Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes hat pup.dealio.tb gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.11.2012, 18:21   #1
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Hallo.
Hab Malwarebytes mal durchlaufen lassen. Es wurde pup.dealio.tb gefunden.
Ich hab immer als Standartbenutzer gearbeitet. System ist stabil.
Logfiles im Anhang.

Dankeschön im Vorraus

Code:
ATTFilter
OTL logfile created on: 03.11.2012 17:41:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\msr\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,42% Memory free
6,49 Gb Paging File | 5,19 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,26 Gb Free Space | 68,91% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,31 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
 
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.03 17:40:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\msr\Downloads\OTL.exe
PRC - [2012.10.31 09:10:13 | 000,046,704 | ---- | M] () -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe
PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.06 12:01:46 | 004,433,408 | ---- | M] (Hollie-Soft) -- C:\Programme\Klebezettel NG\klebez.exe
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.11.05 20:03:49 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.10.20 06:41:51 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.09.22 22:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011.09.22 22:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.09.22 16:00:52 | 002,571,032 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011.08.22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2011.08.22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe
PRC - [2011.08.21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.09.27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.06.29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2009.12.09 03:41:40 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.12.09 03:41:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.26 18:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 06:26:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.15 06:25:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 06:25:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.14 11:25:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 11:24:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 11:24:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 11:24:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 11:24:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.20 06:41:47 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011.10.20 06:41:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.10.19 23:01:02 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:02 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:02 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:01 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:01 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:01 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.10.19 23:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:01 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:00 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:00 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:00 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:00 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.19 23:01:00 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.10.19 23:01:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.10.19 23:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.10.19 23:01:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.10.19 23:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.10.19 23:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.10.19 23:01:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.10.19 23:01:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.10.19 23:00:59 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.10.19 23:00:59 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.10.19 23:00:59 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.10.19 23:00:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.10.19 23:00:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.10.19 23:00:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.10.19 23:00:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.10.19 23:00:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.10.19 23:00:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.10.19 23:00:59 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.10.19 23:00:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.10.19 23:00:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.10.19 23:00:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
MOD - [2011.10.19 23:00:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.09.22 22:20:28 | 011,233,136 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2010.11.24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2008.11.18 13:25:08 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.31 09:10:13 | 000,046,704 | ---- | M] () [Auto | Running] -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe -- (DiinoService)
SRV - [2012.10.09 09:52:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.11.05 20:03:49 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.08.22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2009.12.09 03:41:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\admin\AppData\Local\Temp\pwdyipod.sys -- (pwdyipod)
DRV - [2012.08.21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 10:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.05 20:03:51 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.11.05 20:03:44 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2011.11.05 20:03:40 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.11.05 20:03:32 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.10.20 06:42:00 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2011.10.20 06:41:55 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2011.10.20 06:41:53 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2011.10.20 06:41:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2011.08.22 17:23:36 | 000,055,280 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2011.08.22 17:23:00 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2011.08.22 17:22:44 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd2)
DRV - [2011.08.22 17:22:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011.08.22 15:12:26 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011.08.22 15:12:26 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011.08.21 23:11:22 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.08.21 23:01:24 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010.12.02 22:35:58 | 000,349,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010.09.27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010.09.27 14:24:50 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010.09.03 10:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.12.09 03:41:40 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.11.17 00:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009.09.21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}
IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}
IE - HKCU\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 14:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.22 10:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2012.10.09 09:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SIEMENS AG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.11.03 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 15:30:34 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 15:30:34 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 15:27:43 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.03 15:27:43 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.03 15:27:43 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.03 15:27:43 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 15:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 15:23:15 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini
[2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini
[2012.03.02 07:56:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll
[2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.11.08 23:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Acronis
[2011.11.02 11:33:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ASCOMP Software
[2011.11.06 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileMaker
[2011.11.06 17:27:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ulead Systems
[2011.11.16 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZJMedia
 
========== Purity Check ==========
 
 

< End of report >
         
__________________
Gestern hab ich mir das Internet runtergeladen

Alt 05.11.2012, 15:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden





Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 05.11.2012, 23:24   #3
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 23:06:38
-----------------------------
23:06:38.889 OS Version: Windows 6.1.7601 Service Pack 1
23:06:38.889 Number of processors: 2 586 0x170A
23:06:38.890 ComputerName: OPTIPLEX380 UserName: admin
23:06:43.966 Initialize success
23:06:44.093 AVAST engine defs: 12110500
23:06:47.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:06:47.438 Disk 0 Vendor: WDC_WD3200AAKX-753CA1 19.01H19 Size: 305245MB BusType: 3
23:06:47.443 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
23:06:47.447 Disk 1 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
23:06:47.461 Disk 0 MBR read successfully
23:06:47.466 Disk 0 MBR scan
23:06:47.471 Disk 0 unknown MBR code
23:06:47.477 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:06:47.500 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16538 MB offset 81920
23:06:47.517 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288666 MB offset 33951744
23:06:47.525 Disk 0 scanning sectors +625139712
23:06:47.562 Disk 0 scanning C:\Windows\system32\drivers
23:06:53.722 Service scanning
23:07:07.091 Modules scanning
23:07:30.676 Disk 0 trace - called modules:
23:07:30.693 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys 
23:07:30.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86547400]
23:07:30.701 3 CLASSPNP.SYS[8c5a659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86093030]
23:07:31.116 AVAST engine scan C:\Windows
23:07:32.850 AVAST engine scan C:\Windows\system32
23:09:24.916 AVAST engine scan C:\Windows\system32\drivers
23:09:35.716 AVAST engine scan C:\Users\admin
23:10:08.016 AVAST engine scan C:\ProgramData
23:11:47.969 Scan finished successfully
23:12:52.459 Disk 0 MBR has been saved successfully to "C:\Users\msr\Desktop\MBR.dat"
23:12:52.463 The log file has been saved successfully to "C:\Users\msr\Desktop\aswMBR.txt"
         
