Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   mystart.incredibar.com entfernen (https://www.trojaner-board.de/118839-mystart-incredibar-com-entfernen.html)

cdtueb 08.07.2012 09:27
mystart.incredibar.com entfernen
 
Hallo,

ich habe dieses mystart.incredibar.com seit 2 Tagen auf meinem Rechner. Hab jetzt versucht nach dieser Anleitung hxxp://de.fasterpccleanclean.com/mystart-by-incredibar-entfernen/#deletefiles
Das Ding zu entfernen, aber ich habe bei jedem Schritt nicht die angegeben Daten gefunden.

Ich hab jetzt mal Malwarebytes darüberlaufen lassen

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Susi :: SUSISPC [Administrator]

Schutz: Aktiviert

06.07.2012 14:11:31
mbam-log-2012-07-06 (14-11-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 526126
Laufzeit: 3 Stunde(n), 22 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Susi\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Susi\Downloads\SoftonicDownloader_fuer_picasa.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Susi\Favorites\Free Porn Movies - Tube Galore . com.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und noch den ESET Online Scanner, weil ich in einem anderen Forenbeitrag gesehen habe, dass der auch hilft

Code:
C:\Program Files\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application
C:\Users\Susi\AppData\Local\Temp\is1373634743\MyBabylonTB.exe        Win32/Toolbar.Babylon application
C:\Users\Susi\FoxTabPDFCreator\message.exe        a variant of Win32/InstallCore.A application
C:\Windows\Temp\hss_update.exe        a variant of Win32/HotSpotShield application
Symptome an meinem Rechner sind, dass meine Browser jeden Tab mit mystart.incredibar öffnen und die Schrift des Browsers sich geändert hat.

Vielen dank schonmal für die Hilfe.

Liebe Grüße
Chris

cosinus 11.07.2012 21:17
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

cdtueb 13.07.2012 07:34
Ich hab den AdwCleaner drüber laufen lassen. Hier der Code:

Code:
# AdwCleaner v1.701 - Logfile created 07/13/2012 at 08:32:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Susi - SUSISPC
# Running from : C:\Users\Susi\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Susi\AppData\Local\Conduit
Folder Found : C:\Users\Susi\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Susi\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Susi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\ConduitCommon
Folder Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\extensions\ffxtlbr@incredibar.com
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Askcom.xml
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Conduit.xml
File Found : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&i=26

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", true);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "CT2319825");
Found : user_pref("CT2319825.CurrentServerDate", "9-10-2011");
Found : user_pref("CT2319825.DSInstall", true);
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Sun Oct 09 2011 11:49:41 GMT+0200");
Found : user_pref("CT2319825.FeedPollDate11908299", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.FirstServerDate", "9-10-2011");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", true);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HPInstall", false);
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Found : user_pref("CT2319825.InstalledDate", "Sun Oct 09 2011 11:34:39 GMT+0200");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsAlertDBUpdated", true);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsInitSetupIni", true);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", false);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.IsProtectorsInit", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_3.7.0.6", "Sun Oct 09 2011 19:41:58 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.7.0.6");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6");
Found : user_pref("CT2319825.RadioLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Found : user_pref("CT2319825.SavedHomepage", "hxxp://www.yahoo.de");
Found : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
Found : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2319825.SearchProtectorEnabled", true);
Found : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2319825.SendProtectorDataViaLogin", true);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Sun Oct 09 2011 11:34:36 GMT+0200");
Found : user_pref("CT2319825.SettingsLastCheckTime", "Sun Oct 09 2011 19:41:52 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
Found : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Oct 09 2011 11:34:36 GMT+0200");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2319825.ToolbarDisabled", true);
Found : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.UserID", "UN77399982343598620");
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Sun Oct 09 2011 11:34:41 GMT+0200");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "3236353332313937");
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.isAppTrackingManagerOn", true);
Found : user_pref("CT2319825.isFirstRadioInstallation", false);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.revertSettingsEnabled", true);
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Found : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Susi\\AppData\\Roaming\\Mozilla\\Fi[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "349e73dd-cd07-4cca-811c-0f373b0f12f0");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 09 2011 19:42:05 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 09 2011 11:34:38 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "227e771c-92d6-461f-b9f9-3a8af01adb1c");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.de");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&loc=FF_NT");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6,ffxtlbr@incredib[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341676582686");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "DE023FC252A771F2B7841C10B7F802CA");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "ce8aa8950000000000000026f2ed6140");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15527");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15527");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", true);
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8y8EVMiW");
Found : user_pref("extensions.incredibar.upn2n", "92824656932326798");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "ce8aa8950000000000000026f2ed6140");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15527");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8y8EVMiW");
Found : user_pref("extensions.incredibar_i.upn2n", "92824656932326798");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:55:15");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8y8EVMiW&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wblifemk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Susi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20265 octets] - [13/07/2012 08:32:56]

########## EOF - C:\AdwCleaner[R1].txt - [20394 octets] ##########
Schonmal tausend Dank für deine Hilfe.

cosinus 13.07.2012 15:07
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

cdtueb 13.07.2012 17:02
Hallo,

ich hab jetzt alles gelöscht... hoffe ich

Code:
# AdwCleaner v1.701 - Logfile created 07/13/2012 at 17:54:34
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Susi - SUSISPC
# Running from : C:\Users\Susi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Susi\AppData\Local\Conduit
Folder Deleted : C:\Users\Susi\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Susi\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Susi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\ConduitCommon
Folder Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\extensions\ffxtlbr@incredibar.com
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\prefs.js

C:\Users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\user.js ... Deleted !

Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CTID", "CT2319825");
Deleted : user_pref("CT2319825.CurrentServerDate", "9-10-2011");
Deleted : user_pref("CT2319825.DSInstall", true);
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Sun Oct 09 2011 11:49:41 GMT+0200");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.FirstServerDate", "9-10-2011");
Deleted : user_pref("CT2319825.FirstTime", true);
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HPInstall", false);
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2319825.InstalledDate", "Sun Oct 09 2011 11:34:39 GMT+0200");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsAlertDBUpdated", true);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsInitSetupIni", true);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.IsProtectorsInit", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_3.7.0.6", "Sun Oct 09 2011 19:41:58 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2319825.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.SavedHomepage", "hxxp://www.yahoo.de");
Deleted : user_pref("CT2319825.SearchCaption", "Winload Customized Web Search");
Deleted : user_pref("CT2319825.SearchEngineBeforeUnload", "Winload Customized Web Search");
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2319825.SearchProtectorEnabled", true);
Deleted : user_pref("CT2319825.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2319825.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Sun Oct 09 2011 11:34:36 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Sun Oct 09 2011 19:41:52 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1313478201");
Deleted : user_pref("CT2319825.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Oct 09 2011 11:34:36 GMT+0200");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.ToolbarDisabled", true);
Deleted : user_pref("CT2319825.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2319825.UserID", "UN77399982343598620");
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Sun Oct 09 2011 11:34:41 GMT+0200");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "3236353332313937");
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.initDone", true);
Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2319825.isFirstRadioInstallation", false);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.revertSettingsEnabled", true);
Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Sun Oct 09 2011 11:34:40 GMT+0200");
Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Winload Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Susi\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2319825");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 11:34:42 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "349e73dd-cd07-4cca-811c-0f373b0f12f0");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 09 2011 11:34:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 09 2011 19:42:05 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 09 2011 11:34:38 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "227e771c-92d6-461f-b9f9-3a8af01adb1c");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.de");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8y8EVMiW&loc=FF_NT");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6,ffxtlbr@incredib[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341676582686");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "DE023FC252A771F2B7841C10B7F802CA");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "ce8aa8950000000000000026f2ed6140");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15527");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15527");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", true);
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8y8EVMiW");
Deleted : user_pref("extensions.incredibar.upn2n", "92824656932326798");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "ce8aa8950000000000000026f2ed6140");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15527");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8y8EVMiW&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8y8EVMiW");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824656932326798");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:55:15");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8y8EVMiW&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wblifemk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Susi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20396 octets] - [13/07/2012 08:32:56]
AdwCleaner[R2].txt - [20457 octets] - [13/07/2012 08:33:27]
AdwCleaner[S1].txt - [21015 octets] - [13/07/2012 17:54:34]

########## EOF - C:\AdwCleaner[S1].txt - [21144 octets] ##########
Vielen Dank schonmal falls jetzt allers erledigt ist.

