Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wie entferne ich Mystart / "Incredibar" Toolbar? (https://www.trojaner-board.de/119266-entferne-mystart-incredibar-toolbar.html)

Jasmy 12.07.2012 13:08
Wie entferne ich Mystart / "Incredibar" Toolbar?
 
Hallo!
Auch ich habe mir die Incredibar-Toolbar von softonic eingefangen werde sie nicht mehr los.
Ich habe sie in Firefox deaktiviert und via Systemsteuerung deinstalliert, aber alle Browser öffnen nach wie vor die Mystart-Seite. Ich weiß nun nicht mehr weiter und bin auch nicht sehr fit, was Computer betrifft.
Zuerst hatte ich den CCleaner runtergeladen und ausgefführt, hat nichts gefunden.
Habe mir dann Defogger runtergeladen und ausgeführt, hat aber scheinbar auch nicht funktioniert:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:42 on 12/07/2012 (Jasmin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL habe ich trotzdem laufen lassen (angehängte Dateien) und mit Malwarebytes einen Quickscan durchgeführt, wurde aber nichts gefunden:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Aktiviert

12.07.2012 13:37:28
mbam-log-2012-07-12 (13-37-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212754
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



und:

2012/07/12 13:36:42 +0200 JASMIN-PC Jasmin MESSAGE Starting protection
2012/07/12 13:36:47 +0200 JASMIN-PC Jasmin MESSAGE Protection started successfully
2012/07/12 13:36:50 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection
2012/07/12 13:36:54 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully
2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Starting database refresh
2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Stopping IP protection
2012/07/12 13:39:08 +0200 JASMIN-PC Jasmin MESSAGE IP Protection stopped
2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Database refreshed successfully
2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection
2012/07/12 13:39:17 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully


Stört Avira da vielleicht? Ich hoffe, das sind die richtigen Logfiles.
Vielen Dank & Grüße,
Jasmin

cosinus 14.07.2012 16:32
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Jasmy 15.07.2012 19:15
Hallo Arne!
Hier die Log Dateien vom Scan mit malwarebytes, ich hoffe, das ist jetzt alles richtig so.

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Aktiviert

15.07.2012 13:23:04
mbam-log-2012-07-15 (13-23-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 570235
Laufzeit: 3 Stunde(n), 6 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
und das Ergebnis von ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=330248fca0ffed4693e348a80cf07328
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 05:53:54
# local_time=2012-07-15 07:53:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2355750 2355750 0 0
# compatibility_mode=5893 16776574 100 94 1785355 93993782 0 0
# compatibility_mode=8192 67108863 100 0 232 232 0 0
# scanned=366551
# found=0
# cleaned=0
# scan_time=10902
Vielen Dank & Grüße,
Jasmin

cosinus 15.07.2012 20:27
Code:
C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Jasmy 15.07.2012 20:54
Ja, das mit softonic kommt nie wieder vor - hinterher ist man schlauer :stirn:

Log vom AdwCleaner

Code:
# AdwCleaner v1.702 - Logfile created 07/15/2012 at 21:49:57
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15526");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15526");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15526");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :      "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found :          "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Found :      "name": "MyStart Search",
Found :      "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Found :    "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found :      "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]

*************************

AdwCleaner[R1].txt - [10015 octets] - [15/07/2012 21:49:57]

########## EOF - C:\AdwCleaner[R1].txt - [10144 octets] ##########
Liebe Grüße,
Jasmin

cosinus 16.07.2012 10:23
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Jasmy 16.07.2012 15:38
Hallo Arne,
hier die Datei

Code:
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:32:18
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Program Files\Web Assistant

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js

C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15526");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15526");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15526");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :      "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted :          "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Deleted :      "name": "MyStart Search",
Deleted :      "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Deleted :    "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted :      "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]

*************************

AdwCleaner[R1].txt - [10106 octets] - [15/07/2012 21:49:57]
AdwCleaner[S1].txt - [9285 octets] - [16/07/2012 16:32:18]

########## EOF - C:\AdwCleaner[S1].txt - [9413 octets] ##########
Liebe Grüße,
Jasmin

cosinus 16.07.2012 16:41
Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?

Jasmy 16.07.2012 16:46
Hallo Arne!
1.) Ja
2.) alles da
3.) Firefox und IE sind sauber, Chrome öffnet in neuen Tabs immer noch die Incredibar

Liebe Grüße,
Jasmin

cosinus 16.07.2012 16:57
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Jasmy 16.07.2012 22:27
Hallo Arne,
hier die neue OTL-Datei