Code:
ATTFilter
23:17:04.0334 4748  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:17:04.0468 4748  ============================================================
23:17:04.0468 4748  Current date / time: 2012/11/05 23:17:04.0468
23:17:04.0468 4748  SystemInfo:
23:17:04.0468 4748  
23:17:04.0468 4748  OS Version: 6.1.7601 ServicePack: 1.0
23:17:04.0468 4748  Product type: Workstation
23:17:04.0468 4748  ComputerName: OPTIPLEX380
23:17:04.0468 4748  UserName: admin
23:17:04.0468 4748  Windows directory: C:\Windows
23:17:04.0469 4748  System windows directory: C:\Windows
23:17:04.0469 4748  Processor architecture: Intel x86
23:17:04.0469 4748  Number of processors: 2
23:17:04.0469 4748  Page size: 0x1000
23:17:04.0469 4748  Boot type: Normal boot
23:17:04.0469 4748  ============================================================
23:17:05.0296 4748  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:17:05.0309 4748  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:17:05.0314 4748  ============================================================
23:17:05.0314 4748  \Device\Harddisk0\DR0:
23:17:05.0314 4748  MBR partitions:
23:17:05.0314 4748  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x204D000
23:17:05.0314 4748  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2061000, BlocksNum 0x233CD000
23:17:05.0314 4748  \Device\Harddisk1\DR1:
23:17:05.0318 4748  MBR partitions:
23:17:05.0318 4748  ============================================================
23:17:05.0338 4748  C: <-> \Device\Harddisk0\DR0\Partition2
23:17:05.0338 4748  ============================================================
23:17:05.0338 4748  Initialize success
23:17:05.0338 4748  ============================================================
23:17:43.0334 1044  ============================================================
23:17:43.0334 1044  Scan started
23:17:43.0334 1044  Mode: Manual; SigCheck; TDLFS; 
23:17:43.0334 1044  ============================================================
23:17:43.0647 1044  ================ Scan system memory ========================
23:17:43.0647 1044  System memory - ok
23:17:43.0647 1044  ================ Scan services =============================
23:17:43.0770 1044  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:17:43.0829 1044  1394ohci - ok
23:17:43.0857 1044  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:17:43.0871 1044  ACPI - ok
23:17:43.0886 1044  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:17:43.0908 1044  AcpiPmi - ok
23:17:44.0015 1044  [ 49C47EBF1C9EF2C5D4988450D79FD544 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:17:44.0044 1044  AcrSch2Svc - ok
23:17:44.0130 1044  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:17:44.0146 1044  AdobeARMservice - ok
23:17:44.0198 1044  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:44.0215 1044  AdobeFlashPlayerUpdateSvc - ok
23:17:44.0241 1044  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:17:44.0257 1044  adp94xx - ok
23:17:44.0272 1044  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:17:44.0285 1044  adpahci - ok
23:17:44.0297 1044  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:17:44.0309 1044  adpu320 - ok
23:17:44.0335 1044  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:17:44.0381 1044  AeLookupSvc - ok
23:17:44.0428 1044  [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
23:17:44.0445 1044  afcdp - ok
23:17:44.0538 1044  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
23:17:44.0635 1044  afcdpsrv - ok
23:17:44.0665 1044  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:17:44.0687 1044  AFD - ok
23:17:44.0714 1044  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:17:44.0730 1044  agp440 - ok
23:17:44.0748 1044  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:17:44.0758 1044  aic78xx - ok
23:17:44.0794 1044  [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
23:17:44.0822 1044  aksfridge - ok
23:17:44.0846 1044  [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
23:17:44.0864 1044  akshasp - ok
23:17:44.0887 1044  [ CCE6C56F18D214DE8D66F3F2A774CD5B ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
23:17:44.0912 1044  aksusb - ok
23:17:44.0951 1044  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:17:44.0979 1044  ALG - ok
23:17:44.0998 1044  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:17:45.0008 1044  aliide - ok
23:17:45.0038 1044  [ B370E3F0BDD30A3A5082263461FD90AA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:17:45.0061 1044  AMD External Events Utility - ok
23:17:45.0078 1044  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:17:45.0087 1044  amdagp - ok
23:17:45.0101 1044  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:17:45.0111 1044  amdide - ok
23:17:45.0125 1044  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:17:45.0146 1044  AmdK8 - ok
23:17:45.0150 1044  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:17:45.0164 1044  AmdPPM - ok
23:17:45.0178 1044  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:17:45.0188 1044  amdsata - ok
23:17:45.0201 1044  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:17:45.0212 1044  amdsbs - ok
23:17:45.0225 1044  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:17:45.0234 1044  amdxata - ok
23:17:45.0249 1044  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:17:45.0268 1044  AppID - ok
23:17:45.0291 1044  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:17:45.0331 1044  AppIDSvc - ok
23:17:45.0340 1044  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:17:45.0369 1044  Appinfo - ok
23:17:45.0422 1044  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:45.0436 1044  Apple Mobile Device - ok
23:17:45.0475 1044  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:17:45.0491 1044  AppMgmt - ok
23:17:45.0530 1044  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
23:17:45.0547 1044  arc - ok
23:17:45.0553 1044  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:17:45.0570 1044  arcsas - ok
23:17:45.0651 1044  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:17:45.0665 1044  aspnet_state - ok
23:17:45.0687 1044  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
23:17:45.0696 1044  aswFsBlk - ok
23:17:45.0715 1044  [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
23:17:45.0723 1044  aswMonFlt - ok
23:17:45.0743 1044  [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
23:17:45.0751 1044  aswRdr - ok
23:17:45.0795 1044  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:17:45.0817 1044  aswSnx - ok
23:17:45.0827 1044  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
23:17:45.0839 1044  aswSP - ok
23:17:45.0871 1044  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
23:17:45.0885 1044  aswTdi - ok
23:17:45.0902 1044  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:45.0934 1044  AsyncMac - ok
23:17:45.0952 1044  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:17:45.0961 1044  atapi - ok
23:17:46.0053 1044  [ B9290CF76263838ED609F3BDB6AD07EC ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:46.0179 1044  atikmdag - ok
23:17:46.0217 1044  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:17:46.0261 1044  AudioEndpointBuilder - ok
23:17:46.0268 1044  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:17:46.0290 1044  Audiosrv - ok
23:17:46.0325 1044  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:17:46.0339 1044  avast! Antivirus - ok
23:17:46.0369 1044  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:17:46.0401 1044  AxInstSV - ok
23:17:46.0438 1044  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
23:17:46.0472 1044  b06bdrv - ok
23:17:46.0492 1044  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:17:46.0515 1044  b57nd60x - ok
23:17:46.0637 1044  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
23:17:46.0659 1044  BBSvc - ok
23:17:46.0707 1044  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
23:17:46.0728 1044  BBUpdate - ok
23:17:46.0753 1044  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:17:46.0789 1044  BDESVC - ok
23:17:46.0810 1044  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:17:46.0851 1044  Beep - ok
23:17:46.0885 1044  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:17:46.0926 1044  BFE - ok
23:17:46.0951 1044  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:17:46.0979 1044  BITS - ok
23:17:46.0989 1044  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:47.0007 1044  blbdrive - ok
23:17:47.0037 1044  [ A1115D933E7E3588E6DD53B03219F808 ] Blfp            C:\Windows\system32\DRIVERS\basp.sys
23:17:47.0050 1044  Blfp - ok
23:17:47.0111 1044  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:17:47.0131 1044  Bonjour Service - ok
23:17:47.0155 1044  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:17:47.0183 1044  bowser - ok
23:17:47.0227 1044  [ E7CA80FA5A7E82ED87E8140E0BDFA13B ] BrcmMgmtAgent   C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
23:17:47.0246 1044  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
23:17:47.0246 1044  BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
23:17:47.0271 1044  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:17:47.0300 1044  BrFiltLo - ok
23:17:47.0312 1044  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:17:47.0327 1044  BrFiltUp - ok
23:17:47.0362 1044  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:17:47.0390 1044  Browser - ok
23:17:47.0404 1044  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:17:47.0417 1044  Brserid - ok
23:17:47.0432 1044  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:47.0444 1044  BrSerWdm - ok
23:17:47.0458 1044  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:47.0475 1044  BrUsbMdm - ok
23:17:47.0487 1044  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:47.0507 1044  BrUsbSer - ok
23:17:47.0523 1044  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:17:47.0536 1044  BTHMODEM - ok
23:17:47.0567 1044  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:17:47.0605 1044  bthserv - ok
23:17:47.0622 1044  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:17:47.0655 1044  cdfs - ok
23:17:47.0682 1044  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:17:47.0698 1044  cdrom - ok
23:17:47.0713 1044  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:17:47.0733 1044  CertPropSvc - ok
23:17:47.0737 1044  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:17:47.0749 1044  circlass - ok
23:17:47.0766 1044  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:17:47.0779 1044  CLFS - ok