Mit freundlichen Grüßen
Chris

cosinus 13.07.2012 21:26
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

cdtueb 15.07.2012 09:14
Hallo,

also mein PC funktioniert wieder uneingeschränkt,ich vermisse auch keine Ordner und habe auch keine leere Ordner.

Ist dann mein PC wieder frei von dem Dreck?

Tausend Danke für die Hilfe. Wirklich freundlich, dass du mir geholfen hast.

Mit freundlichen Grüßen
Chris

cosinus 15.07.2012 16:55
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

cdtueb 15.07.2012 17:59
Hier hab ich den OTL-Scan gemacht, folgendes kam dabei raus

Code:
OTL logfile created on: 15.07.2012 18:24:36 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\Susi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,82% Memory free
6,70 Gb Paging File | 4,82 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 347,12 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32
 
Computer Name: SUSISPC | User Name: Susi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.15 18:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
PRC - [2012.05.09 08:15:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 08:15:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.09 08:15:42 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:15:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.01.13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.08.20 21:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.16 23:15:06 | 000,250,416 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.06.16 22:33:44 | 000,322,608 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2010.06.16 22:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.09.17 18:37:48 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 18:45:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Programme\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.02.28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 18:25:58 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 18:23:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 18:23:35 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.11 07:44:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 07:44:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 07:44:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012.05.11 07:28:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 07:27:18 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 07:27:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.01.13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll
MOD - [2011.01.13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll
MOD - [2010.08.20 21:45:36 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.08.20 21:45:26 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll
MOD - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009.04.22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll
MOD - [2008.12.10 15:53:52 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:51 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:51 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3257.27091__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:50 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.12.10 15:53:50 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:50 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.12.10 15:53:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.12.10 15:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.12.10 15:53:49 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.12.10 15:53:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.12.10 15:53:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.12.10 15:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.12.10 15:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.12.10 15:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.12.10 15:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.12.10 15:53:47 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.12.10 15:53:47 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.12.10 15:53:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.12.10 15:53:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.12.10 15:53:46 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.12.10 15:53:46 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.12.10 15:53:46 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.12.10 15:53:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.12.10 15:53:46 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.12.10 15:53:46 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2008.12.10 15:53:46 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.12.10 15:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.12.10 15:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.12.10 15:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.12.10 15:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.12.10 15:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.12.10 15:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.12.01 22:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.11 21:56:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.21 19:40:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 08:15:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 08:15:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.06.16 23:16:06 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.06.16 23:15:06 | 000,250,416 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.06.16 22:33:44 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.16 22:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.18 00:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.12 00:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.09 08:15:51 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 08:15:51 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.14 00:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010.03.26 21:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009.01.13 11:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.12.02 00:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.11 19:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.10.31 17:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.01 17:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007.10.12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2006.11.16 15:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 15:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005.12.06 05:30:19 | 000,916,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2003.10.02 16:47:14 | 000,666,624 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PRISMUSB.sys -- (PRISM_USB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAAA&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_uid=0d4ceed7-8276-43fe-8b48-3ce36973acd1&apn_sauid=D24C71D2-EAB5-4C97-81A6-21D0D8BDC426
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=VlJ_dVdxAy5Qh1NNir7kUC7EDh8?q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Susi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 19:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 16:45:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 19:40:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 16:45:55 | 000,000,000 | ---D | M]
 
[2011.02.02 15:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Extensions
[2012.07.13 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\o0s18t4g.default\extensions
[2011.10.18 06:52:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Susi\AppData\Roaming\mozilla\Firefox\Profiles\o0s18t4g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.21 19:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 20:13:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.21 19:40:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 19:40:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 19:40:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 19:40:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 19:40:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 19:40:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 19:40:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe File not found
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02670AA7-B7BA-46C7-B222-EA954B1D6FF9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{511DDCBA-5A36-4920-B8F9-A0F5359919F5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 18:22:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.07.14 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012.07.14 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.07.06 22:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.06 14:10:07 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2012.07.06 14:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.06 14:10:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.06 14:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.06 14:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.24 12:02:48 | 000,000,000 | ---D | C] -- C:\Users\Susi\AppData\Local\Macromedia
[3 C:\Users\Susi\*.tmp files -> C:\Users\Susi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 18:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.07.15 18:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Susi\Desktop\OTL.exe
[2012.07.15 18:15:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 18:15:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 18:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 18:15:30 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 12:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 19:21:31 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.14 19:21:31 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.14 19:21:31 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.14 19:21:31 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.14 17:46:54 | 000,001,010 | ---- | M] () -- C:\Users\Susi\Desktop\PDF-Viewer.lnk
[2012.07.12 21:09:15 | 000,328,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.06 08:03:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.06 07:55:16 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.06 07:54:42 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.07.03 18:04:16 | 000,017,229 | ---- | M] () -- C:\Users\Susi\Desktop\TueSem_12_TerminplanPS.pdf
[2012.06.30 15:01:12 | 000,369,891 | ---- | M] () -- C:\Users\Susi\Desktop\Bot. Familien Übersicht.pdf
[3 C:\Users\Susi\*.tmp files -> C:\Users\Susi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.14 17:46:54 | 000,001,010 | ---- | C] () -- C:\Users\Susi\Desktop\PDF-Viewer.lnk
[2012.07.06 07:55:15 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.06 07:54:42 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.07.03 18:04:16 | 000,017,229 | ---- | C] () -- C:\Users\Susi\Desktop\TueSem_12_TerminplanPS.pdf
[2012.06.30 15:01:09 | 000,369,891 | ---- | C] () -- C:\Users\Susi\Desktop\Bot. Familien Übersicht.pdf
[2011.05.09 21:02:20 | 000,033,792 | ---- | C] () -- C:\Users\Susi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.31 11:53:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.03.31 11:53:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.01.28 18:56:56 | 000,070,656 | ---- | C] () -- C:\Users\Susi\Rilke_Blaue%20Hortensie_Hausarbeit%20doc
[2011.01.12 11:49:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.12 11:49:37 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.12 11:49:37 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.12 11:49:37 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.12 11:49:37 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.12 11:49:37 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.12 11:49:37 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.12 11:49:37 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.12 11:49:37 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.12 11:49:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.12 11:49:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.12 11:49:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.12 11:49:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.12 11:49:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.12 11:49:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.12 11:49:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.12 11:49:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.12 11:49:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.12 11:49:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.10.03 00:36:48 | 000,226,064 | ---- | C] () -- C:\Users\Susi\Ludovico Einaudi-Divenire-Sheetzbox.pdf
[2010.07.01 11:54:24 | 006,162,022 | ---- | C] () -- C:\Users\Susi\13-blumentopf-helping_hand.mp3
[2009.11.16 07:55:18 | 000,000,760 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\setup_ldm.iss
[2009.05.05 06:50:46 | 000,010,228 | ---- | C] () -- C:\Users\Susi\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2011.06.29 08:31:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EPSON
[2009.09.14 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Blitware
[2010.08.28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Canon
[2012.01.31 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoft
[2011.07.04 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.11 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EPSON
[2011.07.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EuroTalk
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2010.03.26 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ICQ
[2009.08.16 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\IrfanView
[2009.12.17 09:06:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Leadertech
[2011.10.09 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Scribus
[2009.05.05 06:50:52 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Template
[2012.07.06 12:16:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Tobit
[2011.01.19 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\XSManager
[2009.09.14 21:31:09 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012.07.15 13:22:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.15 18:30:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.11 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Adobe
[2010.05.28 16:10:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Apple Computer
[2009.05.03 00:54:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ATI
[2012.01.07 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Avira
[2009.09.14 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Blitware
[2010.08.28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Canon
[2009.05.11 23:01:58 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Corel
[2009.09.27 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\CyberLink
[2010.10.02 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DivX
[2012.01.31 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoft
[2011.07.04 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.11 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EPSON
[2011.07.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\EuroTalk
[2009.05.03 00:59:10 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Google
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2010.03.26 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\ICQ
[2009.05.03 00:53:22 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Identities
[2011.01.12 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\InstallShield
[2009.08.16 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\IrfanView
[2009.12.17 09:06:28 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Leadertech
[2009.05.02 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Macromedia
[2012.07.06 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Media Center Programs
[2012.07.06 12:25:50 | 000,000,000 | --SD | M] -- C:\Users\Susi\AppData\Roaming\Microsoft
[2011.02.02 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Mozilla
[2009.05.04 16:04:15 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Nero
[2011.10.09 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Scribus
[2012.07.14 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Skype
[2009.05.05 06:50:52 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Template
[2012.07.06 12:16:34 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Tobit
[2011.01.19 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\XSManager
[2010.08.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.06.18 18:41:57 | 015,739,760 | ---- | M] () -- C:\Users\Susi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys
[2007.11.01 21:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.12.01 22:47:28 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >
Mit freundlichen Grüßen
Chris