Code:
OTL logfile created on: 16.07.2012 22:51:17 - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\Jasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,73% Memory free
7,79 Gb Paging File | 2,40 Gb Available in Paging File | 30,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 382,98 Gb Free Space | 59,14% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 17,58 Gb Free Space | 35,16% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.27 23:24:08 | 007,535,616 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files (x86)\PHotkey\GPMTray.exe
PRC - [2012.03.27 23:19:34 | 000,826,880 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.24 23:13:16 | 003,458,560 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.22 04:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.02.02 08:55:04 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
PRC - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
PRC - [2011.03.30 23:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.29 16:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R)
SRV:64bit: - [2012.03.29 16:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.03.29 16:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2012.03.29 16:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2012.02.03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R)
SRV:64bit: - [2012.01.18 01:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2012.01.09 21:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.19 18:43:22 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.12 18:10:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.31 00:43:34 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.01.31 11:24:02 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.10.13 23:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)
SRV - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.12 23:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 02:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.02.29 02:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012.02.14 21:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.02.10 04:54:50 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.11.30 20:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.30 20:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.14 05:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 01:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{2BA89279-9AC6-4258-A5AC-5C19D94CC8CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 10:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 10:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.06.18 10:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions
[2012.07.10 18:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\k97kkewp.default\extensions
[2012.06.18 10:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B46B66F-8E2A-45C3-A55C-3444AF55136F}: DhcpNameServer = 202.96.209.5 202.96.209.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 22:49:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.07.16 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Scanner & Cleaner
[2012.07.15 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.15 16:47:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 01:18:59 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2012.07.14 01:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\CyberLink
[2012.07.14 01:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\CyberLink
[2012.07.14 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\OsX_SerialCloner2-1 Folder
[2012.07.12 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2012.07.12 13:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.12 13:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.12 13:34:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.12 13:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.12 13:34:17 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.12 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Google
[2012.07.10 17:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.05 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.07.05 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.07.05 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serial Cloner
[2012.07.05 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serial Cloner
[2012.07.04 12:07:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Desktop
[2012.07.04 12:06:01 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Downloads
[2012.07.04 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Virologie.Data
[2012.07.04 12:03:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\bewerbungen
[2012.07.04 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\dokumente
[2012.07.04 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\briefe
[2012.07.04 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Word Vorlagen
[2012.07.04 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Sims
[2012.07.04 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\RKI
[2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.18 22:59:40 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\EndNote
[2012.06.18 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Virologie.Data
[2012.06.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Adobe
[2012.06.18 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.06.18 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Winamp
[2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.06.18 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\MA Virologie
[2012.06.18 11:51:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Macromedia
[2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Thunderbird
[2012.06.18 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Games
[2012.06.18 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.06.18 11:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2012.06.18 11:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012.06.18 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X5
[2012.06.18 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012.06.18 10:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.18 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.06.18 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.06.18 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.18 10:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.18 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Help
[2012.06.18 10:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.18 10:42:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Avira
[2012.06.18 10:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.18 10:29:43 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.18 10:29:43 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.18 10:29:43 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Mozilla
[2012.06.18 10:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.18 10:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.18 10:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.18 10:21:54 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.06.18 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Youcam
[2012.06.18 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\CyberLink
[2012.06.18 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Google
[2012.06.18 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Power2Go
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Searches
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.18 10:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2012.06.18 10:18:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Contacts
[2012.06.18 10:18:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.18 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\VirtualStore
[2012.06.18 10:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Intel
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Vorlagen
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Verlauf
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Temporary Internet Files
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Startmenü
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\SendTo
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Recent
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Netzwerkumgebung
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Lokale Einstellungen
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Videos
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Musik
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Eigene Dateien
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Bilder
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Druckumgebung
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Cookies
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Anwendungsdaten
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Anwendungsdaten
[2012.06.18 10:17:47 | 000,000,000 | --SD | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Videos
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Saved Games
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Pictures
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Music
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Links
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Favorites
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Downloads
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Documents
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.18 10:17:47 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\AppData
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Temp
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Roaming
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2012.06.18 10:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Rescue Disk 10
[2012.06.18 10:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012.06.18 10:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012.06.18 10:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012.06.18 10:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek
[2012.06.18 10:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2012.06.18 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT
[2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion_Services
[2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Aldi_Foto
[2012.06.18 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-Bit)
[2012.06.18 10:11:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012.06.18 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012.06.18 10:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.06.18 10:11:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5
[2012.06.18 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.06.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012.06.18 10:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012.06.18 10:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.18 10:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.18 10:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.06.18 10:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\watchmi
[2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\watchmi
[2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2012.06.18 10:07:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.18 10:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012.06.18 10:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.07.16 22:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 22:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.16 18:26:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:40:47 | 000,694,664 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.07.16 16:40:47 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.07.16 16:40:47 | 000,691,426 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.07.16 16:40:47 | 000,689,960 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.07.16 16:40:47 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.07.16 16:40:47 | 000,679,576 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.07.16 16:40:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 16:40:47 | 000,632,414 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.07.16 16:40:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 16:40:47 | 000,610,436 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.07.16 16:40:47 | 000,552,004 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.07.16 16:40:47 | 000,148,544 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.07.16 16:40:47 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.07.16 16:40:47 | 000,135,074 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.07.16 16:40:47 | 000,133,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.07.16 16:40:47 | 000,133,174 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.07.16 16:40:47 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.07.16 16:40:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 16:40:47 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.07.16 16:40:47 | 000,121,760 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.07.16 16:40:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 16:40:47 | 000,089,670 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.07.16 16:40:46 | 008,573,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 16:39:07 | 000,012,652 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs
[2012.07.16 16:34:06 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 16:34:01 | 3138,514,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 14:13:13 | 000,729,438 | ---- | M] () -- C:\Users\Jasmin\Documents\Virologie.enl
[2012.07.15 21:49:16 | 000,624,883 | ---- | M] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.07.15 16:47:29 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 13:46:35 | 000,408,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:36:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 13:34:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.12 12:41:47 | 000,050,477 | ---- | M] () -- C:\Users\Jasmin\Desktop\Defogger.exe
[2012.07.11 22:21:49 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.10 18:04:24 | 000,140,690 | ---- | M] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg
[2012.07.10 17:50:33 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 21:55:12 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.05 21:54:50 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Serial Cloner.lnk
[2012.07.04 12:21:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.06.18 16:09:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.18 10:50:42 | 000,002,723 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.18 10:46:27 | 000,002,703 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.18 10:46:27 | 000,002,697 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk
[2012.06.18 10:46:27 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.06.18 10:23:35 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 15:47:37 | 000,213,216 | ---- | M] () -- C:\Users\Jasmin\Desktop\Virologie.enl
[1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.15 21:49:15 | 000,624,883 | ---- | C] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.07.12 13:34:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 12:41:45 | 000,050,477 | ---- | C] () -- C:\Users\Jasmin\Desktop\Defogger.exe
[2012.07.10 18:04:14 | 000,140,690 | ---- | C] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg
[2012.07.10 17:50:33 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 22:05:48 | 000,012,652 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs
[2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.05 21:54:50 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Serial Cloner.lnk
[2012.07.04 12:21:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.04 12:03:53 | 000,213,216 | ---- | C] () -- C:\Users\Jasmin\Desktop\Virologie.enl
[2012.06.18 22:26:46 | 000,729,438 | ---- | C] () -- C:\Users\Jasmin\Documents\Virologie.enl
[2012.06.18 18:58:56 | 3138,514,944 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.18 16:09:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.18 11:50:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 10:50:42 | 000,002,723 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.18 10:46:27 | 000,002,703 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.18 10:46:27 | 000,002,697 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk
[2012.06.18 10:46:27 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.06.18 10:46:27 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.06.18 10:23:35 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.18 10:23:35 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.18 10:18:31 | 000,001,409 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.18 10:18:26 | 000,001,443 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.18 10:12:02 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONmediathek.lnk
[2012.06.18 10:12:02 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONplay.lnk
[2012.06.18 10:09:55 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2012.06.18 10:09:45 | 000,002,678 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.18 10:09:37 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 10:09:36 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 10:09:22 | 000,002,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
[2012.04.11 09:57:27 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.11 09:57:25 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.11 09:57:23 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.11 09:57:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.11 09:57:20 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== LOP Check ==========
 
[2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2009.07.14 07:08:49 | 000,022,712 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.18 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.06.18 10:35:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Avira
[2012.07.14 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\CyberLink
[2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.07.12 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Google
[2012.06.18 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2012.06.18 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Intel
[2012.03.14 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.07.12 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2011.04.12 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.07.04 15:11:05 | 000,000,000 | --SD | M] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2012.06.18 10:23:50 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2012.07.16 16:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2012.03.14 23:50:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jasmin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.13 08:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Liebe Grüße,
Jasmin

cosinus 17.07.2012 13:33
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
[2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Jasmy 17.07.2012 13:54
Hallo Arne!
Hier die Datei

Code:
All processes killed
========== OTL ==========
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins folder moved successfully.
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\user.js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jasmin
->Temp folder emptied: 4876730 bytes
->Temporary Internet Files folder emptied: 7196455 bytes
->FireFox cache emptied: 117533406 bytes
->Google Chrome cache emptied: 7015808 bytes
->Flash cache emptied: 58330 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 465438 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 107260766 bytes
 
Total Files Cleaned = 233,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jasmin
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_144753

Files\Folders moved on Reboot...
C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.17 14:49:50 | 000,000,081 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
Liebe Grüße,
Jasmin

cosinus 18.07.2012 13:49
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Jasmy 18.07.2012 14:07
Hallo Arne,
hier das Log