23:17:47.0809 1044  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:47.0818 1044  clr_optimization_v2.0.50727_32 - ok
23:17:47.0849 1044  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:17:47.0865 1044  clr_optimization_v4.0.30319_32 - ok
23:17:47.0875 1044  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:17:47.0887 1044  CmBatt - ok
23:17:47.0897 1044  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:17:47.0907 1044  cmdide - ok
23:17:47.0949 1044  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:17:47.0976 1044  CNG - ok
23:17:47.0993 1044  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:17:48.0002 1044  Compbatt - ok
23:17:48.0023 1044  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:17:48.0041 1044  CompositeBus - ok
23:17:48.0050 1044  COMSysApp - ok
23:17:48.0067 1044  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:17:48.0077 1044  crcdisk - ok
23:17:48.0118 1044  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:17:48.0143 1044  CryptSvc - ok
23:17:48.0168 1044  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
23:17:48.0202 1044  CSC - ok
23:17:48.0223 1044  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
23:17:48.0253 1044  CscService - ok
23:17:48.0280 1044  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:17:48.0314 1044  DcomLaunch - ok
23:17:48.0338 1044  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:17:48.0390 1044  defragsvc - ok
23:17:48.0399 1044  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:17:48.0428 1044  DfsC - ok
23:17:48.0449 1044  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:17:48.0481 1044  Dhcp - ok
23:17:48.0633 1044  [ 8046B45C3B77004FB47796B9FDCF721E ] DiinoService    C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe
23:17:48.0647 1044  DiinoService - ok
23:17:48.0668 1044  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:17:48.0697 1044  discache - ok
23:17:48.0722 1044  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
23:17:48.0734 1044  Disk - ok
23:17:48.0754 1044  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
23:17:48.0771 1044  dmvsc - ok
23:17:48.0796 1044  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:17:48.0820 1044  Dnscache - ok
23:17:48.0843 1044  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:17:48.0874 1044  dot3svc - ok
23:17:48.0901 1044  [ B5E479EB83707DD698F66953E922042C ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:17:48.0924 1044  dot4 - ok
23:17:48.0954 1044  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:17:48.0978 1044  Dot4Print - ok
23:17:48.0991 1044  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:17:49.0016 1044  dot4usb - ok
23:17:49.0027 1044  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:17:49.0048 1044  DPS - ok
23:17:49.0075 1044  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:17:49.0092 1044  drmkaud - ok
23:17:49.0126 1044  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:17:49.0143 1044  DXGKrnl - ok
23:17:49.0160 1044  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:17:49.0191 1044  EapHost - ok
23:17:49.0258 1044  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
23:17:49.0341 1044  ebdrv - ok
23:17:49.0374 1044  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:17:49.0398 1044  EFS - ok
23:17:49.0447 1044  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:17:49.0477 1044  ehRecvr - ok
23:17:49.0491 1044  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:17:49.0512 1044  ehSched - ok
23:17:49.0553 1044  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:17:49.0577 1044  elxstor - ok
23:17:49.0593 1044  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:17:49.0613 1044  ErrDev - ok
23:17:49.0660 1044  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:17:49.0711 1044  EventSystem - ok
23:17:49.0729 1044  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:17:49.0751 1044  exfat - ok
23:17:49.0764 1044  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:17:49.0786 1044  fastfat - ok
23:17:49.0815 1044  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:17:49.0843 1044  Fax - ok
23:17:49.0856 1044  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
23:17:49.0867 1044  fdc - ok
23:17:49.0883 1044  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:17:49.0914 1044  fdPHost - ok
23:17:49.0924 1044  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:17:49.0953 1044  FDResPub - ok
23:17:49.0974 1044  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:17:49.0984 1044  FileInfo - ok
23:17:50.0003 1044  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:17:50.0024 1044  Filetrace - ok
23:17:50.0040 1044  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:17:50.0050 1044  flpydisk - ok
23:17:50.0076 1044  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:17:50.0088 1044  FltMgr - ok
23:17:50.0120 1044  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
23:17:50.0141 1044  FontCache - ok
23:17:50.0210 1044  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:17:50.0222 1044  FontCache3.0.0.0 - ok
23:17:50.0239 1044  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:17:50.0249 1044  FsDepends - ok
23:17:50.0276 1044  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:17:50.0291 1044  Fs_Rec - ok
23:17:50.0318 1044  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:17:50.0332 1044  fvevol - ok
23:17:50.0352 1044  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:17:50.0362 1044  gagp30kx - ok
23:17:50.0397 1044  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:17:50.0407 1044  GEARAspiWDM - ok
23:17:50.0450 1044  [ 29C3D2A2398B980A73043FA3688E2F30 ] GenericMount    C:\Windows\system32\DRIVERS\GenericMount.sys
23:17:50.0463 1044  GenericMount - ok
23:17:50.0504 1044  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:17:50.0551 1044  gpsvc - ok
23:17:50.0573 1044  [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock        C:\Windows\system32\drivers\hardlock.sys
23:17:50.0589 1044  hardlock - ok
23:17:50.0592 1044  hasplms - ok
23:17:50.0638 1044  [ D2A04F50B18B85FE236143399123EC0D ] hcmon           C:\Windows\system32\drivers\hcmon.sys
23:17:50.0650 1044  hcmon - ok
23:17:50.0683 1044  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:17:50.0709 1044  hcw85cir - ok
23:17:50.0728 1044  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:17:50.0741 1044  HDAudBus - ok
23:17:50.0756 1044  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:17:50.0777 1044  HidBatt - ok
23:17:50.0787 1044  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:17:50.0807 1044  HidBth - ok
23:17:50.0811 1044  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:17:50.0828 1044  HidIr - ok
23:17:50.0856 1044  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
23:17:50.0879 1044  hidserv - ok
23:17:50.0905 1044  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:17:50.0930 1044  HidUsb - ok
23:17:50.0975 1044  [ 8AE0753A124F5FADBECFB38E4AF92036 ] hitmanpro36     C:\Windows\system32\drivers\hitmanpro36.sys
23:17:50.0989 1044  hitmanpro36 - ok
23:17:51.0011 1044  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:17:51.0032 1044  hkmsvc - ok
23:17:51.0050 1044  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:17:51.0069 1044  HomeGroupListener - ok
23:17:51.0087 1044  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:17:51.0109 1044  HomeGroupProvider - ok
23:17:51.0122 1044  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:17:51.0132 1044  HpSAMD - ok
23:17:51.0158 1044  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:17:51.0183 1044  HTTP - ok
23:17:51.0193 1044  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:17:51.0202 1044  hwpolicy - ok
23:17:51.0217 1044  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:17:51.0232 1044  i8042prt - ok
23:17:51.0245 1044  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:17:51.0258 1044  iaStorV - ok
23:17:51.0305 1044  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:17:51.0336 1044  idsvc - ok
23:17:51.0349 1044  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:17:51.0359 1044  iirsp - ok
23:17:51.0404 1044  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:17:51.0456 1044  IKEEXT - ok
23:17:51.0536 1044  [ 2D8D9516281E27A721897A388F17DEFB ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys
23:17:51.0587 1044  IntcAzAudAddService - ok
23:17:51.0596 1044  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:17:51.0605 1044  intelide - ok
23:17:51.0631 1044  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:17:51.0649 1044  intelppm - ok
23:17:51.0663 1044  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:17:51.0693 1044  IPBusEnum - ok
23:17:51.0706 1044  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:17:51.0727 1044  IpFilterDriver - ok
23:17:51.0749 1044  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:17:51.0783 1044  iphlpsvc - ok
23:17:51.0797 1044  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:17:51.0808 1044  IPMIDRV - ok
23:17:51.0821 1044  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:17:51.0848 1044  IPNAT - ok
23:17:51.0896 1044  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:17:51.0927 1044  iPod Service - ok
23:17:51.0947 1044  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:17:51.0978 1044  IRENUM - ok
23:17:52.0003 1044  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:17:52.0013 1044  isapnp - ok
23:17:52.0025 1044  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:17:52.0037 1044  iScsiPrt - ok
23:17:52.0063 1044  [ 51B719F0BCE4430A6EAAD43FB9FF61A3 ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
23:17:52.0074 1044  k57nd60x - ok
23:17:52.0096 1044  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:17:52.0106 1044  kbdclass - ok
23:17:52.0132 1044  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:17:52.0158 1044  kbdhid - ok
23:17:52.0174 1044  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:17:52.0185 1044  KeyIso - ok
23:17:52.0216 1044  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:17:52.0226 1044  KSecDD - ok
23:17:52.0239 1044  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:17:52.0250 1044  KSecPkg - ok
23:17:52.0277 1044  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:17:52.0303 1044  KtmRm - ok
23:17:52.0323 1044  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:17:52.0352 1044  LanmanServer - ok
23:17:52.0371 1044  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:17:52.0394 1044  LanmanWorkstation - ok
23:17:52.0427 1044  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:17:52.0473 1044  lltdio - ok