cosinus 15.07.2012 18:58
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAAA&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_uid=0d4ceed7-8276-43fe-8b48-3ce36973acd1&apn_sauid=D24C71D2-EAB5-4C97-81A6-21D0D8BDC426
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=VlJ_dVdxAy5Qh1NNir7kUC7EDh8?q={searchTerms}
IE - HKU\S-1-5-21-3287848944-3675028394-3599447207-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell - "" = AutoRun
O33 - MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
[2012.07.06 07:55:16 | 000,000,447 | ---- | M] () -- C:\user.js
[2011.11.08 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Susi\AppData\Roaming\Gutscheinmieze
[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

cdtueb 16.07.2012 17:11
Hier mal wieder das Ergebnis:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C055304-F69B-4F60-8E6F-5E9B655B12FF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3287848944-3675028394-3599447207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "yahoo.de" removed from browser.startup.homepage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f4a800f-1f12-11e0-970f-002421177311}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667d0b7f-625d-11de-9192-002421177311}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{667d0b7f-625d-11de-9192-002421177311}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667d0b7f-625d-11de-9192-002421177311}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
C:\user.js moved successfully.
C:\Users\Susi\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\install.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andrea
->Temp folder emptied: 1681767 bytes
->Temporary Internet Files folder emptied: 68695425 bytes
->Java cache emptied: 58259 bytes
->Flash cache emptied: 2585 bytes
 
User: Chris
->Temp folder emptied: 6819705 bytes
->Temporary Internet Files folder emptied: 4830165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42636081 bytes
->Flash cache emptied: 1316 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Susi
->Temp folder emptied: 1603515668 bytes
->Temporary Internet Files folder emptied: 1280472757 bytes
->Java cache emptied: 2087463 bytes
->FireFox cache emptied: 300080960 bytes
->Flash cache emptied: 15896695 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178535106 bytes
RecycleBin emptied: 110250163 bytes
 
Total Files Cleaned = 3.448,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andrea
->Flash cache emptied: 0 bytes
 
User: Chris
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Susi
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_172752

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

PendingFileRenameOperations files...
File C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

