Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: certified toolbar eingefangen - Browser hijacker

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.01.2013, 19:54   #1
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo,
ich habe mir die sog. certified toolbar eingefangen und weiß leider nicht wie ich sie losbekomme. Leider habe ich von der Materie relativ wenig Ahnung. Google hat mir mitgeteilt, daß es sich um ein heimtückisches Browser-Add-on, das oft als Browser-Hijacker kategorisiert wird, handelt.

Probleme: Firefox stellt sich immer auf certified toolbar ein sobald ich Firefox öffne und habe auch Probleme mit Word.

Habe versucht Eure Anleitung so exakt wie möglich zu befolgen und zunächst
- Malewarebytes installiert und vollgescannt
- Logfiles von OTL, EXTRAS udn nd GMER erstellt und als Anhang beigefügt (hoffe das ist alles so richtig)

Könnte ihr Euch das bitte ansehen und mir mitteilen, was ich tun soll? Vielleicht einfach einen guten Virenscanner (benütze derzeit Avast, kostenlose Version). Ich hoffe, ich habe soweit alles richtig gemacht.

Für Eure Bemühungen vielen Dank im Voraus!

Grüße sushi

Alt 23.01.2013, 16:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker





Zitat:
- Malewarebytes installiert und vollgescannt
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.01.2013, 08:22   #3
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo,
sorry, habe gestern das Protokoll von Malewarebytes erstellt und wollte eigentlich heute alles via codes einstellen. Jedoch hat mein Mann gestern eine Systemwiederherstellung auf ein früheres Datum (deutlich vor Befall) gemacht und bisher haben wir keine Probleme mehr. Mit Ausnahme, daß die Menüleisten im Firefox oben durchsichtig sind und ich kann mich nicht daran erinnern, daß ich diese Einstellung vorgenommen habe.

Zusätzlich habe ich Emisoft runtergeladen. Emisoft und Malewarebystes bringen bei Vollscan beide keinen Befall mehr. Unser Virenscanner Avast hat noch nie was gefunden (selbst mit Befall).

Ist der Rechner nun wirklich sauber? Soll ich zur Sicherheit die Logfiles trotzdem einstellen? (dann aktuelle oder die alten mit deutlichem Befall?) Möchte Euch nicht unnögit zuposten, wenn gar nichts ist... Was bedeutet die transparente Menüleiste im Firefox?

Danke für eine kurze Rückmeldung!

Angelika
__________________

Alt 24.01.2013, 09:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine neue Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 18:59   #5
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo,
hier die beiden Log-Files des OTL NACH der Systemrückstellung. Vielen Dank für Deine/Eure Unterstützung!

1) OTL
Code:
ATTFilter
OTL logfile created on: 24.01.2013 17:43:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Petro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 66,17% Memory free
15,79 Gb Paging File | 11,97 Gb Available in Paging File | 75,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 479,00 Gb Total Space | 419,13 Gb Free Space | 87,50% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,58 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: PETER | User Name: Petro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Petro\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MCSWASVR) -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87068D2F-8305-4BF8-9015-4471A124B3E8}
IE:64bit: - HKLM\..\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {87068D2F-8305-4BF8-9015-4471A124B3E8}
IE - HKLM\..\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\..\SearchScopes,DefaultScope = {87068D2F-8305-4BF8-9015-4471A124B3E8}
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\SearchScopes,DefaultScope = {87068D2F-8305-4BF8-9015-4471A124B3E8}
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\SearchScopes\{15F620D2-897B-471D-9956-C3016F0C5CAA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2BE4545B-25D7-405E-8F7E-F0B3EC0EB377&apn_sauid=16919A42-E075-49AB-A10A-1B7BAB17E09E
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=2BE4545B-25D7-405E-8F7E-F0B3EC0EB377&apn_ptnrs=U3&apn_sauid=16919A42-E075-49AB-A10A-1B7BAB17E09E&apn_dtid=OSJ000YYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.12 13:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 20:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.23 21:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.23 20:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.23 20:58:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.23 21:05:26 | 000,000,000 | ---D | M]
 