Code:
15:02:16.0674 4272        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:02:16.0924 4272        ============================================================
15:02:16.0934 4272        Current date / time: 2012/07/18 15:02:16.0924
15:02:16.0934 4272        SystemInfo:
15:02:16.0934 4272       
15:02:16.0934 4272        OS Version: 6.1.7601 ServicePack: 1.0
15:02:16.0934 4272        Product type: Workstation
15:02:16.0934 4272        ComputerName: JASMIN-PC
15:02:16.0934 4272        UserName: Jasmin
15:02:16.0934 4272        Windows directory: C:\Windows
15:02:16.0934 4272        System windows directory: C:\Windows
15:02:16.0934 4272        Running under WOW64
15:02:16.0934 4272        Processor architecture: Intel x64
15:02:16.0934 4272        Number of processors: 4
15:02:16.0934 4272        Page size: 0x1000
15:02:16.0934 4272        Boot type: Normal boot
15:02:16.0934 4272        ============================================================
15:02:19.0904 4272        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0904 4272        Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0914 4272        ============================================================
15:02:19.0914 4272        \Device\Harddisk0\DR0:
15:02:19.0914 4272        MBR partitions:
15:02:19.0914 4272        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:19.0914 4272        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F13000
15:02:19.0914 4272        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50F45800, BlocksNum 0x6400000
15:02:19.0914 4272        \Device\Harddisk1\DR1:
15:02:19.0914 4272        MBR partitions:
15:02:19.0914 4272        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:02:19.0914 4272        ============================================================
15:02:19.0944 4272        C: <-> \Device\Harddisk0\DR0\Partition1
15:02:19.0984 4272        D: <-> \Device\Harddisk0\DR0\Partition2
15:02:20.0024 4272        F: <-> \Device\Harddisk1\DR1\Partition0
15:02:20.0024 4272        ============================================================
15:02:20.0024 4272        Initialize success
15:02:20.0024 4272        ============================================================
15:03:49.0704 7808        ============================================================
15:03:49.0704 7808        Scan started
15:03:49.0704 7808        Mode: Manual; SigCheck; TDLFS;
15:03:49.0704 7808        ============================================================
15:03:51.0174 7808        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:51.0334 7808        1394ohci - ok
15:03:51.0414 7808        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:51.0454 7808        ACPI - ok
15:03:51.0494 7808        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:51.0574 7808        AcpiPmi - ok
15:03:51.0654 7808        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:51.0674 7808        AdobeARMservice - ok
15:03:51.0814 7808        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:51.0844 7808        AdobeFlashPlayerUpdateSvc - ok
15:03:51.0934 7808        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:03:51.0984 7808        adp94xx - ok
15:03:52.0064 7808        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:03:52.0104 7808        adpahci - ok
15:03:52.0134 7808        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:03:52.0164 7808        adpu320 - ok
15:03:52.0194 7808        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:52.0374 7808        AeLookupSvc - ok
15:03:52.0444 7808        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:52.0524 7808        AFD - ok
15:03:52.0584 7808        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:52.0614 7808        agp440 - ok
15:03:52.0644 7808        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:52.0714 7808        ALG - ok
15:03:52.0754 7808        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:52.0784 7808        aliide - ok
15:03:52.0794 7808        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:52.0824 7808        amdide - ok
15:03:52.0864 7808        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:03:52.0904 7808        AmdK8 - ok
15:03:52.0924 7808        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:03:52.0964 7808        AmdPPM - ok
15:03:53.0004 7808        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:03:53.0034 7808        amdsata - ok
15:03:53.0084 7808        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:03:53.0124 7808        amdsbs - ok
15:03:53.0124 7808        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:03:53.0154 7808        amdxata - ok
15:03:53.0214 7808        AMPPAL          (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\AMPPAL.sys
15:03:53.0264 7808        AMPPAL - ok
15:03:53.0274 7808        AMPPALP        (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\amppal.sys
15:03:53.0304 7808        AMPPALP - ok
15:03:53.0434 7808        AMPPALR3        (fb70f8c1283c8cc6bfaa6f9971107e68) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:03:53.0494 7808        AMPPALR3 - ok
15:03:53.0684 7808        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:53.0724 7808        AntiVirSchedulerService - ok
15:03:53.0774 7808        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:53.0804 7808        AntiVirService - ok
15:03:53.0874 7808        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:54.0044 7808        AppID - ok
15:03:54.0084 7808        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:54.0194 7808        AppIDSvc - ok
15:03:54.0214 7808        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:54.0314 7808        Appinfo - ok
15:03:54.0354 7808        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:03:54.0384 7808        arc - ok
15:03:54.0404 7808        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:03:54.0434 7808        arcsas - ok
15:03:54.0484 7808        ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
15:03:54.0504 7808        ASLDRService - ok
15:03:54.0544 7808        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:54.0644 7808        AsyncMac - ok
15:03:54.0674 7808        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:54.0704 7808        atapi - ok
15:03:54.0794 7808        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:54.0914 7808        AudioEndpointBuilder - ok
15:03:54.0934 7808        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:55.0044 7808        AudioSrv - ok
15:03:55.0094 7808        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:03:55.0114 7808        avgntflt - ok
15:03:55.0164 7808        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:03:55.0194 7808        avipbb - ok
15:03:55.0224 7808        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:03:55.0244 7808        avkmgr - ok
15:03:55.0294 7808        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:55.0384 7808        AxInstSV - ok
15:03:55.0474 7808        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:03:55.0544 7808        b06bdrv - ok
15:03:55.0624 7808        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:55.0674 7808        b57nd60a - ok
15:03:55.0724 7808        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:55.0774 7808        BDESVC - ok
15:03:55.0794 7808        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:55.0914 7808        Beep - ok
15:03:56.0004 7808        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:56.0134 7808        BFE - ok
15:03:56.0244 7808        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:03:56.0414 7808        BITS - ok
15:03:56.0484 7808        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:03:56.0534 7808        blbdrive - ok
15:03:56.0674 7808        Bluetooth Device Monitor (a52ea1d8c2900055323c93ddb252a3da) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:03:56.0744 7808        Bluetooth Device Monitor - ok
15:03:56.0854 7808        Bluetooth Media Service (091210450ca7ced08f360d9d7fec5d11) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:03:56.0934 7808        Bluetooth Media Service - ok
15:03:57.0054 7808        Bluetooth OBEX Service (392450754e17ff778cbc5b9d20583ad1) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:03:57.0124 7808        Bluetooth OBEX Service - ok
15:03:57.0274 7808        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:03:57.0314 7808        bowser - ok
15:03:57.0354 7808        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:03:57.0404 7808        BrFiltLo - ok
15:03:57.0424 7808        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:03:57.0474 7808        BrFiltUp - ok
15:03:57.0504 7808        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:57.0614 7808        Browser - ok
15:03:57.0674 7808        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:57.0734 7808        Brserid - ok
15:03:57.0764 7808        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:57.0804 7808        BrSerWdm - ok
15:03:57.0824 7808        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:57.0874 7808        BrUsbMdm - ok
15:03:57.0894 7808        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:57.0934 7808        BrUsbSer - ok
15:03:57.0974 7808        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:03:58.0084 7808        BthEnum - ok
15:03:58.0134 7808        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:03:58.0184 7808        BTHMODEM - ok