Registry entries deleted on Reboot...
Mit freundlichen Grüßen
Chris

cosinus 16.07.2012 22:02
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

cdtueb 18.07.2012 11:59
Hier der Report

Code:
12:51:50.0087 6112        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
12:51:50.0214 6112        ============================================================
12:51:50.0214 6112        Current date / time: 2012/07/18 12:51:50.0214
12:51:50.0215 6112        SystemInfo:
12:51:50.0215 6112       
12:51:50.0215 6112        OS Version: 6.0.6002 ServicePack: 2.0
12:51:50.0215 6112        Product type: Workstation
12:51:50.0215 6112        ComputerName: SUSISPC
12:51:50.0215 6112        UserName: Susi
12:51:50.0215 6112        Windows directory: C:\Windows
12:51:50.0215 6112        System windows directory: C:\Windows
12:51:50.0215 6112        Processor architecture: Intel x86
12:51:50.0215 6112        Number of processors: 2
12:51:50.0215 6112        Page size: 0x1000
12:51:50.0215 6112        Boot type: Normal boot
12:51:50.0215 6112        ============================================================
12:51:52.0374 6112        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:52.0392 6112        ============================================================
12:51:52.0392 6112        \Device\Harddisk0\DR0:
12:51:52.0392 6112        MBR partitions:
12:51:52.0392 6112        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48054800
12:51:52.0422 6112        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805503F, BlocksNum 0x2801E82
12:51:52.0422 6112        ============================================================
12:51:52.0460 6112        C: <-> \Device\Harddisk0\DR0\Partition0
12:51:52.0478 6112        D: <-> \Device\Harddisk0\DR0\Partition1
12:51:52.0478 6112        ============================================================
12:51:52.0478 6112        Initialize success
12:51:52.0478 6112        ============================================================
12:53:00.0912 4460        ============================================================
12:53:00.0912 4460        Scan started
12:53:00.0912 4460        Mode: Manual; SigCheck; TDLFS;
12:53:00.0912 4460        ============================================================
12:53:03.0830 4460        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:53:03.0997 4460        ACPI - ok
12:53:04.0490 4460        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:53:04.0508 4460        AdobeARMservice - ok
12:53:05.0136 4460        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:05.0159 4460        AdobeFlashPlayerUpdateSvc - ok
12:53:05.0382 4460        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:53:05.0412 4460        adp94xx - ok
12:53:05.0442 4460        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:53:05.0472 4460        adpahci - ok
12:53:05.0850 4460        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:53:05.0883 4460        adpu160m - ok
12:53:06.0201 4460        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:53:06.0226 4460        adpu320 - ok
12:53:06.0308 4460        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:53:06.0432 4460        AeLookupSvc - ok
12:53:06.0495 4460        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:53:06.0566 4460        AFD - ok
12:53:06.0616 4460        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:53:06.0637 4460        agp440 - ok
12:53:06.0697 4460        ahcix86s        (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
12:53:06.0723 4460        ahcix86s - ok
12:53:07.0035 4460        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:53:07.0070 4460        aic78xx - ok
12:53:07.0257 4460        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:53:07.0401 4460        ALG - ok
12:53:07.0550 4460        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:53:07.0581 4460        aliide - ok
12:53:07.0640 4460        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:53:07.0662 4460        amdagp - ok
12:53:07.0771 4460        amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
12:53:07.0786 4460        amdide - ok
12:53:07.0830 4460        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:53:07.0888 4460        AmdK7 - ok
12:53:08.0096 4460        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:53:08.0167 4460        AmdK8 - ok
12:53:08.0421 4460        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:53:08.0441 4460        AntiVirSchedulerService - ok
12:53:08.0521 4460        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:53:08.0540 4460        AntiVirService - ok
12:53:08.0626 4460        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:53:08.0707 4460        Appinfo - ok
12:53:08.0734 4460        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:53:08.0757 4460        arc - ok
12:53:08.0794 4460        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:53:08.0817 4460        arcsas - ok
12:53:08.0857 4460        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:08.0915 4460        AsyncMac - ok
12:53:09.0086 4460        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:53:09.0107 4460        atapi - ok
12:53:09.0469 4460        Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
12:53:09.0616 4460        Ati External Event Utility - ok
12:53:11.0169 4460        atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:11.0806 4460        atikmdag - ok
12:53:12.0299 4460        AtiPcie        (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:53:12.0315 4460        AtiPcie - ok
12:53:12.0408 4460        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:12.0483 4460        AudioEndpointBuilder - ok
12:53:12.0491 4460        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:12.0528 4460        Audiosrv - ok
12:53:12.0607 4460        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
12:53:12.0627 4460        avgntflt - ok
12:53:12.0667 4460        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
12:53:12.0688 4460        avipbb - ok
12:53:12.0883 4460        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:53:12.0901 4460        avkmgr - ok
12:53:13.0012 4460        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:53:13.0103 4460        Beep - ok
12:53:13.0330 4460        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:53:13.0424 4460        BFE - ok
12:53:13.0678 4460        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:53:13.0773 4460        BITS - ok
12:53:14.0221 4460        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:53:14.0434 4460        blbdrive - ok
12:53:14.0956 4460        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:53:15.0040 4460        bowser - ok
12:53:15.0105 4460        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:53:15.0136 4460        BrFiltLo - ok
12:53:15.0227 4460        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:53:15.0297 4460        BrFiltUp - ok
12:53:16.0150 4460        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:53:16.0256 4460        Browser - ok
12:53:16.0884 4460        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:53:17.0158 4460        Brserid - ok
12:53:17.0672 4460        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:53:17.0756 4460        BrSerWdm - ok
12:53:17.0876 4460        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:53:18.0010 4460        BrUsbMdm - ok
12:53:18.0146 4460        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:53:18.0299 4460        BrUsbSer - ok
12:53:18.0342 4460        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:53:18.0443 4460        BTHMODEM - ok
12:53:18.0504 4460        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:18.0555 4460        cdfs - ok
12:53:18.0609 4460        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:18.0659 4460        cdrom - ok
12:53:18.0710 4460        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:53:18.0768 4460        CertPropSvc - ok
12:53:19.0005 4460        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:53:19.0090 4460        circlass - ok
12:53:19.0440 4460        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:53:19.0480 4460        CLFS - ok
12:53:20.0543 4460        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:20.0594 4460        clr_optimization_v2.0.50727_32 - ok
12:53:21.0000 4460        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:21.0040 4460        clr_optimization_v4.0.30319_32 - ok
12:53:21.0236 4460        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:53:21.0336 4460        cmdide - ok
12:53:21.0426 4460        cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
12:53:21.0507 4460        cmnsusbser - ok
12:53:21.0539 4460        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
12:53:21.0560 4460        Compbatt - ok
12:53:21.0565 4460        COMSysApp - ok
12:53:21.0747 4460        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:53:21.0768 4460        crcdisk - ok
12:53:21.0861 4460        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:53:21.0921 4460        Crusoe - ok
12:53:22.0187 4460        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:53:22.0278 4460        CryptSvc - ok
12:53:22.0648 4460        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:53:22.0741 4460        DcomLaunch - ok
12:53:23.0159 4460        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:53:23.0231 4460        DfsC - ok
12:53:24.0136 4460        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:53:24.0368 4460        DFSR - ok
12:53:24.0698 4460        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:53:24.0756 4460        Dhcp - ok
12:53:24.0874 4460        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:53:24.0901 4460        disk - ok
12:53:24.0968 4460        DNIMp50        (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
12:53:24.0980 4460        DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
12:53:24.0981 4460        DNIMp50 - detected UnsignedFile.Multi.Generic (1)
12:53:25.0041 4460        DNISp50        (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
12:53:25.0063 4460        DNISp50 ( UnsignedFile.Multi.Generic ) - warning
12:53:25.0063 4460        DNISp50 - detected UnsignedFile.Multi.Generic (1)
12:53:25.0116 4460        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:53:25.0163 4460        Dnscache - ok
12:53:25.0226 4460        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:53:25.0317 4460        dot3svc - ok
12:53:25.0371 4460        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:53:25.0435 4460        DPS - ok
12:53:25.0489 4460        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:53:25.0525 4460        drmkaud - ok
12:53:26.0340 4460        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:26.0401 4460        DXGKrnl - ok
12:53:26.0462 4460        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:53:26.0556 4460        E1G60 - ok
12:53:26.0642 4460        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:53:26.0678 4460        EapHost - ok
12:53:26.0748 4460        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:53:26.0771 4460        Ecache - ok
12:53:27.0189 4460        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:53:27.0344 4460        ehRecvr - ok
12:53:27.0374 4460        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:53:27.0420 4460        ehSched - ok
12:53:27.0492 4460        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:53:27.0529 4460        ehstart - ok
12:53:27.0597 4460        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:53:27.0635 4460        elxstor - ok
12:53:29.0215 4460        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:53:29.0347 4460        EMDMgmt - ok
12:53:30.0033 4460        EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
12:53:30.0091 4460        EPSON_EB_RPCV4_01 - ok
12:53:30.0481 4460        EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
12:53:30.0530 4460        EPSON_PM_RPCV4_01 - ok
12:53:30.0571 4460        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:53:30.0611 4460        ErrDev - ok
12:53:31.0106 4460        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:53:31.0158 4460        EventSystem - ok
12:53:31.0248 4460        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:53:31.0349 4460        exfat - ok
12:53:31.0835 4460        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:53:31.0909 4460        fastfat - ok
12:53:31.0957 4460        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:53:32.0006 4460        fdc - ok
12:53:32.0029 4460        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:53:32.0070 4460        fdPHost - ok
12:53:32.0180 4460        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:53:32.0262 4460        FDResPub - ok