[2012.02.17 13:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\Extensions
[2013.01.23 21:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\Firefox\Profiles\xdcit4i9.default\extensions
[2013.01.19 20:44:12 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\extension@ciuvo.com.xpi
[2013.01.19 17:53:47 | 000,052,277 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\pricepeep@getpricepeep.com.xpi
[2013.01.19 20:46:59 | 000,175,931 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\support@shoptimate.com.xpi
[2013.01.07 16:02:36 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2012.11.07 15:20:56 | 000,002,308 | ---- | M] () -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\searchplugins\askcom.xml
[2013.01.19 17:25:49 | 000,003,278 | ---- | M] () -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\searchplugins\Web Search.xml
[2013.01.23 20:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.23 20:58:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.23 20:58:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.09 14:38:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 21:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 10:14:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 21:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 21:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.19 17:25:49 | 000,003,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012.06.20 21:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 21:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1005..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1005..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Petro\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O4 - Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E2EC9B-15DF-4544-91EB-287045EF297B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93EDA5A-9FE4-4481-B7AC-37708D12E29F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 03:07:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.23 22:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.01.23 22:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.01.23 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\Petro\Documents\Anti-Malware
[2013.01.23 21:09:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.23 21:08:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.23 21:08:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.23 21:08:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.23 21:08:21 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.21 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\Malwarebytes
[2013.01.21 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.21 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.21 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.21 21:14:28 | 000,000,000 | ---D | C] -- C:\rei
[2013.01.21 21:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.01.21 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\deltra Software GmbH
[2013.01.21 20:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2013.01.21 09:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013.01.21 09:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013.01.21 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\TestApp
[2013.01.21 09:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.01.19 17:29:07 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Local\Programs
[2013.01.19 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.19 17:01:35 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop Elements
[2013.01.19 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\WinRAR
[2013.01.19 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Local\DownTango
[2013.01.19 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.19 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Protected Search
[2013.01.09 11:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2013.01.09 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2013.01.09 01:21:15 | 000,000,000 | ---D | C] -- C:\Users\Petro\restore
[2013.01.09 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.01.09 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.01.09 00:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2013.01.09 00:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CEWE COLOR
[2013.01.07 16:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic
[2013.01.07 16:01:33 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscmcde.dll
[2013.01.07 16:01:33 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb6de.dll
[2013.01.07 16:01:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctde.dll
[2013.01.07 16:01:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winskde.dll
[2013.01.07 16:01:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stdftde.dll
[2013.01.07 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\BOM
[2013.01.07 16:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biet-O-Matic
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 17:39:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.24 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 17:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 03:35:56 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 03:35:56 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 03:27:48 | 000,461,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.24 03:27:00 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.24 03:10:27 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.24 03:10:27 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 03:10:27 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 03:10:27 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 03:10:27 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 03:10:20 | 001,590,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.23 22:43:52 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.23 21:09:57 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 21:02:14 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 21:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.01.23 21:01:57 | 000,000,021 | ---- | M] () -- C:\Users\Petro\AppData\Local\mc.pixel.data
[2013.01.22 09:59:23 | 000,000,000 | ---- | M] () -- C:\Users\Petro\defogger_reenable
[2013.01.21 21:14:28 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.19 16:59:00 | 000,000,168 | ---- | M] () -- C:\Users\Public\Desktop\Search.url
[2013.01.09 22:37:19 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 22:37:19 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 11:19:33 | 000,001,899 | ---- | M] () -- C:\Users\Petro\Desktop\IrfanView Thumbnails.lnk
[2013.01.09 11:19:33 | 000,001,007 | ---- | M] () -- C:\Users\Petro\Desktop\IrfanView.lnk
[2013.01.09 11:15:00 | 000,001,798 | ---- | M] () -- C:\Users\Petro\Desktop\XnView.lnk
[2013.01.09 00:49:23 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
[2013.01.09 00:49:23 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.01.07 16:01:47 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2013.01.01 11:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.12.29 11:49:53 | 000,004,608 | ---- | M] () -- C:\Users\Petro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.01.23 22:43:52 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.23 21:09:57 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 21:02:14 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.22 09:59:23 | 000,000,000 | ---- | C] () -- C:\Users\Petro\defogger_reenable
[2013.01.21 21:14:28 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.19 16:59:00 | 000,000,168 | ---- | C] () -- C:\Users\Public\Desktop\Search.url
[2013.01.09 11:15:00 | 000,001,798 | ---- | C] () -- C:\Users\Petro\Desktop\XnView.lnk
[2013.01.09 10:45:47 | 000,001,899 | ---- | C] () -- C:\Users\Petro\Desktop\IrfanView Thumbnails.lnk
[2013.01.09 10:45:47 | 000,001,007 | ---- | C] () -- C:\Users\Petro\Desktop\IrfanView.lnk
[2013.01.09 00:49:23 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
[2013.01.09 00:49:23 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.01.07 16:01:46 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2013.01.07 16:01:33 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.12.21 21:36:56 | 000,004,608 | ---- | C] () -- C:\Users\Petro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.20 20:23:55 | 000,000,021 | ---- | C] () -- C:\Users\Petro\AppData\Local\mc.pixel.data
[2012.03.11 11:25:54 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.02.26 10:04:09 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.02.26 10:04:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.02.26 10:03:53 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.26 10:03:53 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2012.02.26 10:03:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.02.26 10:03:04 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.02.26 10:03:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.26 10:02:59 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.02.26 10:02:54 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.02.25 12:12:31 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.02.25 12:12:26 | 000,001,024 | ---- | C] () -- C:\Users\Petro\.rnd
[2012.01.16 19:39:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.23 18:10:27 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.12.23 15:09:00 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2011.12.23 15:09:00 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat
[2011.12.17 15:18:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.17 15:17:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.17 15:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.17 15:17:39 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.17 15:17:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.17 15:17:37 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.11 11:22:50 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         