15:03:58.0224 7808        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:03:58.0284 7808        BthPan - ok
15:03:58.0364 7808        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:03:58.0414 7808        BTHPORT - ok
15:03:58.0464 7808        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:58.0554 7808        bthserv - ok
15:03:58.0634 7808        BTHSSecurityMgr (fa2d081709a764f6bee16b7ffe03e36c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:03:58.0654 7808        BTHSSecurityMgr - ok
15:03:58.0684 7808        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:03:58.0734 7808        BTHUSB - ok
15:03:58.0784 7808        btmaux          (988cc6cc49303665d3b2435c51505c3f) C:\Windows\system32\DRIVERS\btmaux.sys
15:03:58.0884 7808        btmaux - ok
15:03:58.0964 7808        btmhsf          (2b4b508afac2a563931af1fe875a5b16) C:\Windows\system32\DRIVERS\btmhsf.sys
15:03:59.0034 7808        btmhsf - ok
15:03:59.0074 7808        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:59.0184 7808        cdfs - ok
15:03:59.0244 7808        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:59.0274 7808        cdrom - ok
15:03:59.0334 7808        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:59.0444 7808        CertPropSvc - ok
15:03:59.0504 7808        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:03:59.0544 7808        circlass - ok
15:03:59.0604 7808        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:59.0644 7808        CLFS - ok
15:03:59.0694 7808        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:59.0724 7808        clr_optimization_v2.0.50727_32 - ok
15:03:59.0804 7808        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:59.0824 7808        clr_optimization_v2.0.50727_64 - ok
15:03:59.0894 7808        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:59.0924 7808        clr_optimization_v4.0.30319_32 - ok
15:03:59.0954 7808        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:59.0984 7808        clr_optimization_v4.0.30319_64 - ok
15:04:00.0024 7808        clwvd          (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
15:04:00.0044 7808        clwvd - ok
15:04:00.0074 7808        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:04:00.0114 7808        CmBatt - ok
15:04:00.0144 7808        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:04:00.0174 7808        cmdide - ok
15:04:00.0254 7808        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:04:00.0334 7808        CNG - ok
15:04:00.0374 7808        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:04:00.0404 7808        Compbatt - ok
15:04:00.0444 7808        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:04:00.0504 7808        CompositeBus - ok
15:04:00.0514 7808        COMSysApp - ok
15:04:00.0634 7808        cphs            (236172c3a418b9a0f26b416a72f5a556) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:04:00.0674 7808        cphs - ok
15:04:00.0704 7808        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:04:00.0734 7808        crcdisk - ok
15:04:00.0804 7808        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:04:00.0864 7808        CryptSvc - ok
15:04:00.0944 7808        CyberLink PowerDVD 10 MS Monitor Service (7f5cd87ca5bdb4d83f992d8c77201483) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
15:04:00.0964 7808        CyberLink PowerDVD 10 MS Monitor Service - ok
15:04:01.0024 7808        CyberLink PowerDVD 10 MS Service (9faf58e876a3b1db3030a0a5805f2d86) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
15:04:01.0054 7808        CyberLink PowerDVD 10 MS Service - ok
15:04:01.0144 7808        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:01.0274 7808        DcomLaunch - ok
15:04:01.0324 7808        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:04:01.0434 7808        defragsvc - ok
15:04:01.0494 7808        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:04:01.0584 7808        DfsC - ok
15:04:01.0654 7808        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:04:01.0774 7808        Dhcp - ok
15:04:01.0794 7808        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:04:01.0904 7808        discache - ok
15:04:01.0954 7808        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:04:01.0984 7808        Disk - ok
15:04:02.0014 7808        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:04:02.0074 7808        Dnscache - ok
15:04:02.0124 7808        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:04:02.0234 7808        dot3svc - ok
15:04:02.0254 7808        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:04:02.0354 7808        DPS - ok
15:04:02.0394 7808        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:04:02.0434 7808        drmkaud - ok
15:04:02.0534 7808        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:04:02.0604 7808        DXGKrnl - ok
15:04:02.0654 7808        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:04:02.0764 7808        EapHost - ok
15:04:03.0004 7808        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:04:03.0174 7808        ebdrv - ok
15:04:03.0274 7808        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:04:03.0334 7808        EFS - ok
15:04:03.0424 7808        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:04:03.0514 7808        ehRecvr - ok
15:04:03.0534 7808        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:04:03.0614 7808        ehSched - ok
15:04:03.0804 7808        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:04:03.0854 7808        elxstor - ok
15:04:03.0884 7808        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:04:03.0904 7808        ErrDev - ok
15:04:03.0974 7808        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:04:04.0094 7808        EventSystem - ok
15:04:04.0244 7808        EvtEng          (52ae29a233832e0c704fd7fc534af9fb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:04:04.0294 7808        EvtEng - ok
15:04:04.0344 7808        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:04:04.0444 7808        exfat - ok
15:04:04.0484 7808        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:04:04.0594 7808        fastfat - ok
15:04:04.0684 7808        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:04:04.0784 7808        Fax - ok
15:04:04.0814 7808        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:04:04.0864 7808        fdc - ok
15:04:04.0904 7808        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:04:05.0004 7808        fdPHost - ok
15:04:05.0024 7808        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:04:05.0124 7808        FDResPub - ok
15:04:05.0164 7808        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:04:05.0194 7808        FileInfo - ok
15:04:05.0204 7808        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:04:05.0294 7808        Filetrace - ok
15:04:05.0324 7808        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:04:05.0364 7808        flpydisk - ok
15:04:05.0384 7808        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:04:05.0424 7808        FltMgr - ok
15:04:05.0534 7808        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:04:05.0624 7808        FontCache - ok
15:04:05.0694 7808        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:05.0714 7808        FontCache3.0.0.0 - ok
15:04:05.0774 7808        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:04:05.0804 7808        FsDepends - ok
15:04:05.0824 7808        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:04:05.0854 7808        Fs_Rec - ok
15:04:05.0884 7808        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:04:05.0934 7808        fvevol - ok
15:04:05.0964 7808        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:04:05.0994 7808        gagp30kx - ok
15:04:06.0044 7808        GFNEXSrv        (4e1d0a246e10cfddbf856432418de404) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
15:04:06.0064 7808        GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
15:04:06.0064 7808        GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
15:04:06.0134 7808        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:04:06.0254 7808        gpsvc - ok
15:04:06.0314 7808        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0344 7808        gupdate - ok
15:04:06.0364 7808        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0394 7808        gupdatem - ok
15:04:06.0434 7808        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:06.0464 7808        gusvc - ok
15:04:06.0514 7808        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:04:06.0584 7808        hcw85cir - ok
15:04:06.0654 7808        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:04:06.0704 7808        HdAudAddService - ok
15:04:06.0754 7808        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:04:06.0804 7808        HDAudBus - ok
15:04:06.0834 7808        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:04:06.0874 7808        HidBatt - ok
15:04:06.0924 7808        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:04:06.0974 7808        HidBth - ok
15:04:07.0014 7808        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:04:07.0054 7808        HidIr - ok
15:04:07.0074 7808        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:04:07.0174 7808        hidserv - ok
15:04:07.0224 7808        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:04:07.0244 7808        HidUsb - ok
15:04:07.0294 7808        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:04:07.0394 7808        hkmsvc - ok