23:17:52.0497 1044  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:17:52.0521 1044  lltdsvc - ok
23:17:52.0532 1044  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:17:52.0565 1044  lmhosts - ok
23:17:52.0589 1044  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:17:52.0599 1044  LSI_FC - ok
23:17:52.0603 1044  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:17:52.0614 1044  LSI_SAS - ok
23:17:52.0628 1044  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:17:52.0638 1044  LSI_SAS2 - ok
23:17:52.0642 1044  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:17:52.0652 1044  LSI_SCSI - ok
23:17:52.0668 1044  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:17:52.0689 1044  luafv - ok
23:17:52.0707 1044  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:17:52.0720 1044  Mcx2Svc - ok
23:17:52.0730 1044  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:17:52.0740 1044  megasas - ok
23:17:52.0755 1044  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:17:52.0767 1044  MegaSR - ok
23:17:52.0792 1044  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:17:52.0833 1044  MMCSS - ok
23:17:52.0847 1044  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:17:52.0876 1044  Modem - ok
23:17:52.0896 1044  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:17:52.0919 1044  monitor - ok
23:17:52.0943 1044  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:17:52.0953 1044  mouclass - ok
23:17:52.0970 1044  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:17:52.0989 1044  mouhid - ok
23:17:53.0001 1044  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:17:53.0011 1044  mountmgr - ok
23:17:53.0086 1044  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:17:53.0102 1044  MozillaMaintenance - ok
23:17:53.0123 1044  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:17:53.0141 1044  mpio - ok
23:17:53.0156 1044  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:17:53.0177 1044  mpsdrv - ok
23:17:53.0205 1044  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:17:53.0241 1044  MpsSvc - ok
23:17:53.0258 1044  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:17:53.0276 1044  MRxDAV - ok
23:17:53.0307 1044  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:17:53.0324 1044  mrxsmb - ok
23:17:53.0340 1044  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:17:53.0352 1044  mrxsmb10 - ok
23:17:53.0364 1044  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:17:53.0381 1044  mrxsmb20 - ok
23:17:53.0405 1044  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:17:53.0414 1044  msahci - ok
23:17:53.0430 1044  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:17:53.0440 1044  msdsm - ok
23:17:53.0448 1044  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:17:53.0469 1044  MSDTC - ok
23:17:53.0502 1044  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:17:53.0524 1044  Msfs - ok
23:17:53.0532 1044  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:17:53.0564 1044  mshidkmdf - ok
23:17:53.0580 1044  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:17:53.0589 1044  msisadrv - ok
23:17:53.0616 1044  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:17:53.0656 1044  MSiSCSI - ok
23:17:53.0660 1044  msiserver - ok
23:17:53.0683 1044  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:17:53.0703 1044  MSKSSRV - ok
23:17:53.0713 1044  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:17:53.0744 1044  MSPCLOCK - ok
23:17:53.0757 1044  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:17:53.0786 1044  MSPQM - ok
23:17:53.0804 1044  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:17:53.0815 1044  MsRPC - ok
23:17:53.0830 1044  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:17:53.0839 1044  mssmbios - ok
23:17:53.0854 1044  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:17:53.0875 1044  MSTEE - ok
23:17:53.0885 1044  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:17:53.0900 1044  MTConfig - ok
23:17:53.0910 1044  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:17:53.0919 1044  Mup - ok
23:17:53.0937 1044  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:17:53.0961 1044  napagent - ok
23:17:53.0985 1044  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:17:54.0019 1044  NativeWifiP - ok
23:17:54.0059 1044  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:17:54.0091 1044  NDIS - ok
23:17:54.0106 1044  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:17:54.0134 1044  NdisCap - ok
23:17:54.0161 1044  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:17:54.0198 1044  NdisTapi - ok
23:17:54.0210 1044  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:17:54.0229 1044  Ndisuio - ok
23:17:54.0243 1044  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:17:54.0276 1044  NdisWan - ok
23:17:54.0287 1044  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:17:54.0306 1044  NDProxy - ok
23:17:54.0335 1044  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:17:54.0350 1044  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:17:54.0350 1044  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:17:54.0370 1044  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:17:54.0402 1044  NetBIOS - ok
23:17:54.0415 1044  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:17:54.0450 1044  NetBT - ok
23:17:54.0466 1044  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:17:54.0479 1044  Netlogon - ok
23:17:54.0513 1044  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:17:54.0550 1044  Netman - ok
23:17:54.0576 1044  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0585 1044  NetMsmqActivator - ok
23:17:54.0589 1044  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0597 1044  NetPipeActivator - ok
23:17:54.0614 1044  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:17:54.0649 1044  netprofm - ok
23:17:54.0653 1044  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0662 1044  NetTcpActivator - ok
23:17:54.0665 1044  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0674 1044  NetTcpPortSharing - ok
23:17:54.0704 1044  [ 104BE93F0607C6AA0D85319581F96EC2 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
23:17:54.0724 1044  netvsc - ok
23:17:54.0757 1044  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:17:54.0774 1044  nfrd960 - ok
23:17:54.0793 1044  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:17:54.0822 1044  NlaSvc - ok
23:17:54.0838 1044  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:17:54.0868 1044  Npfs - ok
23:17:54.0881 1044  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:17:54.0929 1044  nsi - ok
23:17:54.0944 1044  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:17:54.0965 1044  nsiproxy - ok
23:17:55.0016 1044  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:17:55.0071 1044  Ntfs - ok
23:17:55.0087 1044  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:17:55.0108 1044  Null - ok
23:17:55.0123 1044  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:17:55.0134 1044  nvraid - ok
23:17:55.0142 1044  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:17:55.0153 1044  nvstor - ok
23:17:55.0168 1044  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:17:55.0179 1044  nv_agp - ok
23:17:55.0190 1044  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:17:55.0214 1044  ohci1394 - ok
23:17:55.0257 1044  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:17:55.0271 1044  ose - ok
23:17:55.0311 1044  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:17:55.0337 1044  p2pimsvc - ok
23:17:55.0365 1044  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:17:55.0395 1044  p2psvc - ok
23:17:55.0414 1044  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:17:55.0427 1044  Parport - ok
23:17:55.0461 1044  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:17:55.0473 1044  partmgr - ok
23:17:55.0479 1044  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:17:55.0491 1044  Parvdm - ok
23:17:55.0504 1044  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:17:55.0520 1044  PcaSvc - ok
23:17:55.0532 1044  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:17:55.0544 1044  pci - ok
23:17:55.0553 1044  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:17:55.0562 1044  pciide - ok
23:17:55.0571 1044  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:17:55.0583 1044  pcmcia - ok
23:17:55.0597 1044  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:17:55.0607 1044  pcw - ok
23:17:55.0634 1044  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:17:55.0683 1044  PEAUTH - ok
23:17:55.0733 1044  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:17:55.0780 1044  PeerDistSvc - ok
23:17:55.0840 1044  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:17:55.0921 1044  pla - ok
23:17:55.0963 1044  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:17:55.0995 1044  PlugPlay - ok
23:17:56.0029 1044  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:17:56.0033 1044  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:17:56.0033 1044  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:17:56.0044 1044  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:17:56.0074 1044  PNRPAutoReg - ok
23:17:56.0095 1044  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:17:56.0111 1044  PNRPsvc - ok
23:17:56.0141 1044  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:17:56.0190 1044  PolicyAgent - ok
23:17:56.0212 1044  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:17:56.0247 1044  Power - ok
23:17:56.0280 1044  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:17:56.0318 1044  PptpMiniport - ok
23:17:56.0334 1044  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
23:17:56.0353 1044  Processor - ok
23:17:56.0398 1044  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:17:56.0419 1044  ProfSvc - ok
23:17:56.0433 1044  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:17:56.0445 1044  ProtectedStorage - ok
23:17:56.0462 1044  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:17:56.0494 1044  Psched - ok
23:17:56.0527 1044  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
23:17:56.0540 1044  PxHelp20 - ok
23:17:56.0610 1044  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:17:56.0669 1044  ql2300 - ok
23:17:56.0684 1044  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:17:56.0694 1044  ql40xx - ok
23:17:56.0710 1044  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:17:56.0742 1044  QWAVE - ok
23:17:56.0752 1044  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:17:56.0768 1044  QWAVEdrv - ok