2) EXTRAS

Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 17:43:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Petro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 66,17% Memory free
15,79 Gb Paging File | 11,97 Gb Available in Paging File | 75,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 479,00 Gb Total Space | 419,13 Gb Free Space | 87,50% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,58 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: PETER | User Name: Petro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036019BE-C56C-407F-AF53-DFCC83B0390D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{092F3152-95F2-45CD-BEAA-D23DEB48A8DD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{27CF5E69-4EDC-490F-BB88-DA00166EA76D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2E61592E-E760-43AA-AAAF-4522007524AD}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
"{322CCA1E-0A79-4AED-8878-C4AEAA212EDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35754B52-EE97-410D-9538-496604840DA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4CA5312F-8B66-4E5C-8217-2CFB667FD691}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{660FDFA8-C84B-41AB-88C9-8A436CD75FCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6790BE46-DDFF-425E-91F1-0406661D1E06}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{73371995-D68B-4CCB-9A4B-5CA31D62BED0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74A86AFD-C24D-4101-B2D2-FB2BBC355DD9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75C613AF-5282-4EB5-B8B8-385F2B741580}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76EC8677-6FCD-4D85-B1E9-33F49FDE281A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{786F8E44-6FA9-455D-B051-29C29FEE379A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{878121DA-3355-4115-9E75-A1F30524147A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{89F18CCF-BAAF-4C07-85B0-2038335166D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A07AB18-13E8-4478-A86D-66A876CCA5C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{930097E2-6358-483C-8062-30081BC304A6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{944A9363-0341-487E-850F-EC3FE3221872}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A10F3B91-EA67-4EF6-8642-EAE0CB50440C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A1A38D4A-4DFF-4468-98D6-63A64E50B40A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A3C5561A-8FAC-460A-B921-5E1FF53A3C26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9A413CE-4845-4280-8AE5-B532167A0D20}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3A8FA52-B5E7-48D1-ADAE-E42B34EFD856}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B4078CE4-CFB7-4861-9F25-6515671445D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B45CBE4C-134D-49C8-8A78-C22810735CFE}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
"{BBDEBBDE-7543-459D-A973-4D290C5229A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C99C3BC4-19D5-4075-AC1F-CCA7009880EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAD7ED7F-4B5B-4181-9B7E-154EE172AFC0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D4024D3D-EDA2-4FEB-8FFE-F707313AC9E0}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
"{DF3894A1-9DC7-45CC-804A-04BB8E305378}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064185CA-7B62-4CD8-A646-EDFB0AD4A35D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{07F46C31-550D-45F8-BA5B-E157C67BE660}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0F1B5B39-74CA-4E97-83A5-4366F04638B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FBE642C-6E95-41C6-B776-A9FB925940E6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{165AC959-61C2-4E8A-AD3A-BFD4C263C695}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{17EBF239-38B0-4E28-A553-0C2E787A476F}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{1A66082B-C6C1-4FE5-A1F6-E71F78527AF1}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{1DD4B3F0-FE72-4149-A275-104ECBE84AC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ED819D7-537D-4A80-A298-55BE0140A8F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2A4F4DC8-B844-4AAC-AF0E-780F3CD86271}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{2A61AA22-4877-4CF6-AC46-4670F0F45FED}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2D544A69-DD11-4EE3-BEC6-CCBD94DDC6B0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{50B89420-47AC-4ECF-A434-C826FF3A0D99}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{52A378A0-3A4B-471E-A029-5205E2E4B5A7}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{546CE20C-6D6A-45B4-9E3F-C079AC0F4340}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{5954FC5E-5CE2-48E5-9964-38F7814DDEF6}" = protocol=6 | dir=out | app=system | 
"{5E9E27CA-E8AA-4E9F-941D-2ADD9C8168F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{600FF848-ADE3-4EA5-8A42-AEA023BCD842}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{6548E9F2-DA6A-4F17-A483-430EE74421A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6BCA52AA-9D94-47AB-BB2C-961D93F19621}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{751E37DA-883B-4A11-8C51-EA55CFFC15A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75AD082B-978E-4245-81A5-69E3A564BF0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83BE7294-A638-4438-BAB7-AD479726EC08}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{848953CB-FB63-4449-A811-F956AEA5EBBE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{87A9ABB1-CE3E-40B6-A128-9FC485AB9DA3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{8DA50138-ABAF-4B07-9850-0D357381D280}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{953C8D0F-5ACE-4C29-A666-6EAD22E944F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{95D5C88E-66A1-44D4-BDA2-3C0A3DB95501}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{9B73B462-DFC8-4BFD-89BB-B4C1D555016F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9E3D9528-56F7-4D34-88EA-F6AE55E8F92A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4BFF86E-A3A4-480C-8DEC-CF3F8EEFE414}" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"{AAEC9A1B-6D35-4475-831D-600BFFF3F9F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC08A5C4-DACE-410C-9764-D3E432C0B4E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AC551E21-D5E5-49BE-BCF0-8AFDB2AE9397}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B10785ED-3683-4873-9977-E7A3B8D25AF7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B28BB55F-98F3-4F72-81C1-06C6866F942F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BBF0F127-F0B0-415C-B45B-18CCAE46C41E}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe | 
"{C27FF834-12BE-4C74-9759-DB33022C2031}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C6433595-6AF0-47D8-948D-1345CE319E2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCE2BF40-BD87-4A64-92DE-EF37A793DE4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF8D7F07-1468-47E3-9FF4-B0F260C96C13}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{D39EAEDD-979D-4D21-97E4-82E3CC78F5EE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{DBCA6248-5CD7-422E-8C13-A2ED90EBE322}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{DC26EEEC-8D16-4DF1-9114-CF568929C068}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF933F79-B6B3-429B-8235-BC2CB8AC9553}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{E1970DBD-9879-44F8-91E1-EAF0EE1C27BC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{E1A6C853-1C1F-4495-A39C-F81E16716F82}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{E26B57FE-87B5-4DA4-B853-6F7084B802DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E77A2E25-F042-4EDC-A380-884C2C445794}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC5BEC8F-0140-4EE6-B1F8-8FFC49CF5CA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC75E669-20A6-4F05-AF9C-6FF8F3DF1AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"{F08943C4-B688-4A2D-91FB-EF7935F57AA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD68EFB0-A0B8-48D2-8ACB-69EF8DDEF7C0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FD82FCC4-B6F1-4FDA-848F-9616C4EDA23C}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{FDD7625A-85B0-4CB7-A28B-680FE0C32320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{413C2411-7226-4B34-9874-BB505781E0E9}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{C86E5B25-EFEA-4B0A-8A57-7AC7B9786541}C:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"TCP Query User{F1E2BE4F-C068-484D-A946-D4DE041D3BCD}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe | 
"UDP Query User{0B1A14AF-CA47-4E65-B95E-093FB35E5A25}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{35D64562-78D9-4020-A100-3907EBF3638F}C:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe | 
"UDP Query User{90D1AFF5-5A62-4A3B-94AD-BC58A217EDE8}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E9F59205-F128-49A7-9039-4BDFB60EE4A3}" = Dell Stage
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F91BF1B5-4213-440C-8539-C6EB2F1D1734}" = Dell Digital Delivery
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"IrfanView" = IrfanView (remove only)
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"QNAP_FINDER" = QNAP Finder
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.99.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2012 22:37:43 | Computer Name = peter | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.12.2012 19:30:24 | Computer Name = peter | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.12.2012 06:56:02 | Computer Name = peter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee11.exe, Version: 11.0.85.0,
 Zeitstempel: 0x48d946ca  Name des fehlerhaften Moduls: ACDSee11.exe, Version: 11.0.85.0,
 Zeitstempel: 0x48d946ca  Ausnahmecode: 0xc0000409  Fehleroffset: 0x005a5d49  ID des fehlerhaften
 Prozesses: 0x213c  Startzeit der fehlerhaften Anwendung: 0x01cde4e9e9c3fded  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe
Berichtskennung:
 2ad04adc-50dd-11e2-9d51-848f69bcf115
 
Error - 28.12.2012 07:47:31 | Computer Name = peter | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.12.2012 13:27:54 | Computer Name = peter | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.12.2012 13:27:54 | Computer Name = peter | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 28.12.2012 13:27:54 | Computer Name = peter | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 29.12.2012 04:29:46 | Computer Name = peter | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 29.12.2012 06:51:12 | Computer Name = peter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee11.exe, Version: 11.0.85.0,
 Zeitstempel: 0x48d946ca  Name des fehlerhaften Moduls: ACDSee11.exe, Version: 11.0.85.0,
 Zeitstempel: 0x48d946ca  Ausnahmecode: 0xc0000409  Fehleroffset: 0x005a5d49  ID des fehlerhaften
 Prozesses: 0x2f18  Startzeit der fehlerhaften Anwendung: 0x01cde5b2693720d9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe
Berichtskennung:
 a85748ac-51a5-11e2-9d51-848f69bcf115
 
Error - 30.12.2012 10:19:01 | Computer Name = peter | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 16.06.2012 06:55:31 | Computer Name = peter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
 
< End of report >
         


Alt 24.01.2013, 21:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> certified toolbar eingefangen - Browser hijacker

Alt 25.01.2013, 07:49   #7
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo cosinus,
habe nun auch mit Malewarebytes gescannt. Hat offenbar keine Infizierung gefunden und ist daher auch nicht heruntergefahren. Aber hier das Log-File dazu. Danke nochmals im Voraus!