15:04:07.0424 7808        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:04:07.0504 7808        HomeGroupListener - ok
15:04:07.0544 7808        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:04:07.0604 7808        HomeGroupProvider - ok
15:04:07.0644 7808        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:04:07.0674 7808        HpSAMD - ok
15:04:07.0774 7808        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:04:07.0894 7808        HTTP - ok
15:04:07.0904 7808        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:04:07.0924 7808        hwpolicy - ok
15:04:07.0974 7808        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:04:08.0004 7808        i8042prt - ok
15:04:08.0084 7808        iaStor          (c224331a54571c8c9162f7714400bbbd) C:\Windows\system32\drivers\iaStor.sys
15:04:08.0134 7808        iaStor - ok
15:04:08.0204 7808        IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:04:08.0224 7808        IAStorDataMgrSvc - ok
15:04:08.0304 7808        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:04:08.0344 7808        iaStorV - ok
15:04:08.0364 7808        ibtfltcoex      (60cc7ae9aedb4d1e7923bd053b176d97) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:04:08.0404 7808        ibtfltcoex - ok
15:04:08.0594 7808        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:08.0664 7808        idsvc - ok
15:04:09.0624 7808        igfx            (3fb253e8059a1aac3a8b83a31d094cc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:10.0284 7808        igfx - ok
15:04:10.0414 7808        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:04:10.0444 7808        iirsp - ok
15:04:10.0524 7808        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:04:10.0654 7808        IKEEXT - ok
15:04:10.0704 7808        intaud_WaveExtensible (a387d6de360c3b2284b23000b212910a) C:\Windows\system32\drivers\intelaud.sys
15:04:10.0724 7808        intaud_WaveExtensible - ok
15:04:11.0084 7808        IntcAzAudAddService (059dddedbe5701dc3b779d32798108ac) C:\Windows\system32\drivers\RTKVHD64.sys
15:04:11.0324 7808        IntcAzAudAddService - ok
15:04:11.0494 7808        IntcDAud        (6c9fffeca9fed31347d211c5d1ffbd2d) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:04:11.0554 7808        IntcDAud - ok
15:04:11.0674 7808        Intel(R) Capability Licensing Service Interface (832ce330dd987227b7dea8c03f22aefa) C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:04:11.0724 7808        Intel(R) Capability Licensing Service Interface - ok
15:04:11.0744 7808        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:04:11.0774 7808        intelide - ok
15:04:11.0824 7808        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:04:11.0854 7808        intelppm - ok
15:04:11.0894 7808        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:04:12.0004 7808        IPBusEnum - ok
15:04:12.0044 7808        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:12.0144 7808        IpFilterDriver - ok
15:04:12.0224 7808        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:04:12.0344 7808        iphlpsvc - ok
15:04:12.0384 7808        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:04:12.0434 7808        IPMIDRV - ok
15:04:12.0474 7808        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:04:12.0574 7808        IPNAT - ok
15:04:12.0594 7808        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:04:12.0654 7808        IRENUM - ok
15:04:12.0694 7808        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:04:12.0714 7808        isapnp - ok
15:04:12.0764 7808        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:04:12.0804 7808        iScsiPrt - ok
15:04:12.0844 7808        iusb3hcs        (846354992ebb373f452eb9182d501b08) C:\Windows\system32\drivers\iusb3hcs.sys
15:04:12.0864 7808        iusb3hcs - ok
15:04:12.0934 7808        iusb3hub        (1d88a23853387d34d52cc8f9ddbfc56c) C:\Windows\system32\drivers\iusb3hub.sys
15:04:12.0964 7808        iusb3hub - ok
15:04:13.0054 7808        iusb3xhc        (fc5efd7c797df19dfb999f0605a7924e) C:\Windows\system32\drivers\iusb3xhc.sys
15:04:13.0104 7808        iusb3xhc - ok
15:04:13.0154 7808        iwdbus          (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
15:04:13.0184 7808        iwdbus - ok
15:04:13.0254 7808        jhi_service    (13e838ea8652f8451f29301d3b56b17b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:04:13.0284 7808        jhi_service - ok
15:04:13.0334 7808        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:04:13.0354 7808        kbdclass - ok
15:04:13.0404 7808        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:04:13.0444 7808        kbdhid - ok
15:04:13.0484 7808        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:13.0514 7808        KeyIso - ok
15:04:13.0594 7808        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:04:13.0634 7808        KSecDD - ok
15:04:13.0674 7808        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:04:13.0714 7808        KSecPkg - ok
15:04:13.0754 7808        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:04:13.0854 7808        ksthunk - ok
15:04:13.0924 7808        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:04:14.0034 7808        KtmRm - ok
15:04:14.0094 7808        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:04:14.0204 7808        LanmanServer - ok
15:04:14.0234 7808        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:04:14.0334 7808        LanmanWorkstation - ok
15:04:14.0394 7808        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:04:14.0484 7808        lltdio - ok
15:04:14.0544 7808        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:04:14.0654 7808        lltdsvc - ok
15:04:14.0684 7808        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:04:14.0774 7808        lmhosts - ok
15:04:14.0874 7808        LMS            (bd9457699ac9c1a0fe43398043617279) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:04:14.0904 7808        LMS - ok
15:04:14.0954 7808        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:04:14.0984 7808        LSI_FC - ok
15:04:15.0014 7808        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:04:15.0044 7808        LSI_SAS - ok
15:04:15.0074 7808        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:04:15.0104 7808        LSI_SAS2 - ok
15:04:15.0154 7808        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:04:15.0184 7808        LSI_SCSI - ok
15:04:15.0234 7808        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:04:15.0334 7808        luafv - ok
15:04:15.0384 7808        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:04:15.0404 7808        MBAMProtector - ok
15:04:15.0604 7808        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:04:15.0664 7808        MBAMService - ok
15:04:15.0694 7808        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:04:15.0744 7808        Mcx2Svc - ok
15:04:15.0774 7808        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:04:15.0804 7808        megasas - ok
15:04:15.0874 7808        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:04:15.0914 7808        MegaSR - ok
15:04:15.0964 7808        MEIx64          (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\drivers\HECIx64.sys
15:04:15.0984 7808        MEIx64 - ok
15:04:16.0024 7808        MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
15:04:16.0044 7808        MemeoBackgroundService - ok
15:04:16.0074 7808        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:16.0184 7808        MMCSS - ok
15:04:16.0234 7808        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:04:16.0324 7808        Modem - ok
15:04:16.0354 7808        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:04:16.0384 7808        monitor - ok
15:04:16.0434 7808        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:04:16.0464 7808        mouclass - ok
15:04:16.0514 7808        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:04:16.0554 7808        mouhid - ok
15:04:16.0614 7808        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:04:16.0634 7808        mountmgr - ok
15:04:16.0694 7808        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:16.0724 7808        MozillaMaintenance - ok
15:04:16.0754 7808        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:04:16.0794 7808        mpio - ok
15:04:16.0834 7808        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:04:16.0934 7808        mpsdrv - ok
15:04:17.0024 7808        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:04:17.0154 7808        MpsSvc - ok
15:04:17.0184 7808        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:04:17.0234 7808        MRxDAV - ok
15:04:17.0264 7808        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:17.0324 7808        mrxsmb - ok
15:04:17.0374 7808        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:17.0414 7808        mrxsmb10 - ok
15:04:17.0434 7808        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:17.0474 7808        mrxsmb20 - ok
15:04:17.0504 7808        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:04:17.0534 7808        msahci - ok
15:04:17.0574 7808        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:04:17.0604 7808        msdsm - ok
15:04:17.0644 7808        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:04:17.0684 7808        MSDTC - ok
15:04:17.0724 7808        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:04:17.0804 7808        Msfs - ok