23:17:56.0777 1044  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:17:56.0808 1044  RasAcd - ok
23:17:56.0847 1044  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:17:56.0878 1044  RasAgileVpn - ok
23:17:56.0894 1044  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:17:56.0939 1044  RasAuto - ok
23:17:56.0956 1044  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:17:56.0982 1044  Rasl2tp - ok
23:17:57.0004 1044  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:17:57.0040 1044  RasMan - ok
23:17:57.0052 1044  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:17:57.0073 1044  RasPppoe - ok
23:17:57.0100 1044  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:17:57.0137 1044  RasSstp - ok
23:17:57.0163 1044  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:17:57.0207 1044  rdbss - ok
23:17:57.0223 1044  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:17:57.0250 1044  rdpbus - ok
23:17:57.0265 1044  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:17:57.0292 1044  RDPCDD - ok
23:17:57.0317 1044  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:17:57.0345 1044  RDPDR - ok
23:17:57.0357 1044  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:17:57.0378 1044  RDPENCDD - ok
23:17:57.0394 1044  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:17:57.0424 1044  RDPREFMP - ok
23:17:57.0453 1044  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:17:57.0473 1044  RDPWD - ok
23:17:57.0492 1044  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:17:57.0503 1044  rdyboost - ok
23:17:57.0523 1044  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:17:57.0545 1044  RemoteAccess - ok
23:17:57.0565 1044  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:17:57.0591 1044  RemoteRegistry - ok
23:17:57.0686 1044  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:17:57.0735 1044  RoxMediaDB12OEM - ok
23:17:57.0755 1044  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:17:57.0764 1044  RoxWatch12 - ok
23:17:57.0787 1044  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:17:57.0821 1044  RpcEptMapper - ok
23:17:57.0841 1044  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:17:57.0863 1044  RpcLocator - ok
23:17:57.0880 1044  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:17:57.0905 1044  RpcSs - ok
23:17:57.0932 1044  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:17:57.0971 1044  rspndr - ok
23:17:57.0991 1044  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:17:58.0009 1044  s3cap - ok
23:17:58.0025 1044  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:17:58.0036 1044  SamSs - ok
23:17:58.0059 1044  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:17:58.0070 1044  sbp2port - ok
23:17:58.0104 1044  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:17:58.0128 1044  SCardSvr - ok
23:17:58.0140 1044  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:17:58.0168 1044  scfilter - ok
23:17:58.0190 1044  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:17:58.0233 1044  Schedule - ok
23:17:58.0247 1044  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:17:58.0267 1044  SCPolicySvc - ok
23:17:58.0280 1044  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:17:58.0302 1044  SDRSVC - ok
23:17:58.0336 1044  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:17:58.0377 1044  secdrv - ok
23:17:58.0388 1044  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:17:58.0436 1044  seclogon - ok
23:17:58.0453 1044  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:17:58.0490 1044  SENS - ok
23:17:58.0513 1044  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:17:58.0526 1044  SensrSvc - ok
23:17:58.0545 1044  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:17:58.0555 1044  Serenum - ok
23:17:58.0567 1044  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:17:58.0588 1044  Serial - ok
23:17:58.0597 1044  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:17:58.0608 1044  sermouse - ok
23:17:58.0626 1044  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:17:58.0670 1044  SessionEnv - ok
23:17:58.0686 1044  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:17:58.0708 1044  sffdisk - ok
23:17:58.0721 1044  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:17:58.0733 1044  sffp_mmc - ok
23:17:58.0746 1044  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:17:58.0763 1044  sffp_sd - ok
23:17:58.0773 1044  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:17:58.0793 1044  sfloppy - ok
23:17:58.0815 1044  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:17:58.0861 1044  SharedAccess - ok
23:17:58.0891 1044  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:17:58.0930 1044  ShellHWDetection - ok
23:17:58.0943 1044  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:17:58.0953 1044  sisagp - ok
23:17:58.0974 1044  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:17:58.0983 1044  SiSRaid2 - ok
23:17:58.0994 1044  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:17:59.0004 1044  SiSRaid4 - ok
23:17:59.0026 1044  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:17:59.0047 1044  Smb - ok
23:17:59.0104 1044  [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
23:17:59.0119 1044  snapman - ok
23:17:59.0156 1044  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:17:59.0176 1044  SNMPTRAP - ok
23:17:59.0182 1044  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:17:59.0195 1044  spldr - ok
23:17:59.0238 1044  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:17:59.0260 1044  Spooler - ok
23:17:59.0324 1044  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:17:59.0421 1044  sppsvc - ok
23:17:59.0434 1044  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:17:59.0457 1044  sppuinotify - ok
23:17:59.0477 1044  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:17:59.0496 1044  srv - ok
23:17:59.0515 1044  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:17:59.0540 1044  srv2 - ok
23:17:59.0555 1044  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:17:59.0575 1044  srvnet - ok
23:17:59.0597 1044  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:17:59.0622 1044  SSDPSRV - ok
23:17:59.0638 1044  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:17:59.0673 1044  SstpSvc - ok
23:17:59.0694 1044  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:17:59.0703 1044  stexstor - ok
23:17:59.0734 1044  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:17:59.0770 1044  StiSvc - ok
23:17:59.0805 1044  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:17:59.0812 1044  stllssvr - ok
23:17:59.0834 1044  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
23:17:59.0847 1044  StorSvc - ok
23:17:59.0880 1044  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:17:59.0897 1044  storvsc - ok
23:17:59.0916 1044  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:17:59.0925 1044  swenum - ok
23:17:59.0955 1044  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:17:59.0988 1044  swprv - ok
23:18:00.0002 1044  [ 04990C25043705985F1EC40BF704AAAC ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
23:18:00.0012 1044  SynthVid - ok
23:18:00.0035 1044  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:18:00.0079 1044  SysMain - ok
23:18:00.0090 1044  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:18:00.0113 1044  TabletInputService - ok
23:18:00.0131 1044  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:18:00.0164 1044  TapiSrv - ok
23:18:00.0175 1044  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:18:00.0204 1044  TBS - ok
23:18:00.0263 1044  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:18:00.0311 1044  Tcpip - ok
23:18:00.0334 1044  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:18:00.0358 1044  TCPIP6 - ok
23:18:00.0384 1044  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:18:00.0422 1044  tcpipreg - ok
23:18:00.0436 1044  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:18:00.0455 1044  TDPIPE - ok
23:18:00.0505 1044  [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
23:18:00.0533 1044  tdrpman273 - ok
23:18:00.0576 1044  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:18:00.0593 1044  TDTCP - ok
23:18:00.0607 1044  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:18:00.0627 1044  tdx - ok
23:18:00.0636 1044  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:18:00.0645 1044  TermDD - ok
23:18:00.0676 1044  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:18:00.0704 1044  TermService - ok
23:18:00.0712 1044  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:18:00.0736 1044  Themes - ok
23:18:00.0751 1044  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:18:00.0774 1044  THREADORDER - ok
23:18:00.0822 1044  [ A34D7024BB7140EC785C86BC065D4F60 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
23:18:00.0844 1044  timounter - ok
23:18:00.0869 1044  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:18:00.0894 1044  TrkWks - ok
23:18:00.0926 1044  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:18:00.0967 1044  TrustedInstaller - ok
23:18:00.0985 1044  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:01.0016 1044  tssecsrv - ok
23:18:01.0029 1044  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:18:01.0052 1044  TsUsbFlt - ok
23:18:01.0075 1044  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:18:01.0098 1044  TsUsbGD - ok
23:18:01.0120 1044  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:18:01.0149 1044  tunnel - ok
23:18:01.0161 1044  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:18:01.0171 1044  uagp35 - ok
23:18:01.0189 1044  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:18:01.0210 1044  udfs - ok
23:18:01.0235 1044  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:18:01.0259 1044  UI0Detect - ok
23:18:01.0263 1044  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:18:01.0272 1044  uliagpkx - ok
23:18:01.0291 1044  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:18:01.0308 1044  umbus - ok
23:18:01.0323 1044  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:18:01.0342 1044  UmPass - ok
23:18:01.0368 1044  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:18:01.0383 1044  UmRdpService - ok
23:18:01.0399 1044  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:18:01.0431 1044  upnphost - ok
23:18:01.0451 1044  [ 4663AD7F61519E88687393BFCB154E4C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:01.0477 1044  usbccgp - ok
23:18:01.0489 1044  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:18:01.0505 1044  usbcir - ok