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Petro :: PETER [administrator]

25.01.2013 08:27:11
mbar-log-2013-01-25 (08-27-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30416
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 25.01.2013, 11:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 12:39   #9
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo cosinus,
hier die weiteren scans:

1) Avast
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 13:25:52
-----------------------------
13:25:52.034    OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:52.034    Number of processors: 8 586 0x2A07
13:25:52.034    ComputerName: PETER  UserName: Petro
13:25:53.048    Initialize success
13:25:53.189    AVAST engine defs: 13012500
13:25:59.787    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:25:59.787    Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
13:25:59.865    Disk 0 MBR read successfully
13:25:59.881    Disk 0 MBR scan
13:25:59.881    Disk 0 Windows VISTA default MBR code
13:25:59.897    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
13:25:59.928    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 212992
13:25:59.943    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       490499 MB offset 41172992
13:25:59.959    Disk 0 Partition - 00     0F Extended LBA            204799 MB offset 1045716992
13:26:00.006    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       204798 MB offset 1045719040
13:26:00.053    Disk 0 scanning C:\Windows\system32\drivers
13:26:09.506    Service scanning
13:26:27.992    Modules scanning
13:26:28.008    Disk 0 trace - called modules:
13:26:28.367    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
13:26:28.382    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095d2790]
13:26:28.398    3 CLASSPNP.SYS[fffff880013b043f] -> nt!IofCallDriver -> [0xfffffa80078df630]
13:26:28.398    5 ACPI.sys[fffff88000f427a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800798b050]
13:26:28.398    Scan finished successfully
13:27:08.802    Disk 0 MBR has been saved successfully to "C:\Users\Petro\Downloads\MBR.dat"
13:27:08.802    The log file has been saved successfully to "C:\Users\Petro\Downloads\aswMBR.txt"
         