12:53:32.0362 4460        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:53:32.0383 4460        FileInfo - ok
12:53:32.0501 4460        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:53:32.0567 4460        Filetrace - ok
12:53:32.0627 4460        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:32.0685 4460        flpydisk - ok
12:53:33.0156 4460        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:53:33.0183 4460        FltMgr - ok
12:53:33.0397 4460        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:53:33.0468 4460        FontCache - ok
12:53:33.0851 4460        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:33.0876 4460        FontCache3.0.0.0 - ok
12:53:33.0917 4460        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:33.0991 4460        Fs_Rec - ok
12:53:34.0264 4460        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:53:34.0299 4460        gagp30kx - ok
12:53:34.0580 4460        GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:53:34.0597 4460        GoogleDesktopManager-051210-111108 - ok
12:53:36.0134 4460        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:53:36.0217 4460        gpsvc - ok
12:53:36.0393 4460        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:53:36.0416 4460        gusvc - ok
12:53:36.0780 4460        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:53:36.0887 4460        HdAudAddService - ok
12:53:37.0194 4460        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:37.0325 4460        HDAudBus - ok
12:53:37.0425 4460        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:53:37.0523 4460        HidBth - ok
12:53:37.0547 4460        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:53:37.0622 4460        HidIr - ok
12:53:37.0650 4460        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:53:37.0696 4460        hidserv - ok
12:53:37.0752 4460        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:53:37.0816 4460        HidUsb - ok
12:53:38.0121 4460        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:53:38.0178 4460        hkmsvc - ok
12:53:38.0435 4460        HotspotShieldService (7dd31c0d40edef77036aca98a109cce2) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
12:53:38.0493 4460        HotspotShieldService ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0493 4460        HotspotShieldService - detected UnsignedFile.Multi.Generic (1)
12:53:38.0682 4460        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:53:38.0710 4460        HpCISSs - ok
12:53:38.0814 4460        HssDrv          (0d6b32306c362750ec6576f1d90c52f7) C:\Windows\system32\DRIVERS\HssDrv.sys
12:53:38.0830 4460        HssDrv - ok
12:53:38.0884 4460        HssSrv          (5036ca3f9101df26931f177746a7f7de) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
12:53:38.0940 4460        HssSrv ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0940 4460        HssSrv - detected UnsignedFile.Multi.Generic (1)
12:53:38.0963 4460        HssTrayService  (6f0928f669e3dbf353446a7c09a1f08b) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
12:53:38.0999 4460        HssTrayService ( UnsignedFile.Multi.Generic ) - warning
12:53:38.0999 4460        HssTrayService - detected UnsignedFile.Multi.Generic (1)
12:53:39.0021 4460        HssWd - ok
12:53:39.0077 4460        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:53:39.0189 4460        HTTP - ok
12:53:39.0209 4460        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:53:39.0250 4460        i2omp - ok
12:53:39.0302 4460        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:39.0346 4460        i8042prt - ok
12:53:39.0463 4460        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:53:39.0505 4460        iaStorV - ok
12:53:40.0538 4460        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:40.0631 4460        idsvc - ok
12:53:40.0847 4460        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:53:40.0868 4460        iirsp - ok
12:53:41.0584 4460        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:53:41.0645 4460        IKEEXT - ok
12:53:42.0639 4460        IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
12:53:42.0810 4460        IntcAzAudAddService - ok
12:53:43.0545 4460        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:53:43.0567 4460        intelide - ok
12:53:43.0615 4460        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:43.0666 4460        intelppm - ok
12:53:44.0046 4460        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:53:44.0120 4460        IPBusEnum - ok
12:53:44.0282 4460        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:44.0354 4460        IpFilterDriver - ok
12:53:44.0561 4460        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:53:44.0645 4460        iphlpsvc - ok
12:53:44.0651 4460        IpInIp - ok
12:53:44.0798 4460        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:53:44.0856 4460        IPMIDRV - ok
12:53:44.0966 4460        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:53:45.0012 4460        IPNAT - ok
12:53:45.0042 4460        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:53:45.0082 4460        IRENUM - ok
12:53:45.0165 4460        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:53:45.0189 4460        isapnp - ok
12:53:45.0250 4460        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:45.0281 4460        iScsiPrt - ok
12:53:45.0322 4460        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:53:45.0355 4460        iteatapi - ok
12:53:45.0451 4460        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:53:45.0481 4460        iteraid - ok
12:53:46.0333 4460        jswpsapi        (78d233d835a8876035ac559afe02b940) C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
12:53:46.0654 4460        jswpsapi ( UnsignedFile.Multi.Generic ) - warning
12:53:46.0655 4460        jswpsapi - detected UnsignedFile.Multi.Generic (1)
12:53:46.0747 4460        jswpslwf        (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
12:53:46.0802 4460        jswpslwf - ok
12:53:46.0902 4460        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:46.0922 4460        kbdclass - ok
12:53:46.0973 4460        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:47.0038 4460        kbdhid - ok
12:53:47.0120 4460        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:47.0181 4460        KeyIso - ok
12:53:47.0417 4460        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
12:53:47.0453 4460        KSecDD - ok
12:53:47.0529 4460        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:53:47.0613 4460        KtmRm - ok
12:53:47.0684 4460        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:53:47.0751 4460        LanmanServer - ok
12:53:47.0814 4460        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:53:47.0867 4460        LanmanWorkstation - ok
12:53:47.0895 4460        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:47.0949 4460        lltdio - ok
12:53:48.0000 4460        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:53:48.0089 4460        lltdsvc - ok
12:53:48.0137 4460        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:53:48.0215 4460        lmhosts - ok
12:53:48.0430 4460        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:53:48.0456 4460        LSI_FC - ok
12:53:48.0480 4460        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:53:48.0503 4460        LSI_SAS - ok
12:53:48.0546 4460        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:53:48.0569 4460        LSI_SCSI - ok
12:53:48.0597 4460        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:53:48.0689 4460        luafv - ok
12:53:48.0782 4460        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
12:53:48.0799 4460        LVPr2Mon - ok
12:53:48.0898 4460        LVPrcMon        (4fd5a6335fb4fc1f758088b2f90613fe) C:\Windows\system32\drivers\LVPrcMon.sys
12:53:48.0917 4460        LVPrcMon ( UnsignedFile.Multi.Generic ) - warning
12:53:48.0917 4460        LVPrcMon - detected UnsignedFile.Multi.Generic (1)
12:53:49.0041 4460        LVPrcSrv        (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:53:49.0059 4460        LVPrcSrv - ok
12:53:49.0193 4460        LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
12:53:49.0214 4460        LVRS - ok
12:53:49.0309 4460        LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
12:53:49.0326 4460        LVUSBSta - ok
12:53:49.0405 4460        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:53:49.0425 4460        MBAMProtector - ok
12:53:50.0113 4460        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:50.0150 4460        MBAMService - ok
12:53:50.0308 4460        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:53:50.0349 4460        Mcx2Svc - ok
12:53:50.0392 4460        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:53:50.0406 4460        megasas - ok
12:53:50.0992 4460        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:53:51.0027 4460        MegaSR - ok
12:53:51.0239 4460        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:53:51.0304 4460        MMCSS - ok
12:53:51.0424 4460        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:53:51.0494 4460        Modem - ok
12:53:51.0550 4460        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:53:51.0591 4460        monitor - ok
12:53:51.0762 4460        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:53:51.0783 4460        mouclass - ok
12:53:51.0946 4460        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:51.0987 4460        mouhid - ok
12:53:52.0244 4460        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:53:52.0271 4460        MountMgr - ok
12:53:52.0629 4460        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:53:52.0679 4460        MozillaMaintenance - ok
12:53:52.0737 4460        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:53:52.0764 4460        mpio - ok
12:53:52.0906 4460        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:53:52.0951 4460        mpsdrv - ok
12:53:53.0033 4460        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:53:53.0099 4460        MpsSvc - ok
12:53:53.0147 4460        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:53:53.0167 4460        Mraid35x - ok
12:53:53.0266 4460        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:53:53.0305 4460        MRxDAV - ok
12:53:53.0677 4460        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:53.0725 4460        mrxsmb - ok
12:53:53.0980 4460        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:54.0060 4460        mrxsmb10 - ok
12:53:54.0346 4460        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:54.0384 4460        mrxsmb20 - ok
12:53:54.0561 4460        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
12:53:54.0589 4460        msahci - ok
12:53:54.0833 4460        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:53:54.0864 4460        msdsm - ok
12:53:54.0951 4460        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:53:55.0000 4460        MSDTC - ok
12:53:55.0099 4460        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:53:55.0169 4460        Msfs - ok
12:53:55.0213 4460        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:53:55.0234 4460        msisadrv - ok
12:53:55.0707 4460        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:53:55.0780 4460        MSiSCSI - ok
12:53:55.0785 4460        msiserver - ok
12:53:55.0839 4460        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:55.0895 4460        MSKSSRV - ok
12:53:55.0942 4460        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:55.0996 4460        MSPCLOCK - ok
12:53:56.0011 4460        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:53:56.0052 4460        MSPQM - ok
12:53:56.0143 4460        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:53:56.0157 4460        MsRPC - ok
12:53:56.0310 4460        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:56.0321 4460        mssmbios - ok
12:53:56.0337 4460        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:53:56.0360 4460        MSTEE - ok
12:53:56.0385 4460        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:53:56.0397 4460        Mup - ok
12:53:56.0964 4460        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:53:57.0057 4460        napagent - ok
12:53:57.0565 4460        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:57.0591 4460        NativeWifiP - ok
12:53:57.0670 4460        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:53:57.0707 4460        NDIS - ok
12:53:57.0806 4460        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:57.0876 4460        NdisTapi - ok
12:53:57.0964 4460        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:58.0016 4460        Ndisuio - ok
12:53:58.0067 4460        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:58.0148 4460        NdisWan - ok