23:18:01.0514 1044  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:18:01.0532 1044  usbehci - ok
23:18:01.0575 1044  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:18:01.0593 1044  usbhub - ok
23:18:01.0605 1044  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:18:01.0620 1044  usbohci - ok
23:18:01.0641 1044  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:18:01.0671 1044  usbprint - ok
23:18:01.0682 1044  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:18:01.0699 1044  USBSTOR - ok
23:18:01.0713 1044  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:18:01.0723 1044  usbuhci - ok
23:18:01.0745 1044  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:18:01.0787 1044  UxSms - ok
23:18:01.0808 1044  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:18:01.0819 1044  VaultSvc - ok
23:18:01.0840 1044  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:18:01.0850 1044  vdrvroot - ok
23:18:01.0867 1044  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:18:01.0908 1044  vds - ok
23:18:01.0924 1044  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:18:01.0943 1044  vga - ok
23:18:01.0955 1044  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:18:01.0976 1044  VgaSave - ok
23:18:01.0993 1044  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:18:02.0005 1044  vhdmp - ok
23:18:02.0025 1044  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:18:02.0035 1044  viaagp - ok
23:18:02.0042 1044  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:18:02.0060 1044  ViaC7 - ok
23:18:02.0067 1044  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:18:02.0077 1044  viaide - ok
23:18:02.0129 1044  [ 0FC29ADB3F634ED3E535A76395B470B5 ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
23:18:02.0146 1044  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:18:02.0146 1044  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:18:02.0161 1044  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:18:02.0184 1044  VMBusHID - ok
23:18:02.0229 1044  [ 15759158F7531853616B2B43AF962FCB ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
23:18:02.0245 1044  vmci - ok
23:18:02.0277 1044  [ A9E4854540B6AC08B223ACC421F8723C ] vmkbd2          C:\Windows\system32\drivers\VMkbd.sys
23:18:02.0290 1044  vmkbd2 - ok
23:18:02.0307 1044  [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:18:02.0315 1044  VMnetAdapter - ok
23:18:02.0350 1044  [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:18:02.0357 1044  VMnetBridge - ok
23:18:02.0374 1044  [ 82FF155BF3F16AFEF04A26045EFECECF ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
23:18:02.0389 1044  VMnetDHCP - ok
23:18:02.0400 1044  [ 45F7C87EC9A7965F8FE133EAA0BC162A ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
23:18:02.0408 1044  VMnetuserif - ok
23:18:02.0413 1044  [ DF9A432334F8B2B4D8D37B3F5439F819 ] VMparport       C:\Windows\system32\Drivers\VMparport.sys
23:18:02.0420 1044  VMparport - ok
23:18:02.0452 1044  [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
23:18:02.0459 1044  vmusb - ok
23:18:02.0502 1044  [ 4D09B93F16DA1AA08EB226F9F1AA4D51 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
23:18:02.0526 1044  VMUSBArbService - ok
23:18:02.0549 1044  [ 95EEC9F8FEB9D06872A433F058AB8E60 ] VMware NAT Service C:\Windows\system32\vmnat.exe
23:18:02.0565 1044  VMware NAT Service - ok
23:18:02.0575 1044  [ 5DB0E62BA22D7B1DDA7F97873C3B9A46 ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
23:18:02.0582 1044  vmx86 - ok
23:18:02.0605 1044  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:18:02.0615 1044  volmgr - ok
23:18:02.0626 1044  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:18:02.0640 1044  volmgrx - ok
23:18:02.0649 1044  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:18:02.0662 1044  volsnap - ok
23:18:02.0678 1044  [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
23:18:02.0689 1044  vpcbus - ok
23:18:02.0706 1044  [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:18:02.0727 1044  vpcnfltr - ok
23:18:02.0743 1044  [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
23:18:02.0766 1044  vpcusb - ok
23:18:02.0794 1044  [ E8E4757A9DC0B2836A85F932227B5BD6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
23:18:02.0816 1044  vpcvmm - ok
23:18:02.0844 1044  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:18:02.0860 1044  vsmraid - ok
23:18:02.0895 1044  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:18:02.0953 1044  VSS - ok
23:18:02.0969 1044  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:18:02.0989 1044  vwifibus - ok
23:18:03.0010 1044  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:18:03.0037 1044  W32Time - ok
23:18:03.0057 1044  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:18:03.0072 1044  WacomPen - ok
23:18:03.0095 1044  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:18:03.0124 1044  WANARP - ok
23:18:03.0127 1044  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:18:03.0147 1044  Wanarpv6 - ok
23:18:03.0178 1044  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:18:03.0233 1044  wbengine - ok
23:18:03.0247 1044  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:18:03.0275 1044  WbioSrvc - ok
23:18:03.0291 1044  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:18:03.0310 1044  wcncsvc - ok
23:18:03.0325 1044  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:18:03.0349 1044  WcsPlugInService - ok
23:18:03.0375 1044  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
23:18:03.0385 1044  Wd - ok
23:18:03.0404 1044  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:18:03.0421 1044  Wdf01000 - ok
23:18:03.0431 1044  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:18:03.0457 1044  WdiServiceHost - ok
23:18:03.0460 1044  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:18:03.0476 1044  WdiSystemHost - ok
23:18:03.0496 1044  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:18:03.0521 1044  WebClient - ok
23:18:03.0533 1044  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:18:03.0565 1044  Wecsvc - ok
23:18:03.0580 1044  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:18:03.0627 1044  wercplsupport - ok
23:18:03.0644 1044  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:18:03.0681 1044  WerSvc - ok
23:18:03.0700 1044  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:18:03.0720 1044  WfpLwf - ok
23:18:03.0743 1044  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:18:03.0752 1044  WIMMount - ok
23:18:03.0803 1044  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:18:03.0840 1044  WinDefend - ok
23:18:03.0845 1044  WinHttpAutoProxySvc - ok
23:18:03.0881 1044  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:18:03.0904 1044  Winmgmt - ok
23:18:03.0945 1044  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:18:04.0009 1044  WinRM - ok
23:18:04.0064 1044  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:18:04.0123 1044  Wlansvc - ok
23:18:04.0168 1044  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:18:04.0181 1044  wlcrasvc - ok
23:18:04.0222 1044  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:18:04.0272 1044  wlidsvc - ok
23:18:04.0286 1044  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:18:04.0304 1044  WmiAcpi - ok
23:18:04.0330 1044  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:18:04.0363 1044  wmiApSrv - ok
23:18:04.0416 1044  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:18:04.0477 1044  WMPNetworkSvc - ok
23:18:04.0501 1044  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:18:04.0532 1044  WPCSvc - ok
23:18:04.0545 1044  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:18:04.0568 1044  WPDBusEnum - ok
23:18:04.0587 1044  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:18:04.0613 1044  ws2ifsl - ok
23:18:04.0621 1044  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:18:04.0638 1044  wscsvc - ok
23:18:04.0642 1044  WSearch - ok
23:18:04.0702 1044  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:18:04.0740 1044  wuauserv - ok
23:18:04.0754 1044  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:18:04.0783 1044  WudfPf - ok
23:18:04.0812 1044  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:18:04.0832 1044  WUDFRd - ok
23:18:04.0855 1044  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:18:04.0879 1044  wudfsvc - ok
23:18:04.0896 1044  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:18:04.0924 1044  WwanSvc - ok
23:18:04.0940 1044  ================ Scan global ===============================
23:18:04.0969 1044  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:18:05.0005 1044  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:18:05.0022 1044  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:18:05.0047 1044  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:18:05.0076 1044  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:18:05.0085 1044  [Global] - ok
23:18:05.0085 1044  ================ Scan MBR ==================================
23:18:05.0095 1044  [ CF3BAAEC88DAB348129CC7DADD8C9BCF ] \Device\Harddisk0\DR0
23:18:05.0530 1044  \Device\Harddisk0\DR0 - ok
23:18:05.0558 1044  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:18:05.0631 1044  \Device\Harddisk1\DR1 - ok
23:18:05.0631 1044  ================ Scan VBR ==================================
23:18:05.0659 1044  [ 02D58985CDABE851B691F85A259C4315 ] \Device\Harddisk0\DR0\Partition1
23:18:05.0661 1044  \Device\Harddisk0\DR0\Partition1 - ok
23:18:05.0677 1044  [ 132671EAA6328BFD9D59D90F6C5202AC ] \Device\Harddisk0\DR0\Partition2
23:18:05.0679 1044  \Device\Harddisk0\DR0\Partition2 - ok
23:18:05.0680 1044  ============================================================
23:18:05.0680 1044  Scan finished
23:18:05.0680 1044  ============================================================
23:18:05.0692 5600  Detected object count: 4
23:18:05.0692 5600  Actual detected object count: 4
23:18:45.0937 5600  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0937 5600  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:18:45.0938 5600  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0938 5600  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:18:45.0941 5600  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0941 5600  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:18:45.0942 5600  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0942 5600  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
hallo cosinus.
erstmal im vorraus vielen dank für deine hilfe.
noch ein hinweis > nach den scans wurden beim runterfahren noch 7 windows updates installiert (nur zur info)