2) TDSS Killer
Code:
ATTFilter
13:30:57.0454 4584  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:30:57.0766 4584  ============================================================
13:30:57.0766 4584  Current date / time: 2013/01/25 13:30:57.0766
13:30:57.0766 4584  SystemInfo:
13:30:57.0766 4584  
13:30:57.0766 4584  OS Version: 6.1.7601 ServicePack: 1.0
13:30:57.0766 4584  Product type: Workstation
13:30:57.0766 4584  ComputerName: PETER
13:30:57.0766 4584  UserName: Petro
13:30:57.0766 4584  Windows directory: C:\Windows
13:30:57.0766 4584  System windows directory: C:\Windows
13:30:57.0766 4584  Running under WOW64
13:30:57.0766 4584  Processor architecture: Intel x64
13:30:57.0766 4584  Number of processors: 8
13:30:57.0766 4584  Page size: 0x1000
13:30:57.0766 4584  Boot type: Normal boot
13:30:57.0766 4584  ============================================================
13:30:58.0718 4584  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:30:58.0749 4584  ============================================================
13:30:58.0749 4584  \Device\Harddisk0\DR0:
13:30:58.0749 4584  MBR partitions:
13:30:58.0749 4584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
13:30:58.0749 4584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x3BE01EF0
13:30:58.0780 4584  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3E546800, BlocksNum 0x18FFF000
13:30:58.0780 4584  ============================================================
13:30:58.0811 4584  C: <-> \Device\Harddisk0\DR0\Partition2
13:30:58.0842 4584  D: <-> \Device\Harddisk0\DR0\Partition3
13:30:58.0842 4584  ============================================================
13:30:58.0842 4584  Initialize success
13:30:58.0842 4584  ============================================================
13:31:24.0380 4260  ============================================================
13:31:24.0380 4260  Scan started
13:31:24.0380 4260  Mode: Manual; SigCheck; TDLFS; 
13:31:24.0380 4260  ============================================================
13:31:24.0770 4260  ================ Scan system memory ========================
13:31:24.0770 4260  System memory - ok
13:31:24.0770 4260  ================ Scan services =============================
13:31:24.0910 4260  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:31:25.0066 4260  1394ohci - ok
13:31:25.0160 4260  [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
13:31:25.0191 4260  a2acc - ok
13:31:25.0300 4260  [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
13:31:25.0363 4260  a2AntiMalware - ok
13:31:25.0394 4260  [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
13:31:25.0409 4260  A2DDA - ok
13:31:25.0425 4260  [ 3D55CE53128C81E06CD6B024C3B9FAC3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
13:31:25.0441 4260  a2injectiondriver - ok
13:31:25.0441 4260  [ E41D79682A209F72F4F578CFD4A53952 ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
13:31:25.0472 4260  a2util - ok
13:31:25.0487 4260  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:31:25.0503 4260  ACPI - ok
13:31:25.0519 4260  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:31:25.0612 4260  AcpiPmi - ok
13:31:25.0706 4260  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:31:25.0737 4260  AdobeARMservice - ok
13:31:25.0862 4260  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:31:25.0877 4260  AdobeFlashPlayerUpdateSvc - ok
13:31:25.0909 4260  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:31:25.0940 4260  adp94xx - ok
13:31:25.0955 4260  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:31:25.0971 4260  adpahci - ok
13:31:25.0987 4260  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:31:26.0002 4260  adpu320 - ok
13:31:26.0018 4260  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:31:26.0143 4260  AeLookupSvc - ok
13:31:26.0205 4260  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:31:26.0221 4260  AERTFilters - ok
13:31:26.0267 4260  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:31:26.0377 4260  AFD - ok
13:31:26.0408 4260  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:31:26.0439 4260  agp440 - ok
13:31:26.0470 4260  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:31:26.0548 4260  ALG - ok
13:31:26.0564 4260  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:31:26.0564 4260  aliide - ok
13:31:26.0579 4260  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:31:26.0579 4260  amdide - ok
13:31:26.0579 4260  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:31:26.0626 4260  AmdK8 - ok
13:31:26.0642 4260  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:31:26.0657 4260  AmdPPM - ok
13:31:26.0673 4260  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:31:26.0689 4260  amdsata - ok
13:31:26.0704 4260  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:31:26.0720 4260  amdsbs - ok
13:31:26.0720 4260  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:31:26.0735 4260  amdxata - ok
13:31:26.0767 4260  [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
13:31:26.0829 4260  AMPPAL - ok
13:31:26.0845 4260  [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
13:31:26.0860 4260  AMPPALP - ok
13:31:26.0954 4260  [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:31:27.0001 4260  AMPPALR3 - ok
13:31:27.0032 4260  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:31:27.0219 4260  AppID - ok
13:31:27.0235 4260  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:31:27.0297 4260  AppIDSvc - ok
13:31:27.0313 4260  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:31:27.0375 4260  Appinfo - ok
13:31:27.0453 4260  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:31:27.0484 4260  Apple Mobile Device - ok
13:31:27.0500 4260  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:31:27.0531 4260  arc - ok
13:31:27.0547 4260  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:31:27.0562 4260  arcsas - ok
13:31:27.0640 4260  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:31:27.0656 4260  aspnet_state - ok
13:31:27.0687 4260  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:31:27.0718 4260  aswFsBlk - ok
13:31:27.0765 4260  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:31:27.0796 4260  aswMonFlt - ok
13:31:27.0812 4260  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
13:31:27.0827 4260  aswRdr - ok
13:31:27.0859 4260  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:31:27.0905 4260  aswSnx - ok
13:31:27.0921 4260  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:31:27.0937 4260  aswSP - ok
13:31:27.0952 4260  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:31:27.0968 4260  aswTdi - ok
13:31:27.0983 4260  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:28.0061 4260  AsyncMac - ok
13:31:28.0108 4260  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:31:28.0124 4260  atapi - ok
13:31:28.0171 4260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:31:28.0280 4260  AudioEndpointBuilder - ok
13:31:28.0295 4260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:31:28.0327 4260  AudioSrv - ok
13:31:28.0389 4260  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:31:28.0405 4260  avast! Antivirus - ok
13:31:28.0451 4260  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:31:28.0545 4260  AxInstSV - ok
13:31:28.0576 4260  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:31:28.0654 4260  b06bdrv - ok
13:31:28.0701 4260  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:28.0763 4260  b57nd60a - ok
13:31:28.0810 4260  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:31:28.0873 4260  BDESVC - ok
13:31:28.0888 4260  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:31:28.0966 4260  Beep - ok
13:31:29.0013 4260  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:31:29.0075 4260  BFE - ok
13:31:29.0122 4260  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:31:29.0200 4260  BITS - ok
13:31:29.0231 4260  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:31:29.0278 4260  blbdrive - ok
13:31:29.0387 4260  [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:31:29.0450 4260  Bluetooth Device Monitor - ok
13:31:29.0481 4260  [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:31:29.0512 4260  Bluetooth Media Service - ok
13:31:29.0543 4260  [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:31:29.0590 4260  Bluetooth OBEX Service - ok
13:31:29.0684 4260  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:31:29.0715 4260  Bonjour Service - ok
13:31:29.0731 4260  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:31:29.0793 4260  bowser - ok
13:31:29.0824 4260  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:31:29.0871 4260  BrFiltLo - ok
13:31:29.0887 4260  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:31:29.0902 4260  BrFiltUp - ok