12:53:58.0197 4460        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:53:58.0228 4460        NDProxy - ok
12:53:58.0786 4460        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
12:53:58.0840 4460        Nero BackItUp Scheduler 3 - ok
12:53:58.0965 4460        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:53:59.0025 4460        NetBIOS - ok
12:53:59.0322 4460        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:53:59.0388 4460        netbt - ok
12:53:59.0432 4460        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:59.0451 4460        Netlogon - ok
12:53:59.0732 4460        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:53:59.0795 4460        Netman - ok
12:54:00.0095 4460        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:54:00.0191 4460        netprofm - ok
12:54:00.0502 4460        netr28u        (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
12:54:00.0617 4460        netr28u - ok
12:54:01.0044 4460        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:01.0065 4460        NetTcpPortSharing - ok
12:54:01.0208 4460        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:54:01.0228 4460        nfrd960 - ok
12:54:01.0377 4460        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:54:01.0428 4460        NlaSvc - ok
12:54:02.0301 4460        NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
12:54:02.0352 4460        NMIndexingService - ok
12:54:02.0388 4460        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:54:02.0419 4460        Npfs - ok
12:54:02.0565 4460        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:54:02.0642 4460        nsi - ok
12:54:02.0675 4460        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:54:02.0731 4460        nsiproxy - ok
12:54:03.0814 4460        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:54:03.0882 4460        Ntfs - ok
12:54:04.0115 4460        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:54:04.0169 4460        ntrigdigi - ok
12:54:04.0205 4460        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:54:04.0271 4460        Null - ok
12:54:04.0386 4460        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:54:04.0410 4460        nvraid - ok
12:54:04.0594 4460        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:54:04.0622 4460        nvstor - ok
12:54:04.0830 4460        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:54:04.0854 4460        nv_agp - ok
12:54:04.0862 4460        NwlnkFlt - ok
12:54:04.0871 4460        NwlnkFwd - ok
12:54:06.0669 4460        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:06.0745 4460        odserv - ok
12:54:06.0906 4460        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:54:06.0961 4460        ohci1394 - ok
12:54:07.0253 4460        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:07.0274 4460        ose - ok
12:54:07.0350 4460        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:07.0516 4460        p2pimsvc - ok
12:54:07.0528 4460        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:07.0566 4460        p2psvc - ok
12:54:07.0633 4460        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:54:07.0709 4460        Parport - ok
12:54:07.0753 4460        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:54:07.0775 4460        partmgr - ok
12:54:07.0801 4460        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:54:07.0891 4460        Parvdm - ok
12:54:07.0981 4460        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:54:08.0033 4460        PcaSvc - ok
12:54:08.0208 4460        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:54:08.0233 4460        pci - ok
12:54:08.0277 4460        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:54:08.0298 4460        pciide - ok
12:54:08.0697 4460        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:54:08.0721 4460        pcmcia - ok
12:54:09.0794 4460        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:54:09.0908 4460        PEAUTH - ok
12:54:10.0073 4460        pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
12:54:10.0089 4460        pepifilter - ok
12:54:10.0572 4460        PID_08A0        (36eddcefdd036fffa95aa84d1645dd67) C:\Windows\system32\DRIVERS\LV302AV.SYS
12:54:10.0682 4460        PID_08A0 - ok
12:54:11.0535 4460        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
12:54:11.0723 4460        PID_PEPI - ok
12:54:13.0363 4460        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:54:13.0477 4460        pla - ok
12:54:14.0373 4460        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
12:54:14.0415 4460        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:54:14.0415 4460        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:54:14.0695 4460        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:54:14.0741 4460        PlugPlay - ok
12:54:14.0951 4460        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:15.0013 4460        PNRPAutoReg - ok
12:54:15.0023 4460        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:54:15.0063 4460        PNRPsvc - ok
12:54:15.0311 4460        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:54:15.0422 4460        PolicyAgent - ok
12:54:15.0760 4460        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:54:15.0820 4460        PptpMiniport - ok
12:54:16.0005 4460        PRISM_USB      (d3f3b511e2ce1e385c68c9881ad5b867) C:\Windows\system32\DRIVERS\PRISMUSB.sys
12:54:16.0122 4460        PRISM_USB - ok
12:54:16.0280 4460        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
12:54:16.0315 4460        Processor - ok
12:54:16.0354 4460        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:54:16.0419 4460        ProfSvc - ok
12:54:16.0509 4460        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:54:16.0520 4460        ProtectedStorage - ok
12:54:16.0759 4460        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:54:16.0826 4460        PSched - ok
12:54:16.0889 4460        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:54:16.0906 4460        PxHelp20 - ok
12:54:17.0095 4460        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:54:17.0140 4460        ql2300 - ok
12:54:17.0231 4460        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:54:17.0243 4460        ql40xx - ok
12:54:17.0382 4460        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:54:17.0568 4460        QWAVE - ok
12:54:17.0629 4460        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:54:17.0682 4460        QWAVEdrv - ok
12:54:17.0703 4460        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:54:17.0759 4460        RasAcd - ok
12:54:17.0780 4460        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:54:17.0838 4460        RasAuto - ok
12:54:17.0935 4460        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:17.0968 4460        Rasl2tp - ok
12:54:18.0060 4460        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:54:18.0113 4460        RasMan - ok
12:54:18.0157 4460        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:18.0207 4460        RasPppoe - ok
12:54:18.0388 4460        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:54:18.0445 4460        RasSstp - ok
12:54:18.0490 4460        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:54:18.0526 4460        rdbss - ok
12:54:18.0549 4460        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:18.0590 4460        RDPCDD - ok
12:54:18.0623 4460        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:54:18.0662 4460        rdpdr - ok
12:54:18.0665 4460        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:54:18.0689 4460        RDPENCDD - ok
12:54:18.0754 4460        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:54:18.0809 4460        RDPWD - ok
12:54:18.0848 4460        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:54:18.0872 4460        RemoteAccess - ok
12:54:18.0932 4460        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:54:18.0972 4460        RemoteRegistry - ok
12:54:19.0196 4460        RichVideo      (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
12:54:19.0216 4460        RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:54:19.0216 4460        RichVideo - detected UnsignedFile.Multi.Generic (1)
12:54:19.0243 4460        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:54:19.0262 4460        RpcLocator - ok
12:54:19.0313 4460        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:54:19.0341 4460        RpcSs - ok
12:54:19.0373 4460        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:54:19.0410 4460        rspndr - ok
12:54:19.0581 4460        RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
12:54:19.0634 4460        RTHDMIAzAudService - ok
12:54:19.0731 4460        RTL8169        (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:54:19.0744 4460        RTL8169 - ok
12:54:19.0822 4460        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:54:19.0836 4460        SamSs - ok
12:54:19.0876 4460        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:54:19.0891 4460        sbp2port - ok
12:54:19.0967 4460        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:54:20.0016 4460        SCardSvr - ok
12:54:20.0083 4460        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:54:20.0145 4460        Schedule - ok
12:54:20.0175 4460        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:54:20.0191 4460        SCPolicySvc - ok
12:54:20.0340 4460        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:54:20.0364 4460        SDRSVC - ok
12:54:20.0389 4460        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:54:20.0452 4460        secdrv - ok
12:54:20.0517 4460        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:54:20.0563 4460        seclogon - ok
12:54:20.0580 4460        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:54:20.0613 4460        SENS - ok
12:54:20.0635 4460        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:54:20.0673 4460        Serenum - ok
12:54:20.0711 4460        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:54:20.0744 4460        Serial - ok
12:54:20.0809 4460        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:54:20.0832 4460        sermouse - ok
12:54:20.0945 4460        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:54:20.0987 4460        SessionEnv - ok
12:54:21.0009 4460        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:54:21.0038 4460        sffdisk - ok
12:54:21.0055 4460        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:54:21.0086 4460        sffp_mmc - ok
12:54:21.0123 4460        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:54:21.0163 4460        sffp_sd - ok
12:54:21.0195 4460        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:54:21.0243 4460        sfloppy - ok
12:54:21.0272 4460        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:54:21.0314 4460        SharedAccess - ok
12:54:21.0594 4460        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:54:21.0686 4460        ShellHWDetection - ok
12:54:21.0729 4460        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:54:21.0752 4460        sisagp - ok
12:54:21.0812 4460        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:54:21.0851 4460        SiSRaid2 - ok
12:54:21.0877 4460        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:54:21.0903 4460        SiSRaid4 - ok
12:54:22.0156 4460        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:54:22.0349 4460        slsvc - ok
12:54:22.0561 4460        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:54:22.0597 4460        SLUINotify - ok
12:54:22.0773 4460        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:54:22.0840 4460        Smb - ok
12:54:22.0917 4460        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:54:22.0942 4460        SNMPTRAP - ok
12:54:23.0035 4460        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:54:23.0047 4460        spldr - ok
12:54:23.0177 4460        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:54:23.0207 4460        Spooler - ok
12:54:23.0319 4460        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:54:23.0382 4460        srv - ok
12:54:23.0543 4460        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:54:23.0617 4460        srv2 - ok
12:54:23.0720 4460        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:54:23.0756 4460        srvnet - ok
12:54:23.0812 4460        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:54:23.0891 4460        SSDPSRV - ok
12:54:24.0008 4460        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:54:24.0024 4460        ssmdrv - ok
12:54:24.0059 4460        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:54:24.0082 4460        SstpSvc - ok