mfg stefan
__________________
__________________

Alt 06.11.2012, 14:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
:Files
C:\Windows\jestertb.dll
C:\Programme\pdfforge Toolbar
C:\Program Files\Application Updater
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.11.2012, 00:49   #5
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



nach dem fixen wurde rechner neu gestartet

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C7F6C6-8D67-4534-92B5-529A0EC09405}\ not found.
File c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found.
========== FILES ==========
C:\Windows\jestertb.dll moved successfully.
File\Folder C:\Programme\pdfforge Toolbar not found.
File\Folder C:\Program Files\Application Updater not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\msr\Downloads\cmd.bat deleted successfully.
C:\Users\msr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 1814543 bytes
->Temporary Internet Files folder emptied: 31894871 bytes
->Java cache emptied: 60069 bytes
->FireFox cache emptied: 43357721 bytes
->Flash cache emptied: 470 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: msr
->Temp folder emptied: 286787279 bytes
->Temporary Internet Files folder emptied: 14809445 bytes
->Java cache emptied: 10597510 bytes
->FireFox cache emptied: 65692231 bytes
->Flash cache emptied: 901 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8980788 bytes
RecycleBin emptied: 6162304 bytes
 
Total Files Cleaned = 448,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11072012_004019

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2200.log moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

__________________
Gestern hab ich mir das Internet runtergeladen

Alt 07.11.2012, 12:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> Malwarebytes hat pup.dealio.tb gefunden

Alt 07.11.2012, 18:40   #7
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



hallo.
bin erst am montag wieder am rechner, dienstreise.

bis dann stefan
__________________
Gestern hab ich mir das Internet runtergeladen

Alt 07.11.2012, 21:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



ok, dann bis Montag
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.11.2012, 09:29   #9
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 12/11/2012 um 09:28:20 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : admin - OPTIPLEX380
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\msr\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\Users\admin\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\admin\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\msr\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\msr\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKLM\Software\pdfforge

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1962 octets] - [12/11/2012 09:28:20]

########## EOF - \AdwCleaner[R1].txt - [2022 octets] ##########
         
__________________
Gestern hab ich mir das Internet runtergeladen

Alt 12.11.2012, 11:08   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.11.2012, 17:14   #11
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Codebox streikt
__________________
Gestern hab ich mir das Internet runtergeladen

Geändert von mravebe (14.11.2012 um 17:29 Uhr)

Alt 14.11.2012, 17:26   #12
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Codebox streikt

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 14/11/2012 um 16:51:24 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : admin - OPTIPLEX380
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\msr\Desktop\Systemcheck\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\msr\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\msr\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\Software\pdfforge

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2089 octets] - [12/11/2012 09:28:20]
AdwCleaner[S1].txt - [2036 octets] - [14/11/2012 16:51:24]

########## EOF - \AdwCleaner[S1].txt - [2096 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 14.11.2012 17:01:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\msr\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,36% Memory free
6,49 Gb Paging File | 5,21 Gb Available in Paging File | 80,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,44 Gb Free Space | 68,98% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
 
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\msr\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DiinoService) -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmkbd2) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.)
DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTDVHDA.sys (Realtek Semiconductor Corp.)
DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data]
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 20:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2012.11.04 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\extensions
[2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 20:54:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.04 20:54:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.07 00:40:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Diino 5] C:\Users\msr\AppData\Roaming\Diino\DiinoLauncher.exe ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingA1170] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA129] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA1326] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA1353] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA15] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA1824] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA1913] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2081] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2181] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2390] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA252] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2736] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2851] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA2946] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA3646] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA3755] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4170] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4714] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA5833] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA609] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA618] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6318] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6420] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6704] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6748] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA6857] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7125] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7127] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7423] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7515] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7862] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA7899] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA8008] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA8340] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA8431] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA8592] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA8913] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9113] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9336] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9339] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9621] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9731] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA9738] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingC1078] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC1249] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC1291] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC1472] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC2033] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC2810] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC3008] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC3044] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC3336] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC4048] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC431] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC4542] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC4550] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC4618] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC4794] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5066] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5095] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5340] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5544] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5612] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5635] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5709] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC630] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC6520] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC663] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC6923] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC7333] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC7459] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC7464] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC7753] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC777] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8046] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8119] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8337] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8555] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8586] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8628] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8757] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8941] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8997] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9011] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9552] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9646] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1509] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1609] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1743] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1969] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2008] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2043] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2128] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3168] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3192] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3273] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3303] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3358] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3532] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3661] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3704] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3895] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4135] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4253] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4782] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5615] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5731] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5860] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6677] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6817] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6992] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7482] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7799] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7818] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7938] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8095] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8180] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB832] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8572] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8596] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8614] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB870] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8743] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9326] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9339] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1135] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1243] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1598] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1664] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1796] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2087] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2174] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2326] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2410] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2732] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD293] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3101] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3672] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3822] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4415] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4651] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5156] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5227] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5993] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6036] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6049] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6162] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6170] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6194] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6314] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6405] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6817] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7465] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7473] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7594] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7751] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7755] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8215] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8536] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8653] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8934] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9018] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9264] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9488] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9605] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9636] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9694] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9957] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\msr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..Trusted Domains: localhost ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 00:40:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.05 23:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.04 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.04 20:32:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.11.04 20:32:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.04 20:32:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.04 18:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.11.04 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.11.04 17:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.11.03 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.03 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.31 08:31:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL
[2012.10.31 08:31:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 17:00:17 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 17:00:17 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 16:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 16:52:50 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.08 23:05:18 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.08 23:05:18 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.08 23:05:18 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.08 23:05:18 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 00:40:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.11.07 00:31:13 | 000,382,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.05 23:04:57 | 332,920,021 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.04 20:32:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.04 20:32:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.04 20:32:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.04 20:32:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.04 20:32:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.11.04 20:32:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.11.04 20:12:59 | 000,003,488 | ---- | M] () -- C:\Windows\wininit.ini
[2012.11.04 18:57:42 | 000,001,240 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2012.11.04 18:57:42 | 000,001,218 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk
[2012.11.04 17:49:54 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.11.04 17:48:28 | 000,001,024 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.11.05 23:04:57 | 332,920,021 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.04 20:12:52 | 000,003,488 | ---- | C] () -- C:\Windows\wininit.ini
[2012.11.04 18:57:42 | 000,001,240 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2012.11.04 18:57:42 | 000,001,218 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk
[2012.11.04 17:48:28 | 000,001,024 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.11.04 17:42:58 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini
[2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini
[2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll
[2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2012 17:01:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\msr\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,36% Memory free
6,49 Gb Paging File | 5,21 Gb Available in Paging File | 80,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,44 Gb Free Space | 68,98% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
 