13:31:29.0933 4260  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:31:30.0011 4260  Browser - ok
13:31:30.0027 4260  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:31:30.0105 4260  Brserid - ok
13:31:30.0105 4260  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:31:30.0152 4260  BrSerWdm - ok
13:31:30.0167 4260  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:31:30.0183 4260  BrUsbMdm - ok
13:31:30.0183 4260  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:31:30.0199 4260  BrUsbSer - ok
13:31:30.0230 4260  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:31:30.0323 4260  BthEnum - ok
13:31:30.0339 4260  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:31:30.0386 4260  BTHMODEM - ok
13:31:30.0417 4260  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:31:30.0479 4260  BthPan - ok
13:31:30.0526 4260  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:31:30.0573 4260  BTHPORT - ok
13:31:30.0620 4260  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:31:30.0667 4260  bthserv - ok
13:31:30.0713 4260  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:31:30.0729 4260  BTHSSecurityMgr - ok
13:31:30.0760 4260  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:31:30.0807 4260  BTHUSB - ok
13:31:30.0854 4260  [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
13:31:30.0916 4260  btmaudio - ok
13:31:30.0932 4260  [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
13:31:30.0994 4260  btmaux - ok
13:31:31.0041 4260  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
13:31:31.0103 4260  btmhsf - ok
13:31:31.0135 4260  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:31:31.0244 4260  cdfs - ok
13:31:31.0259 4260  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:31:31.0291 4260  cdrom - ok
13:31:31.0306 4260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:31:31.0384 4260  CertPropSvc - ok
13:31:31.0400 4260  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:31:31.0447 4260  circlass - ok
13:31:31.0478 4260  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:31:31.0509 4260  CLFS - ok
13:31:31.0540 4260  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:31.0571 4260  clr_optimization_v2.0.50727_32 - ok
13:31:31.0603 4260  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:31:31.0634 4260  clr_optimization_v2.0.50727_64 - ok
13:31:31.0681 4260  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:31:31.0712 4260  clr_optimization_v4.0.30319_32 - ok
13:31:31.0727 4260  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:31:31.0727 4260  clr_optimization_v4.0.30319_64 - ok
13:31:31.0759 4260  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:31.0805 4260  CmBatt - ok
13:31:31.0821 4260  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:31:31.0837 4260  cmdide - ok
13:31:31.0883 4260  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:31:31.0915 4260  CNG - ok
13:31:31.0961 4260  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:31:31.0977 4260  Compbatt - ok
13:31:32.0008 4260  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:31:32.0055 4260  CompositeBus - ok
13:31:32.0071 4260  COMSysApp - ok
13:31:32.0086 4260  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:31:32.0117 4260  crcdisk - ok
13:31:32.0164 4260  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:31:32.0227 4260  CryptSvc - ok
13:31:32.0273 4260  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:31:32.0320 4260  CtClsFlt - ok
13:31:32.0367 4260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:31:32.0445 4260  DcomLaunch - ok
13:31:32.0492 4260  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:31:32.0570 4260  defragsvc - ok
13:31:32.0648 4260  [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
13:31:32.0695 4260  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
13:31:32.0695 4260  DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
13:31:32.0726 4260  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:31:32.0835 4260  DfsC - ok
13:31:32.0897 4260  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:31:32.0975 4260  Dhcp - ok
13:31:33.0007 4260  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:31:33.0069 4260  discache - ok
13:31:33.0116 4260  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:31:33.0116 4260  Disk - ok
13:31:33.0147 4260  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:31:33.0225 4260  Dnscache - ok
13:31:33.0241 4260  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:31:33.0319 4260  dot3svc - ok
13:31:33.0334 4260  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:31:33.0397 4260  DPS - ok
13:31:33.0443 4260  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:31:33.0490 4260  drmkaud - ok
13:31:33.0537 4260  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:31:33.0615 4260  DXGKrnl - ok
13:31:33.0631 4260  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:31:33.0677 4260  EapHost - ok
13:31:33.0787 4260  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:31:33.0880 4260  ebdrv - ok
13:31:33.0927 4260  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:31:33.0989 4260  EFS - ok
13:31:34.0036 4260  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:31:34.0130 4260  ehRecvr - ok
13:31:34.0145 4260  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:31:34.0161 4260  ehSched - ok
13:31:34.0177 4260  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:31:34.0208 4260  elxstor - ok
13:31:34.0208 4260  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:31:34.0239 4260  ErrDev - ok
13:31:34.0270 4260  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:31:34.0333 4260  EventSystem - ok
13:31:34.0442 4260  [ B20A788579E443F768AAB1A24F705D0A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:31:34.0473 4260  EvtEng - ok
13:31:34.0504 4260  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:31:34.0535 4260  exfat - ok
13:31:34.0551 4260  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:31:34.0613 4260  fastfat - ok
13:31:34.0660 4260  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:31:34.0754 4260  Fax - ok
13:31:34.0769 4260  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:31:34.0801 4260  fdc - ok
13:31:34.0832 4260  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:31:34.0894 4260  fdPHost - ok
13:31:34.0894 4260  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:31:34.0972 4260  FDResPub - ok
13:31:34.0988 4260  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:31:34.0988 4260  FileInfo - ok
13:31:35.0003 4260  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:31:35.0035 4260  Filetrace - ok
13:31:35.0097 4260  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:31:35.0144 4260  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:31:35.0144 4260  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:31:35.0159 4260  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:31:35.0206 4260  flpydisk - ok
13:31:35.0222 4260  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:31:35.0222 4260  FltMgr - ok
13:31:35.0253 4260  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:31:35.0331 4260  FontCache - ok
13:31:35.0362 4260  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:31:35.0362 4260  FontCache3.0.0.0 - ok
13:31:35.0440 4260  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
13:31:35.0471 4260  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
13:31:35.0471 4260  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
13:31:35.0503 4260  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:31:35.0534 4260  FsDepends - ok
13:31:35.0549 4260  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:31:35.0565 4260  Fs_Rec - ok
13:31:35.0596 4260  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:31:35.0627 4260  fvevol - ok
13:31:35.0627 4260  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:31:35.0643 4260  gagp30kx - ok
13:31:35.0674 4260  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:31:35.0690 4260  GEARAspiWDM - ok
13:31:35.0721 4260  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:31:35.0783 4260  gpsvc - ok
13:31:35.0783 4260  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:31:35.0846 4260  hcw85cir - ok
13:31:35.0877 4260  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:31:35.0908 4260  HdAudAddService - ok
13:31:35.0939 4260  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:35.0986 4260  HDAudBus - ok
13:31:35.0986 4260  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:31:36.0017 4260  HidBatt - ok
13:31:36.0049 4260  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:31:36.0095 4260  HidBth - ok
13:31:36.0111 4260  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:31:36.0158 4260  HidIr - ok
