04:47.0884 7808 wmiApSrv - ok
15:04:47.0914 7808 WMPNetworkSvc - ok
15:04:47.0944 7808 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:04:47.0984 7808 WPCSvc - ok
15:04:48.0014 7808 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:04:48.0054 7808 WPDBusEnum - ok
15:04:48.0074 7808 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:04:48.0174 7808 ws2ifsl - ok
15:04:48.0204 7808 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:04:48.0274 7808 wscsvc - ok
15:04:48.0274 7808 WSearch - ok
15:04:48.0334 7808 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
15:04:48.0354 7808 wsvd - ok
15:04:48.0624 7808 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:04:48.0764 7808 wuauserv - ok
15:04:48.0904 7808 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:04:49.0014 7808 WudfPf - ok
15:04:49.0054 7808 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:49.0154 7808 WUDFRd - ok
15:04:49.0184 7808 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:04:49.0274 7808 wudfsvc - ok
15:04:49.0304 7808 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:04:49.0384 7808 WwanSvc - ok
15:04:49.0674 7808 ZeroConfigService (118c018df1c53b94f8c06d2cabbbda52) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
15:04:49.0844 7808 ZeroConfigService - ok
15:04:49.0914 7808 MBR (0x1B8) (9fe16ff95180a12a49cd2e9879c991e6) \Device\Harddisk0\DR0
15:04:55.0354 7808 \Device\Harddisk0\DR0 - ok
15:04:57.0494 7808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:04:57.0614 7808 \Device\Harddisk1\DR1 - ok
15:04:57.0624 7808 Boot (0x1200) (a20827dc65e27968f5154f84148e33d6) \Device\Harddisk0\DR0\Partition0
15:04:57.0624 7808 \Device\Harddisk0\DR0\Partition0 - ok
15:04:57.0644 7808 Boot (0x1200) (98754daf62f60b2d0baf682649a90f83) \Device\Harddisk0\DR0\Partition1
15:04:57.0644 7808 \Device\Harddisk0\DR0\Partition1 - ok
15:04:57.0674 7808 Boot (0x1200) (1f00d2b2a965d9948bbc52103eb4b231) \Device\Harddisk0\DR0\Partition2
15:04:57.0674 7808 \Device\Harddisk0\DR0\Partition2 - ok
15:04:57.0674 7808 Boot (0x1200) (4fe6dbae3da6ae0dafb3d9f8c238d086) \Device\Harddisk1\DR1\Partition0
15:04:57.0684 7808 \Device\Harddisk1\DR1\Partition0 - ok
15:04:57.0684 7808 ============================================================
15:04:57.0684 7808 Scan finished
15:04:57.0684 7808 ============================================================
15:04:57.0704 1716 Detected object count: 2
15:04:57.0704 1716 Actual detected object count: 2
15:05:26.0606 1716 GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716 GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:26.0606 1716 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
Jasmin |
|
| Themen zu Wie entferne ich Mystart / "Incredibar" Toolbar? |
| administrator, anti-malware, autostart, avira, browser, ccleaner, computer, dateien, deaktiviert, durchgeführt, eingefangen, explorer, firefox, funktioniert, gen, heuristiks/extra, heuristiks/shuriken, malwarebytes, minute, nicht mehr, nichts, registrierung, softonic, speicher, systemsteuerung, test, version, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