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4704C3-7B42-4D15-894B-4C49C66A0355}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{10C03517-E44F-452B-B7CA-7698D6C79419}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{1A44387F-0DB4-4468-A4D4-D443DAB22CD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F452FA4-9060-486E-98C3-74D05565476E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2D904129-9661-456E-AA98-B22F72E0D6E7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{413BABF0-6CA4-46AF-A82A-17158B9EBC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{426F4A77-E045-4A8E-AA69-47D4C3F6D963}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{47DBBAE2-78AE-4E8D-9E85-14EB5330954E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{549D28B0-19A9-4404-A90B-3A51AC9848B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72CDCF94-EE84-4A4E-A6B4-5E5AA1D32FA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{758454C0-7B33-46C0-8764-834B51C349B5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{80EB5828-D6B9-4838-A798-24A05B5745EF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{846C4D50-BDAC-4294-B9B9-6A8FB0778375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89BC5888-FA98-45E8-B30D-C4102D59061C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B2A1008-8988-44B6-A3A9-8F756D813DF5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9CA6EFDB-F7ED-4735-94F3-0189B6B5563D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9F5EAC7D-9519-4D3B-8EA2-72958264CAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A02DAE5A-DCBE-4816-AE11-E04FA5159B74}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{A78AF99B-1E3C-4D2C-9C00-7B24A8681194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AF10C3FC-C8E8-48E8-93F5-CD697A6DDB7A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C4EB1796-3C1D-42E3-8985-E0281D6E637F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C64148E7-8266-4E96-AA11-9AF7C2E914CF}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer | 
"{DAF48259-9895-4012-BACB-AE81E712AFDC}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch | 
"{DB4A09C3-F183-492D-A2AE-706214A502DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD6663A6-9B18-4BAD-ACDC-832DCF1AF9A1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFC181D6-6C25-455B-9DDE-0BEF8BEDDED3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FD1DF68D-DA99-4B06-8192-A75E3DA38FAB}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC14C1-6F92-47CD-83C9-5BE293D7D6DB}" = protocol=17 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{073099D5-B6CB-4583-92AA-A5D99C22E811}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{0DFE3540-D2E6-4A93-A703-10DF8656CACA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{0FDC9713-E75C-4411-B219-F39148070833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21FDA86F-7C85-4499-9B38-C59FFF23828D}" = protocol=6 | dir=out | app=system | 
"{36B9706E-18BD-4CB5-8A84-ED5CD2FBAFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C96FD18-E37A-4012-B63B-CBA3BE2FE252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{42E46A8C-B7CB-4CD8-9B1E-F32B550D678A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{54D34425-8AC2-49E5-A8AD-38A99904B0CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{589753BA-28A6-4EFE-8F10-2448C2D5D9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D631953-D882-43B8-836B-2A669B285498}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{665EFE42-0003-4DF4-B6BC-AA235609F10F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6ED6F8CE-BADF-4C70-B8AF-4C996E2AA4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70627151-16D2-446D-990E-85577F22CCD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7BF3623A-FAB4-46A0-9DB3-CD7E38C2BF6B}" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe | 
"{8362CF04-2744-46B2-A8B8-DD7B09EC1548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C461833-188E-45F2-8105-DE86137BF384}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A6EA5C56-F395-4BB0-ACE3-18A72D9A417F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{A8A69CD0-DBE5-43BE-AD83-1CF6FD28F83A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AB6FDA47-1B8C-4824-A535-8E40A820D5ED}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{C1341D73-02CD-4D86-ABC7-13A14D8C07A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C60C74D8-0DB8-410D-81D5-3F05D75732D8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CD9BB431-F569-48FE-853E-D8ABCF8B77FF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{D389C213-BB18-44AC-9DC6-B20BFC0E9289}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4BAA1FB-0D1A-4B3B-849B-1306C37782A2}" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe | 
"{EA62C671-3330-4096-AAF0-F0FD05443689}" = protocol=6 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ED1209B4-B3FA-4944-AA02-7879052BB83A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F171DF75-3B87-4354-B469-A0437AA84BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2AB2ADC-B315-483D-BBB3-8A636E9E8E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9559637-9E35-4932-BB64-16EF3E268510}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FA544C0A-452C-4339-8D26-9AF629A1351E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF6B9B45-C6B8-43C7-AF0C-9C1254C48C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{83907A66-B654-4142-B41F-8FB1EF3D06FB}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe | 
"TCP Query User{A1CFD68E-E745-4D06-B6BA-428D1DC3B48A}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe | 
"TCP Query User{E29872B9-F290-4BE3-B7CB-1203AB4877C9}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe | 
"TCP Query User{EF17FDD0-7FB5-4174-B83E-AB8F90390253}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe | 
"UDP Query User{3E139840-8504-48CC-B269-F2B63351EFF5}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe | 
"UDP Query User{45029AEB-56AD-45AB-9504-A47EBCCA4853}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe | 
"UDP Query User{88AE95CB-60C1-4DA6-9112-B15696C0A2C6}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe | 
"UDP Query User{F3F1FE03-3419-46F0-973F-8E36B4F0981F}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000223-40C1-2701-0100-000001000000}" = Siemens Manual Collection (SR)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{8707E615-B513-444E-B5A9-1D2DC4E593FC}" = InsideIR4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A523B6C0-E70F-4FA1-933D-DA04971F607F}" = VmciSockets
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA2B5971-E0B9-4D01-B732-88768933543E}" = EPLAN Data Archive Zipped
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.3
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LoxPLAN_is1" = Loxone Config
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarkWare3.9.0" = MarkWare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VMware_Player" = VMware Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diino 5" = Diino 5
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.10.2012 01:55:57 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.10.2012 11:53:54 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.10.2012 12:24:48 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 31.10.2012 02:34:49 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 03:36:46 | Computer Name = Optiplex380 | Source = Norton Ghost | ID = 100
Description = 
 
Error - 31.10.2012 03:46:59 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 04:03:19 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 04:05:18 | Computer Name = Optiplex380 | Source = MsiInstaller | ID = 11704
Description = 
 
Error - 31.10.2012 04:07:58 | Computer Name = Optiplex380 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = 
 
Error - 31.10.2012 04:09:24 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.11.2012 12:48:24 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 04.11.2012 12:50:17 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.6 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 05.11.2012 18:05:00 | Computer Name = Optiplex380 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?11.?2012 um 23:03:32 unerwartet heruntergefahren.
 
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Time is unreliable 
 
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = BugCheck | ID = 1001
Description = 
 
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Abort requested 
 
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 VMware Authorization Service erreicht.
 
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VMware Authorization Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 05.11.2012 18:05:40 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "Sentinel HASP License Manager" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 06.11.2012 19:40:19 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
die OTL.txt hab ich nicht in die Code-Box bekommen, sorry.
__________________
Gestern hab ich mir das Internet runtergeladen

Geändert von cosinus (14.11.2012 um 20:30 Uhr) Grund: CODE-Tags

Alt 14.11.2012, 20:47   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Code:
ATTFilter
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM ()
         
Was hast du da mit Spybot gemacht?!
Du solltest doch während der Analyse hier keine Scans machen bzw. Programme ausführen oder gar installieren/deinstallieren ohne, dass ein Helfer das gesagt hat!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.11.2012, 21:28   #14
mravebe
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



das kläre ich ab, ich nutz den rechner nicht allein :-(
ich hoffe das dadurch nichts vergeigt wurde, oder?
__________________
Gestern hab ich mir das Internet runtergeladen

Alt 14.11.2012, 22:30   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes hat pup.dealio.tb gefunden - Standard

Malwarebytes hat pup.dealio.tb gefunden



Wer nutzt den denn noch? Habt ihr keine Absprachen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Malwarebytes hat pup.dealio.tb gefunden
adobe, antivirus, avast, bho, bingbar, bonjour, branding, defender, desktop, excel, explorer, firefox, flash player, format, helper, mozilla, pdfforge toolbar, programme, realtek, registry, scan, security, software, symantec, system, temp, usb, windows



Ähnliche Themen: Malwarebytes hat pup.dealio.tb gefunden


  1. Malwarebytes hat Backdoor.bot gefunden.
    Log-Analyse und Auswertung - 23.04.2015 (32)
  2. PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden
    Log-Analyse und Auswertung - 25.03.2015 (15)
  3. Mit Malwarebytes,Infektionen gefunden.
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (24)
  4. Malwarebytes zeigt Pup.dealio.tb... evtl. auch anderer Befall?
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  5. PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert
    Log-Analyse und Auswertung - 20.05.2013 (10)
  6. Auf Vista pup.installbrain und pup.dealio.TB gefunden!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (24)
  7. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  8. TR/Offend.7014939.CV von AntiVir gefunden -- PUM.Hijack.ConnectionControl von Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (16)
  9. Malwarebytes Suchlauf->Ergebnis: Malware.Trace,PUP.Dealio, PUM.Disabled.SecurityCenter
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  10. Backdoor.bot von Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  11. Malwarebytes hat Schädling gefunden
    Log-Analyse und Auswertung - 25.04.2011 (29)
  12. Erneut Pup.dealio gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (14)
  13. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (32)
  14. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (21)
  15. PUP.Dealio infected
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (7)
  16. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 17.01.2011 (10)
  17. PUP.Dealio - die zweite
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (1)

Zum Thema Malwarebytes hat pup.dealio.tb gefunden - Hallo. Hab Malwarebytes mal durchlaufen lassen. Es wurde pup.dealio.tb gefunden. Ich hab immer als Standartbenutzer gearbeitet. System ist stabil. Logfiles im Anhang. Dankeschön im Vorraus Code: Alles auswählen Aufklappen ATTFilter - Malwarebytes hat pup.dealio.tb gefunden...
Archiv
Du betrachtest: Malwarebytes hat pup.dealio.tb gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.