13:31:36.0173 4260  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:31:36.0189 4260  hidserv - ok
13:31:36.0220 4260  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:31:36.0220 4260  HidUsb - ok
13:31:36.0298 4260  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:31:36.0376 4260  hkmsvc - ok
13:31:36.0407 4260  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:31:36.0439 4260  HomeGroupListener - ok
13:31:36.0470 4260  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:31:36.0532 4260  HomeGroupProvider - ok
13:31:36.0563 4260  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:31:36.0563 4260  HpSAMD - ok
13:31:36.0610 4260  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:31:36.0688 4260  HTTP - ok
13:31:36.0704 4260  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:31:36.0719 4260  hwpolicy - ok
13:31:36.0735 4260  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:36.0766 4260  i8042prt - ok
13:31:36.0797 4260  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:31:36.0829 4260  iaStor - ok
13:31:36.0875 4260  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:31:36.0891 4260  IAStorDataMgrSvc - ok
13:31:36.0922 4260  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:31:36.0938 4260  iaStorV - ok
13:31:36.0953 4260  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:31:36.0985 4260  iBtFltCoex - ok
13:31:37.0047 4260  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:31:37.0094 4260  idsvc - ok
13:31:37.0141 4260  [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
13:31:37.0156 4260  IGDCTRL - ok
13:31:37.0484 4260  [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:31:37.0952 4260  igfx - ok
13:31:37.0967 4260  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:31:37.0967 4260  iirsp - ok
13:31:37.0999 4260  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:31:38.0077 4260  IKEEXT - ok
13:31:38.0123 4260  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
13:31:38.0186 4260  Impcd - ok
13:31:38.0279 4260  [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:31:38.0389 4260  IntcAzAudAddService - ok
13:31:38.0420 4260  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:31:38.0467 4260  IntcDAud - ok
13:31:38.0482 4260  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:31:38.0513 4260  intelide - ok
13:31:38.0529 4260  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:31:38.0576 4260  intelppm - ok
13:31:38.0607 4260  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:31:38.0685 4260  IPBusEnum - ok
13:31:38.0732 4260  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:38.0747 4260  IpFilterDriver - ok
13:31:38.0779 4260  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:31:38.0841 4260  iphlpsvc - ok
13:31:38.0857 4260  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:31:38.0872 4260  IPMIDRV - ok
13:31:38.0888 4260  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:31:38.0935 4260  IPNAT - ok
13:31:38.0981 4260  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:31:38.0997 4260  iPod Service - ok
13:31:39.0028 4260  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:31:39.0075 4260  IRENUM - ok
13:31:39.0106 4260  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:31:39.0122 4260  isapnp - ok
13:31:39.0137 4260  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:31:39.0169 4260  iScsiPrt - ok
13:31:39.0200 4260  [ E56417C56B6A7316B6F527C890A1860D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
13:31:39.0215 4260  JMCR - ok
13:31:39.0231 4260  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:39.0247 4260  kbdclass - ok
13:31:39.0262 4260  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:39.0309 4260  kbdhid - ok
13:31:39.0340 4260  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:31:39.0371 4260  KeyIso - ok
13:31:39.0387 4260  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:31:39.0418 4260  KSecDD - ok
13:31:39.0449 4260  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:31:39.0481 4260  KSecPkg - ok
13:31:39.0496 4260  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:31:39.0574 4260  ksthunk - ok
13:31:39.0590 4260  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:31:39.0668 4260  KtmRm - ok
13:31:39.0730 4260  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:31:39.0793 4260  LanmanServer - ok
13:31:39.0808 4260  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:31:39.0886 4260  LanmanWorkstation - ok
13:31:39.0949 4260  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:31:39.0995 4260  lltdio - ok
13:31:40.0027 4260  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:31:40.0105 4260  lltdsvc - ok
13:31:40.0136 4260  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:31:40.0229 4260  lmhosts - ok
13:31:40.0276 4260  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:31:40.0307 4260  LMS - ok
13:31:40.0339 4260  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:31:40.0370 4260  LSI_FC - ok
13:31:40.0370 4260  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:31:40.0385 4260  LSI_SAS - ok
13:31:40.0385 4260  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:31:40.0385 4260  LSI_SAS2 - ok
13:31:40.0417 4260  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:31:40.0417 4260  LSI_SCSI - ok
13:31:40.0432 4260  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:31:40.0479 4260  luafv - ok
13:31:40.0526 4260  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:31:40.0541 4260  MBAMProtector - ok
13:31:40.0604 4260  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:31:40.0635 4260  MBAMScheduler - ok
13:31:40.0666 4260  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:31:40.0697 4260  MBAMService - ok
13:31:40.0744 4260  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
13:31:40.0760 4260  McComponentHostService - ok
13:31:40.0791 4260  [ DD77E54EC5CBE1AFF48486BC3E0E3A64 ] MCSWASVR        C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
13:31:40.0822 4260  MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
13:31:40.0822 4260  MCSWASVR - detected UnsignedFile.Multi.Generic (1)
13:31:40.0853 4260  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:31:40.0916 4260  Mcx2Svc - ok
13:31:40.0978 4260  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:31:41.0009 4260  MDM - ok
13:31:41.0025 4260  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:31:41.0041 4260  megasas - ok
13:31:41.0056 4260  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:31:41.0056 4260  MegaSR - ok
13:31:41.0072 4260  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:31:41.0087 4260  MEIx64 - ok
13:31:41.0150 4260  Microsoft SharePoint Workspace Audit Service - ok
13:31:41.0181 4260  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:31:41.0243 4260  MMCSS - ok
13:31:41.0259 4260  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:31:41.0353 4260  Modem - ok
13:31:41.0384 4260  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:31:41.0446 4260  monitor - ok
13:31:41.0462 4260  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:31:41.0477 4260  mouclass - ok
13:31:41.0509 4260  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:31:41.0540 4260  mouhid - ok
13:31:41.0555 4260  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:31:41.0571 4260  mountmgr - ok
13:31:41.0649 4260  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:31:41.0680 4260  MozillaMaintenance - ok
13:31:41.0696 4260  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:31:41.0711 4260  mpio - ok
13:31:41.0711 4260  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:31:41.0743 4260  mpsdrv - ok
13:31:41.0789 4260  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:31:41.0852 4260  MpsSvc - ok
13:31:41.0852 4260  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:31:41.0899 4260  MRxDAV - ok
13:31:41.0914 4260  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:41.0992 4260  mrxsmb - ok
13:31:42.0008 4260  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:42.0055 4260  mrxsmb10 - ok
13:31:42.0086 4260  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:42.0086 4260  mrxsmb20 - ok
13:31:42.0101 4260  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:31:42.0133 4260  msahci - ok
13:31:42.0133 4260  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:31:42.0148 4260  msdsm - ok
13:31:42.0164 4260  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:31:42.0211 4260  MSDTC - ok
13:31:42.0242 4260  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:31:42.0304 4260  Msfs - ok
13:31:42.0320 4260  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:31:42.0398 4260  mshidkmdf - ok
13:31:42.0413 4260  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:31:42.0429 4260  msisadrv - ok