15:04:17.0844 7808        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:04:17.0944 7808        mshidkmdf - ok
15:04:17.0974 7808        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:04:17.0994 7808        msisadrv - ok
15:04:18.0034 7808        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:04:18.0144 7808        MSiSCSI - ok
15:04:18.0144 7808        msiserver - ok
15:04:18.0184 7808        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:04:18.0294 7808        MSKSSRV - ok
15:04:18.0304 7808        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:18.0404 7808        MSPCLOCK - ok
15:04:18.0434 7808        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:04:18.0524 7808        MSPQM - ok
15:04:18.0584 7808        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:04:18.0624 7808        MsRPC - ok
15:04:18.0654 7808        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:04:18.0684 7808        mssmbios - ok
15:04:18.0704 7808        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:04:18.0824 7808        MSTEE - ok
15:04:18.0854 7808        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:04:18.0894 7808        MTConfig - ok
15:04:18.0914 7808        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:04:18.0944 7808        Mup - ok
15:04:19.0074 7808        MyWiFiDHCPDNS  (4d02a9a4aae43280d8631f232aad79bc) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:04:19.0104 7808        MyWiFiDHCPDNS - ok
15:04:19.0174 7808        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:04:19.0284 7808        napagent - ok
15:04:19.0354 7808        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:04:19.0424 7808        NativeWifiP - ok
15:04:19.0534 7808        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:04:19.0594 7808        NDIS - ok
15:04:19.0644 7808        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:19.0744 7808        NdisCap - ok
15:04:19.0784 7808        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:19.0874 7808        NdisTapi - ok
15:04:19.0894 7808        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:19.0994 7808        Ndisuio - ok
15:04:20.0024 7808        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:20.0134 7808        NdisWan - ok
15:04:20.0154 7808        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:04:20.0254 7808        NDProxy - ok
15:04:20.0294 7808        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:04:20.0394 7808        NetBIOS - ok
15:04:20.0434 7808        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:04:20.0544 7808        NetBT - ok
15:04:20.0584 7808        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:20.0614 7808        Netlogon - ok
15:04:20.0664 7808        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:04:20.0794 7808        Netman - ok
15:04:20.0834 7808        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:04:20.0954 7808        netprofm - ok
15:04:21.0054 7808        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:21.0084 7808        NetTcpPortSharing - ok
15:04:21.0824 7808        NETwNs64        (262225f08b891fd7f16b3b93a3177c1f) C:\Windows\system32\DRIVERS\Netwsw00.sys
15:04:22.0364 7808        NETwNs64 - ok
15:04:22.0514 7808        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:04:22.0544 7808        nfrd960 - ok
15:04:22.0604 7808        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:04:22.0714 7808        NlaSvc - ok
15:04:22.0754 7808        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:04:22.0844 7808        Npfs - ok
15:04:22.0854 7808        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:04:22.0964 7808        nsi - ok
15:04:22.0974 7808        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:04:23.0064 7808        nsiproxy - ok
15:04:23.0214 7808        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:04:23.0314 7808        Ntfs - ok
15:04:23.0414 7808        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:04:23.0514 7808        Null - ok
15:04:23.0684 7808        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:04:23.0724 7808        NVENETFD - ok
15:04:24.0494 7808        nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:04:25.0074 7808        nvlddmkm - ok
15:04:25.0244 7808        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:04:25.0274 7808        nvraid - ok
15:04:25.0324 7808        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:04:25.0354 7808        nvstor - ok
15:04:25.0404 7808        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:04:25.0444 7808        nv_agp - ok
15:04:25.0564 7808        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:25.0594 7808        odserv - ok
15:04:25.0644 7808        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:04:25.0684 7808        ohci1394 - ok
15:04:25.0734 7808        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:25.0764 7808        ose - ok
15:04:25.0814 7808        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:25.0874 7808        p2pimsvc - ok
15:04:25.0924 7808        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:04:25.0984 7808        p2psvc - ok
15:04:26.0024 7808        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:04:26.0064 7808        Parport - ok
15:04:26.0094 7808        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:04:26.0124 7808        partmgr - ok
15:04:26.0174 7808        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:04:26.0234 7808        PcaSvc - ok
15:04:26.0274 7808        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:04:26.0304 7808        pci - ok
15:04:26.0324 7808        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:04:26.0354 7808        pciide - ok
15:04:26.0384 7808        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:04:26.0424 7808        pcmcia - ok
15:04:26.0444 7808        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:04:26.0474 7808        pcw - ok
15:04:26.0524 7808        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:04:26.0634 7808        PEAUTH - ok
15:04:26.0684 7808        PEGAGFN        (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
15:04:26.0704 7808        PEGAGFN - ok
15:04:26.0784 7808        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:04:26.0814 7808        PerfHost - ok
15:04:26.0984 7808        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:04:27.0134 7808        pla - ok
15:04:27.0184 7808        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:04:27.0254 7808        PlugPlay - ok
15:04:27.0284 7808        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:04:27.0314 7808        PNRPAutoReg - ok
15:04:27.0354 7808        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:27.0384 7808        PNRPsvc - ok
15:04:27.0454 7808        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:04:27.0574 7808        PolicyAgent - ok
15:04:27.0634 7808        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:04:27.0754 7808        Power - ok
15:04:27.0856 7808        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:04:27.0966 7808        PptpMiniport - ok
15:04:28.0006 7808        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:04:28.0046 7808        Processor - ok
15:04:28.0096 7808        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:04:28.0156 7808        ProfSvc - ok
15:04:28.0176 7808        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:28.0196 7808        ProtectedStorage - ok
15:04:28.0236 7808        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:04:28.0316 7808        Psched - ok
15:04:28.0396 7808        PSI_SVC_2      (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:04:28.0416 7808        PSI_SVC_2 - ok
15:04:28.0606 7808        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:04:28.0696 7808        ql2300 - ok
15:04:28.0846 7808        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:04:28.0876 7808        ql40xx - ok
15:04:28.0926 7808        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:04:28.0976 7808        QWAVE - ok
15:04:28.0996 7808        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:04:29.0046 7808        QWAVEdrv - ok
15:04:29.0066 7808        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:04:29.0156 7808        RasAcd - ok
15:04:29.0186 7808        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:29.0296 7808        RasAgileVpn - ok
15:04:29.0326 7808        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:04:29.0436 7808        RasAuto - ok
15:04:29.0486 7808        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:29.0586 7808        Rasl2tp - ok
15:04:29.0636 7808        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:04:29.0756 7808        RasMan - ok
15:04:29.0796 7808        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:29.0896 7808        RasPppoe - ok
15:04:29.0926 7808        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:04:30.0036 7808        RasSstp - ok
15:04:30.0066 7808        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:04:30.0166 7808        rdbss - ok
15:04:30.0196 7808        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:04:30.0236 7808        rdpbus - ok
15:04:30.0266 7808        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:30.0366 7808        RDPCDD - ok
15:04:30.0376 7808        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:04:30.0476 7808        RDPENCDD - ok
15:04:30.0496 7808        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:04:30.0606 7808        RDPREFMP - ok