12:54:24.0192 4460        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:54:24.0247 4460        stisvc - ok
12:54:24.0346 4460        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:54:24.0367 4460        swenum - ok
12:54:24.0409 4460        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:54:24.0504 4460        swprv - ok
12:54:24.0558 4460        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:54:24.0570 4460        Symc8xx - ok
12:54:24.0611 4460        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:54:24.0630 4460        Sym_hi - ok
12:54:24.0671 4460        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:54:24.0690 4460        Sym_u3 - ok
12:54:24.0864 4460        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:54:24.0998 4460        SysMain - ok
12:54:25.0082 4460        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:54:25.0165 4460        TabletInputService - ok
12:54:25.0305 4460        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
12:54:25.0328 4460        taphss - ok
12:54:25.0375 4460        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:54:25.0434 4460        TapiSrv - ok
12:54:25.0447 4460        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:54:25.0488 4460        TBS - ok
12:54:25.0593 4460        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
12:54:25.0694 4460        Tcpip - ok
12:54:25.0719 4460        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
12:54:25.0791 4460        Tcpip6 - ok
12:54:25.0924 4460        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:54:26.0005 4460        tcpipreg - ok
12:54:26.0072 4460        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:54:26.0114 4460        TDPIPE - ok
12:54:26.0168 4460        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:54:26.0210 4460        TDTCP - ok
12:54:26.0356 4460        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:54:26.0428 4460        tdx - ok
12:54:26.0467 4460        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:54:26.0489 4460        TermDD - ok
12:54:26.0623 4460        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:54:26.0763 4460        TermService - ok
12:54:26.0817 4460        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:54:26.0843 4460        Themes - ok
12:54:26.0975 4460        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:54:27.0018 4460        THREADORDER - ok
12:54:27.0074 4460        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:54:27.0121 4460        TrkWks - ok
12:54:27.0261 4460        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:54:27.0299 4460        TrustedInstaller - ok
12:54:27.0358 4460        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:27.0381 4460        tssecsrv - ok
12:54:27.0401 4460        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:54:27.0437 4460        tunmp - ok
12:54:27.0465 4460        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:54:27.0477 4460        tunnel - ok
12:54:27.0516 4460        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:54:27.0528 4460        uagp35 - ok
12:54:27.0579 4460        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:54:27.0602 4460        udfs - ok
12:54:27.0641 4460        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:54:27.0676 4460        UI0Detect - ok
12:54:27.0791 4460        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:54:27.0814 4460        uliagpkx - ok
12:54:27.0961 4460        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:54:27.0989 4460        uliahci - ok
12:54:28.0014 4460        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:54:28.0036 4460        UlSata - ok
12:54:28.0054 4460        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:54:28.0077 4460        ulsata2 - ok
12:54:28.0100 4460        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:54:28.0124 4460        umbus - ok
12:54:28.0214 4460        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:54:28.0275 4460        upnphost - ok
12:54:28.0311 4460        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:54:28.0358 4460        usbaudio - ok
12:54:28.0406 4460        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:28.0441 4460        usbccgp - ok
12:54:28.0467 4460        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:54:28.0525 4460        usbcir - ok
12:54:28.0563 4460        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:54:28.0592 4460        usbehci - ok
12:54:28.0799 4460        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:54:28.0875 4460        usbhub - ok
12:54:28.0920 4460        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:54:29.0001 4460        usbohci - ok
12:54:29.0037 4460        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:54:29.0078 4460        usbprint - ok
12:54:29.0138 4460        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:54:29.0190 4460        usbscan - ok
12:54:29.0264 4460        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:29.0307 4460        USBSTOR - ok
12:54:29.0336 4460        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:54:29.0379 4460        usbuhci - ok
12:54:29.0490 4460        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:54:29.0526 4460        UxSms - ok
12:54:29.0677 4460        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:54:29.0757 4460        vds - ok
12:54:29.0782 4460        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:29.0838 4460        vga - ok
12:54:29.0935 4460        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:54:29.0977 4460        VgaSave - ok
12:54:30.0015 4460        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:54:30.0038 4460        viaagp - ok
12:54:30.0061 4460        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:54:30.0126 4460        ViaC7 - ok
12:54:30.0170 4460        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:54:30.0192 4460        viaide - ok
12:54:30.0317 4460        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:54:30.0339 4460        volmgr - ok
12:54:30.0510 4460        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:54:30.0619 4460        volmgrx - ok
12:54:30.0767 4460        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:54:30.0828 4460        volsnap - ok
12:54:30.0865 4460        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:54:30.0890 4460        vsmraid - ok
12:54:31.0396 4460        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:54:31.0557 4460        VSS - ok
12:54:31.0699 4460        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:54:31.0722 4460        W32Time - ok
12:54:31.0787 4460        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:54:31.0847 4460        WacomPen - ok
12:54:31.0864 4460        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:31.0882 4460        Wanarp - ok
12:54:31.0887 4460        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:31.0907 4460        Wanarpv6 - ok
12:54:32.0013 4460        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:54:32.0041 4460        wcncsvc - ok
12:54:32.0154 4460        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:54:32.0175 4460        WcsPlugInService - ok
12:54:32.0269 4460        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:54:32.0295 4460        Wd - ok
12:54:32.0383 4460        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:54:32.0473 4460        Wdf01000 - ok
12:54:32.0545 4460        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:32.0605 4460        WdiServiceHost - ok
12:54:32.0610 4460        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:32.0661 4460        WdiSystemHost - ok
12:54:32.0796 4460        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:54:32.0852 4460        WebClient - ok
12:54:32.0918 4460        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:54:32.0992 4460        Wecsvc - ok
12:54:33.0006 4460        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:54:33.0074 4460        wercplsupport - ok
12:54:33.0112 4460        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:54:33.0149 4460        WerSvc - ok
12:54:33.0341 4460        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:54:33.0356 4460        WinDefend - ok
12:54:33.0365 4460        WinHttpAutoProxySvc - ok
12:54:33.0530 4460        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:54:33.0563 4460        Winmgmt - ok
12:54:33.0968 4460        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:54:34.0103 4460        WinRM - ok
12:54:34.0209 4460        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:54:34.0281 4460        Wlansvc - ok
12:54:34.0337 4460        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
12:54:34.0374 4460        WmiAcpi - ok
12:54:34.0519 4460        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:54:34.0538 4460        wmiApSrv - ok
12:54:34.0773 4460        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:34.0862 4460        WMPNetworkSvc - ok
12:54:35.0046 4460        WN111v2        (bdd5c936c2c3ebf4ad3cc61cefdc5806) C:\Windows\system32\DRIVERS\WN111v2v.sys
12:54:35.0166 4460        WN111v2 - ok
12:54:35.0200 4460        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:54:35.0281 4460        WPCSvc - ok
12:54:35.0366 4460        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:54:35.0426 4460        WPDBusEnum - ok
12:54:35.0485 4460        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:54:35.0505 4460        WpdUsb - ok
12:54:36.0100 4460        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:54:36.0187 4460        WPFFontCache_v0400 - ok
12:54:36.0219 4460        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:54:36.0275 4460        ws2ifsl - ok
12:54:36.0349 4460        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:54:36.0387 4460        wscsvc - ok
12:54:36.0394 4460        WSearch - ok
12:54:36.0771 4460        WTGService      (62ebaacc7e419e85584e49658eef7b37) C:\Program Files\XSManager\WTGService.exe
12:54:36.0794 4460        WTGService - ok
12:54:37.0169 4460        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:54:37.0245 4460        wuauserv - ok
12:54:37.0479 4460        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:37.0568 4460        WUDFRd - ok
12:54:37.0713 4460        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:54:37.0781 4460        wudfsvc - ok
12:54:37.0823 4460        XS Stick Service (5bf0cdb3a02cbd9a2fcd98d38d8a8572) C:\Windows\service4g.exe
12:54:37.0842 4460        XS Stick Service - ok
12:54:38.0048 4460        YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:54:38.0075 4460        YahooAUService - ok
12:54:38.0138 4460        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:54:38.0824 4460        \Device\Harddisk0\DR0 - ok
12:54:38.0830 4460        Boot (0x1200)  (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0
12:54:38.0855 4460        \Device\Harddisk0\DR0\Partition0 - ok
12:54:38.0896 4460        Boot (0x1200)  (5c324b6b78203c724aad42907fead98b) \Device\Harddisk0\DR0\Partition1
12:54:38.0920 4460        \Device\Harddisk0\DR0\Partition1 - ok
12:54:38.0921 4460        ============================================================
12:54:38.0921 4460        Scan finished
12:54:38.0921 4460        ============================================================
12:54:38.0943 4552        Detected object count: 9
12:54:38.0943 4552        Actual detected object count: 9
12:58:48.0699 4552        DNIMp50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0699 4552        DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0703 4552        DNISp50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0703 4552        DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0705 4552        HotspotShieldService ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0705 4552        HotspotShieldService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0708 4552        HssSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0708 4552        HssSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0711 4552        HssTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0711 4552        HssTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0714 4552        jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0714 4552        jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0717 4552        LVPrcMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0717 4552        LVPrcMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0719 4552        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0719 4552        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:48.0722 4552        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:48.0722 4552        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 18.07.2012 19:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

cdtueb 20.07.2012 08:10
Hier der nächste Log:

Code:
ComboFix 12-07-19.02 - Susi 20.07.2012  8:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3325.1995 [GMT 2:00]
ausgeführt von:: c:\users\Susi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Susi\TEMP_PRJ.TMP
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!atapi.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 06:53 . 2012-07-20 06:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-20 06:53 . 2012-07-20 06:53        --------        d-----w-        c:\users\Chris\AppData\Local\temp
2012-07-20 06:53 . 2012-07-20 06:53        --------        d-----w-        c:\users\Andrea\AppData\Local\temp
2012-07-18 16:39 . 2012-07-18 16:54        --------        d-----w-        c:\users\Chris\AppData\Local\Deployment
2012-07-18 16:39 . 2012-07-18 16:39        --------        d-----w-        c:\users\Chris\AppData\Local\Apps
2012-07-16 15:27 . 2012-07-16 15:27        --------        d-----w-        C:\_OTL
2012-07-14 15:46 . 2012-07-14 15:46        --------        d-----w-        c:\program files\Tracker Software
2012-07-12 05:09 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 06:16 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:16 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 06:16 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 06:16 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:16 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 06:16 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-06 20:06 . 2012-07-06 20:06        --------        d-----w-        c:\program files\ESET
2012-07-06 12:10 . 2012-07-06 12:10        --------        d-----w-        c:\users\Susi\AppData\Roaming\Malwarebytes
2012-07-06 12:10 . 2012-07-06 12:10        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-06 12:10 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 10:02 . 2012-06-24 10:02        --------        d-----w-        c:\users\Susi\AppData\Local\Macromedia
2012-06-21 17:40 . 2012-06-21 17:40        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 17:40 . 2012-06-21 17:40        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 19:56 . 2012-06-01 20:18        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-11 19:56 . 2011-11-23 16:35        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2012-07-20 05:44        6891424        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5048709A-BF77-4022-BA52-A64A71CE7E60}\mpengine.dll        ERROR(0x00000005)
2012-06-29 08:44 . 2008-11-24 09:42        6891424        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)
2012-06-02 22:19 . 2012-06-19 06:34        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:34        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:33        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:33        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 06:34        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 06:34        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 06:33        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 06:33        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 06:33        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-01 14:45 . 2012-06-01 14:45        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-01 14:45 . 2011-09-20 05:43        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-10-03 16:15        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-24 21:18 . 2012-05-24 21:18        4472832        ----a-w-        c:\windows\system32\GPhotos.scr
2012-05-09 06:15 . 2012-01-07 21:19        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-09 06:15 . 2012-01-07 21:19        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-01 14:03 . 2012-06-14 04:54        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 04:54        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 04:54        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 04:54        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-07-20 05:47 . 2011-08-24 09:22        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-17 14:22 . 2011-03-17 14:22        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-17 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"starter4g"="c:\windows\starter4g.exe" [2009-09-17 157968]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-06-27 220552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2009-3-25 1748992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:56]
.
2012-07-20 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-05-15 11:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Susi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Susi\AppData\Roaming\Mozilla\Firefox\Profiles\o0s18t4g.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Duden Korrektor SysTray - c:\program files\Duden\Duden Korrektor\DKTray.exe
HKLM-Run-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\XSManager\WTGService.exe
c:\windows\service4g.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-20  09:06:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-20 07:05
.
Vor Suchlauf: 9 Verzeichnis(se), 371.599.609.856 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 371.541.561.344 Bytes frei
.
- - End Of File - - D925AEC07BF48A30F2417C69B171B480


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:58 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19