15:04:30.0656 7808        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:04:30.0716 7808        RDPWD - ok
15:04:30.0776 7808        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:04:30.0806 7808        rdyboost - ok
15:04:30.0896 7808        RegSrvc        (c480d028012881e0136962a49379688d) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:04:30.0916 7808        RegSrvc - ok
15:04:30.0946 7808        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:04:31.0056 7808        RemoteAccess - ok
15:04:31.0096 7808        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:04:31.0196 7808        RemoteRegistry - ok
15:04:31.0226 7808        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:04:31.0266 7808        RFCOMM - ok
15:04:31.0366 7808        RichVideo64    (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
15:04:31.0396 7808        RichVideo64 - ok
15:04:31.0426 7808        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:04:31.0526 7808        RpcEptMapper - ok
15:04:31.0556 7808        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:04:31.0596 7808        RpcLocator - ok
15:04:31.0676 7808        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:31.0776 7808        RpcSs - ok
15:04:31.0826 7808        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:04:31.0936 7808        rspndr - ok
15:04:31.0996 7808        RSUSBSTOR      (135a64530d7699ad48f29d73a658dd11) C:\Windows\System32\Drivers\RtsUStor.sys
15:04:32.0026 7808        RSUSBSTOR - ok
15:04:32.0116 7808        RTL8167        (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:04:32.0166 7808        RTL8167 - ok
15:04:32.0276 7808        RTL8192su      (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:04:32.0326 7808        RTL8192su - ok
15:04:32.0346 7808        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:32.0386 7808        SamSs - ok
15:04:32.0416 7808        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:04:32.0446 7808        sbp2port - ok
15:04:32.0486 7808        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:04:32.0586 7808        SCardSvr - ok
15:04:32.0606 7808        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:04:32.0696 7808        scfilter - ok
15:04:32.0836 7808        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:04:32.0976 7808        Schedule - ok
15:04:33.0016 7808        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:04:33.0096 7808        SCPolicySvc - ok
15:04:33.0136 7808        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:04:33.0206 7808        SDRSVC - ok
15:04:33.0266 7808        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:04:33.0366 7808        secdrv - ok
15:04:33.0386 7808        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:04:33.0486 7808        seclogon - ok
15:04:33.0496 7808        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:04:33.0606 7808        SENS - ok
15:04:33.0616 7808        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:04:33.0676 7808        SensrSvc - ok
15:04:33.0706 7808        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:04:33.0756 7808        Serenum - ok
15:04:33.0796 7808        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:04:33.0846 7808        Serial - ok
15:04:33.0886 7808        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:04:33.0926 7808        sermouse - ok
15:04:33.0976 7808        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:04:34.0076 7808        SessionEnv - ok
15:04:34.0106 7808        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:04:34.0146 7808        sffdisk - ok
15:04:34.0156 7808        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:04:34.0196 7808        sffp_mmc - ok
15:04:34.0206 7808        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:04:34.0246 7808        sffp_sd - ok
15:04:34.0276 7808        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:04:34.0316 7808        sfloppy - ok
15:04:34.0376 7808        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:04:34.0496 7808        SharedAccess - ok
15:04:34.0556 7808        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:04:34.0666 7808        ShellHWDetection - ok
15:04:34.0696 7808        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:04:34.0726 7808        SiSRaid2 - ok
15:04:34.0756 7808        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:04:34.0786 7808        SiSRaid4 - ok
15:04:34.0846 7808        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:04:34.0946 7808        Smb - ok
15:04:34.0996 7808        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:04:35.0036 7808        SNMPTRAP - ok
15:04:35.0076 7808        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:04:35.0096 7808        spldr - ok
15:04:35.0156 7808        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:04:35.0266 7808        Spooler - ok
15:04:35.0516 7808        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:04:35.0736 7808        sppsvc - ok
15:04:35.0926 7808        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:04:36.0016 7808        sppuinotify - ok
15:04:36.0106 7808        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:04:36.0176 7808        srv - ok
15:04:36.0236 7808        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:04:36.0286 7808        srv2 - ok
15:04:36.0316 7808        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:04:36.0366 7808        srvnet - ok
15:04:36.0406 7808        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:04:36.0526 7808        SSDPSRV - ok
15:04:36.0546 7808        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:04:36.0646 7808        SstpSvc - ok
15:04:36.0666 7808        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:04:36.0696 7808        stexstor - ok
15:04:36.0776 7808        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:04:36.0846 7808        stisvc - ok
15:04:36.0886 7808        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:04:36.0906 7808        swenum - ok
15:04:36.0966 7808        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:04:37.0126 7808        swprv - ok
15:04:37.0196 7808        SynTP          (bd4f51aef67ab7d57698bc4aad983d1f) C:\Windows\system32\drivers\SynTP.sys
15:04:37.0256 7808        SynTP - ok
15:04:37.0396 7808        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:04:37.0538 7808        SysMain - ok
15:04:37.0660 7808        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:04:37.0710 7808        TabletInputService - ok
15:04:37.0740 7808        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:04:37.0870 7808        TapiSrv - ok
15:04:37.0890 7808        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:04:37.0980 7808        TBS - ok
15:04:38.0210 7808        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:04:38.0320 7808        Tcpip - ok
15:04:38.0640 7808        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:04:38.0750 7808        TCPIP6 - ok
15:04:38.0880 7808        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:04:38.0980 7808        tcpipreg - ok
15:04:39.0000 7808        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:04:39.0040 7808        TDPIPE - ok
15:04:39.0070 7808        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:04:39.0100 7808        TDTCP - ok
15:04:39.0140 7808        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:04:39.0260 7808        tdx - ok
15:04:39.0290 7808        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:04:39.0320 7808        TermDD - ok
15:04:39.0400 7808        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:04:39.0530 7808        TermService - ok
15:04:39.0550 7808        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:04:39.0610 7808        Themes - ok
15:04:39.0640 7808        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:39.0800 7808        THREADORDER - ok
15:04:39.0833 7808        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:04:39.0956 7808        TrkWks - ok
15:04:40.0016 7808        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:04:40.0136 7808        TrustedInstaller - ok
15:04:40.0176 7808        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:40.0266 7808        tssecsrv - ok
15:04:40.0306 7808        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:04:40.0346 7808        TsUsbFlt - ok
15:04:40.0376 7808        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:04:40.0406 7808        TsUsbGD - ok
15:04:40.0456 7808        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:04:40.0546 7808        tunnel - ok
15:04:40.0576 7808        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:04:40.0606 7808        uagp35 - ok
15:04:40.0656 7808        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:04:40.0766 7808        udfs - ok
15:04:40.0806 7808        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:04:40.0846 7808        UI0Detect - ok
15:04:40.0896 7808        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:04:40.0926 7808        uliagpkx - ok
15:04:40.0966 7808        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:04:40.0996 7808        umbus - ok
15:04:41.0016 7808        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:04:41.0056 7808        UmPass - ok
15:04:41.0166 7808        UNS            (f76057596ef65049869098677ab72c30) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:04:41.0206 7808        UNS - ok
15:04:41.0266 7808        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:04:41.0376 7808        upnphost - ok
15:04:41.0426 7808        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:41.0496 7808        usbccgp - ok
15:04:41.0536 7808        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:04:41.0596 7808        usbcir - ok
15:04:41.0626 7808        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:04:41.0676 7808        usbehci - ok
15:04:41.0746 7808        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
15:04:41.0776 7808        usbhub - ok
15:04:41.0806 7808        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:04:41.0836 7808        usbohci - ok
15:04:41.0876 7808        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:04:41.0906 7808        usbprint - ok
15:04:41.0956 7808        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:04:42.0006 7808        usbscan - ok
15:04:42.0046 7808        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:42.0096 7808        USBSTOR - ok
15:04:42.0136 7808        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:04:42.0176 7808        usbuhci - ok
15:04:42.0226 7808        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:04:42.0266 7808        usbvideo - ok
15:04:42.0286 7808        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:04:42.0386 7808        UxSms - ok
15:04:42.0406 7808        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:42.0436 7808        VaultSvc - ok
15:04:42.0466 7808        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:04:42.0496 7808        vdrvroot - ok
15:04:42.0576 7808        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:04:42.0706 7808        vds - ok
15:04:42.0746 7808        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:42.0786 7808        vga - ok
15:04:42.0806 7808        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:04:42.0896 7808        VgaSave - ok
15:04:42.0936 7808        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:04:42.0976 7808        vhdmp - ok
15:04:42.0996 7808        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:04:43.0026 7808        viaide - ok
15:04:43.0056 7808        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:04:43.0086 7808        volmgr - ok
15:04:43.0136 7808        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:04:43.0176 7808        volmgrx - ok
15:04:43.0226 7808        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:04:43.0266 7808        volsnap - ok
15:04:43.0346 7808        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:04:43.0376 7808        vsmraid - ok
15:04:43.0596 7808        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:04:43.0766 7808        VSS - ok
15:04:43.0936 7808        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:43.0986 7808        vwifibus - ok
15:04:43.0996 7808        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:44.0046 7808        vwififlt - ok
15:04:44.0086 7808        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:44.0126 7808        vwifimp - ok
15:04:44.0206 7808        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:04:44.0306 7808        W32Time - ok
15:04:44.0346 7808        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:04:44.0386 7808        WacomPen - ok
15:04:44.0436 7808        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0546 7808        WANARP - ok
15:04:44.0566 7808        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0676 7808        Wanarpv6 - ok
15:04:44.0746 7808        watchmi        (63d7250ed2c2e3cd9b11139a608d6c39) C:\Program Files (x86)\watchmi\TvdService.exe
15:04:44.0776 7808        watchmi ( UnsignedFile.Multi.Generic ) - warning
15:04:44.0776 7808        watchmi - detected UnsignedFile.Multi.Generic (1)
15:04:44.0906 7808        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:04:45.0043 7808        wbengine - ok
15:04:45.0155 7808        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:04:45.0205 7808        WbioSrvc - ok
15:04:45.0235 7808        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:04:45.0305 7808        wcncsvc - ok
15:04:45.0305 7808        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:04:45.0355 7808        WcsPlugInService - ok
15:04:45.0405 7808        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:04:45.0435 7808        Wd - ok
15:04:45.0510 7808        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:04:45.0555 7808        Wdf01000 - ok
15:04:45.0585 7808        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0675 7808        WdiServiceHost - ok
15:04:45.0685 7808        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0735 7808        WdiSystemHost - ok
15:04:45.0774 7808        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:04:45.0824 7808        WebClient - ok
15:04:45.0864 7808        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:04:45.0944 7808        Wecsvc - ok
15:04:45.0954 7808        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:04:46.0024 7808        wercplsupport - ok
15:04:46.0064 7808        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:04:46.0124 7808        WerSvc - ok
15:04:46.0184 7808        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:46.0274 7808        WfpLwf - ok
15:04:46.0304 7808        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:04:46.0324 7808        WIMMount - ok
15:04:46.0364 7808        WinDefend - ok
15:04:46.0384 7808        WinHttpAutoProxySvc - ok
15:04:46.0444 7808        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:04:46.0554 7808        Winmgmt - ok
15:04:46.0704 7808        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:04:46.0864 7808        WinRM - ok
15:04:47.0014 7808        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:04:47.0054 7808        WinUsb - ok
15:04:47.0124 7808        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:04:47.0214 7808        Wlansvc - ok
15:04:47.0284 7808        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:04:47.0304 7808        wlcrasvc - ok
15:04:47.0484 7808        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:04:47.0604 7808        wlidsvc - ok
15:04:47.0724 7808        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:04:47.0764 7808        WmiAcpi - ok
15:04:47.0834 7808        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:04:47.0884 7808        wmiApSrv - ok
15:04:47.0914 7808        WMPNetworkSvc - ok
15:04:47.0944 7808        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:04:47.0984 7808        WPCSvc - ok
15:04:48.0014 7808        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:04:48.0054 7808        WPDBusEnum - ok
15:04:48.0074 7808        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:04:48.0174 7808        ws2ifsl - ok
15:04:48.0204 7808        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:04:48.0274 7808        wscsvc - ok
15:04:48.0274 7808        WSearch - ok
15:04:48.0334 7808        wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
15:04:48.0354 7808        wsvd - ok
15:04:48.0624 7808        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:04:48.0764 7808        wuauserv - ok
15:04:48.0904 7808        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:04:49.0014 7808        WudfPf - ok
15:04:49.0054 7808        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:49.0154 7808        WUDFRd - ok
15:04:49.0184 7808        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:04:49.0274 7808        wudfsvc - ok
15:04:49.0304 7808        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:04:49.0384 7808        WwanSvc - ok
15:04:49.0674 7808        ZeroConfigService (118c018df1c53b94f8c06d2cabbbda52) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
15:04:49.0844 7808        ZeroConfigService - ok
15:04:49.0914 7808        MBR (0x1B8)    (9fe16ff95180a12a49cd2e9879c991e6) \Device\Harddisk0\DR0
15:04:55.0354 7808        \Device\Harddisk0\DR0 - ok
15:04:57.0494 7808        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:04:57.0614 7808        \Device\Harddisk1\DR1 - ok
15:04:57.0624 7808        Boot (0x1200)  (a20827dc65e27968f5154f84148e33d6) \Device\Harddisk0\DR0\Partition0
15:04:57.0624 7808        \Device\Harddisk0\DR0\Partition0 - ok
15:04:57.0644 7808        Boot (0x1200)  (98754daf62f60b2d0baf682649a90f83) \Device\Harddisk0\DR0\Partition1
15:04:57.0644 7808        \Device\Harddisk0\DR0\Partition1 - ok
15:04:57.0674 7808        Boot (0x1200)  (1f00d2b2a965d9948bbc52103eb4b231) \Device\Harddisk0\DR0\Partition2
15:04:57.0674 7808        \Device\Harddisk0\DR0\Partition2 - ok
15:04:57.0674 7808        Boot (0x1200)  (4fe6dbae3da6ae0dafb3d9f8c238d086) \Device\Harddisk1\DR1\Partition0
15:04:57.0684 7808        \Device\Harddisk1\DR1\Partition0 - ok
15:04:57.0684 7808        ============================================================
15:04:57.0684 7808        Scan finished
15:04:57.0684 7808        ============================================================
15:04:57.0704 1716        Detected object count: 2
15:04:57.0704 1716        Actual detected object count: 2
15:05:26.0606 1716        GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716        GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:26.0606 1716        watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716        watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
Liebe Grüße,
Jasmin


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129