13:31:42.0460 4260  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:31:42.0554 4260  MSiSCSI - ok
13:31:42.0554 4260  msiserver - ok
13:31:42.0585 4260  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:31:42.0647 4260  MSKSSRV - ok
13:31:42.0679 4260  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:42.0725 4260  MSPCLOCK - ok
13:31:42.0757 4260  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:31:42.0819 4260  MSPQM - ok
13:31:42.0850 4260  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:31:42.0866 4260  MsRPC - ok
13:31:42.0881 4260  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:42.0881 4260  mssmbios - ok
13:31:42.0897 4260  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:31:42.0944 4260  MSTEE - ok
13:31:42.0959 4260  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:31:42.0991 4260  MTConfig - ok
13:31:43.0006 4260  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:31:43.0037 4260  Mup - ok
13:31:43.0053 4260  [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:31:43.0100 4260  MyWiFiDHCPDNS - ok
13:31:43.0131 4260  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:31:43.0209 4260  napagent - ok
13:31:43.0256 4260  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:31:43.0318 4260  NativeWifiP - ok
13:31:43.0427 4260  [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
13:31:43.0459 4260  NAUpdate - ok
13:31:43.0490 4260  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:31:43.0521 4260  NDIS - ok
13:31:43.0552 4260  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:31:43.0615 4260  NdisCap - ok
13:31:43.0630 4260  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:43.0661 4260  NdisTapi - ok
13:31:43.0693 4260  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:43.0724 4260  Ndisuio - ok
13:31:43.0739 4260  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:43.0786 4260  NdisWan - ok
13:31:43.0817 4260  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:31:43.0849 4260  NDProxy - ok
13:31:43.0942 4260  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
13:31:44.0020 4260  Nero BackItUp Scheduler 3 - ok
13:31:44.0036 4260  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:31:44.0083 4260  NetBIOS - ok
13:31:44.0098 4260  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:31:44.0129 4260  NetBT - ok
13:31:44.0161 4260  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:31:44.0161 4260  Netlogon - ok
13:31:44.0192 4260  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:31:44.0270 4260  Netman - ok
13:31:44.0317 4260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:44.0348 4260  NetMsmqActivator - ok
13:31:44.0348 4260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:44.0379 4260  NetPipeActivator - ok
13:31:44.0379 4260  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:31:44.0441 4260  netprofm - ok
13:31:44.0441 4260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:44.0441 4260  NetTcpActivator - ok
13:31:44.0441 4260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:44.0457 4260  NetTcpPortSharing - ok
13:31:44.0691 4260  [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
13:31:44.0972 4260  NETwNs64 - ok
13:31:44.0987 4260  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:31:45.0019 4260  nfrd960 - ok
13:31:45.0050 4260  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:31:45.0097 4260  NlaSvc - ok
13:31:45.0190 4260  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
13:31:45.0221 4260  NMIndexingService - ok
13:31:45.0346 4260  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
13:31:45.0440 4260  NOBU - ok
13:31:45.0502 4260  NPF - ok
13:31:45.0502 4260  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:31:45.0565 4260  Npfs - ok
13:31:45.0580 4260  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:31:45.0643 4260  nsi - ok
13:31:45.0674 4260  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:31:45.0736 4260  nsiproxy - ok
13:31:45.0736 4260  NSNDIS5 - ok
13:31:45.0814 4260  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:31:45.0892 4260  Ntfs - ok
13:31:45.0892 4260  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:31:45.0939 4260  Null - ok
13:31:45.0986 4260  [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
13:31:46.0048 4260  nusb3hub - ok
13:31:46.0064 4260  [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:31:46.0079 4260  nusb3xhc - ok
13:31:46.0126 4260  [ 63BCD806F51C31159193697F306FEB7F ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
13:31:46.0157 4260  nvkflt - ok
13:31:46.0454 4260  [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:31:46.0813 4260  nvlddmkm - ok
13:31:46.0828 4260  [ 682EA9ED3399D6066F0DAECF7938727E ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
13:31:46.0828 4260  nvpciflt - ok
13:31:46.0859 4260  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:31:46.0859 4260  nvraid - ok
13:31:46.0891 4260  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:31:46.0906 4260  nvstor - ok
13:31:46.0937 4260  [ 9E01B716C8085F7ADB1CDC10103CEEF8 ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
13:31:46.0953 4260  NvStUSB - ok
13:31:47.0031 4260  [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] NVSvc           C:\Windows\system32\nvvsvc.exe
13:31:47.0078 4260  NVSvc - ok
13:31:47.0171 4260  [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:31:47.0218 4260  nvUpdatusService - ok
13:31:47.0249 4260  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:31:47.0249 4260  nv_agp - ok
13:31:47.0265 4260  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:31:47.0312 4260  ohci1394 - ok
13:31:47.0390 4260  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:47.0405 4260  ose64 - ok
13:31:47.0593 4260  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:31:47.0733 4260  osppsvc - ok
13:31:47.0764 4260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:31:47.0827 4260  p2pimsvc - ok
13:31:47.0858 4260  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:31:47.0889 4260  p2psvc - ok
13:31:47.0905 4260  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:31:47.0936 4260  Parport - ok
13:31:47.0967 4260  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:31:47.0983 4260  partmgr - ok
13:31:47.0998 4260  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:31:48.0045 4260  PcaSvc - ok
13:31:48.0123 4260  [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
13:31:48.0154 4260  PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
13:31:48.0185 4260  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:31:48.0217 4260  pci - ok
13:31:48.0232 4260  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:31:48.0232 4260  pciide - ok
13:31:48.0248 4260  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:31:48.0263 4260  pcmcia - ok
13:31:48.0279 4260  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:31:48.0310 4260  pcw - ok
13:31:48.0326 4260  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:31:48.0388 4260  PEAUTH - ok
13:31:48.0466 4260  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:31:48.0497 4260  PerfHost - ok
13:31:48.0529 4260  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:31:48.0638 4260  pla - ok
13:31:48.0685 4260  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
13:31:48.0700 4260  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
13:31:48.0700 4260  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
13:31:48.0763 4260  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:31:48.0841 4260  PlugPlay - ok
13:31:48.0872 4260  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:31:48.0919 4260  PNRPAutoReg - ok
13:31:48.0950 4260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:31:48.0965 4260  PNRPsvc - ok
13:31:48.0981 4260  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:31:49.0059 4260  PolicyAgent - ok
13:31:49.0090 4260  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
13:31:49.0137 4260  Power - ok
13:31:49.0168 4260  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:31:49.0231 4260  PptpMiniport - ok
13:31:49.0262 4260  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:31:49.0293 4260  Processor - ok
13:31:49.0324 4260  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
13:31:49.0387 4260  ProfSvc - ok
13:31:49.0402 4260  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:31:49.0449 4260  ProtectedStorage - ok
13:31:49.0465 4260  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:31:49.0543 4260  Psched - ok
13:31:49.0574 4260  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:31:49.0605 4260  PxHlpa64 - ok
13:31:49.0621 4260  [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
13:31:49.0636 4260  qicflt - ok
13:31:49.0683 4260  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:31:49.0745 4260  ql2300 - ok
13:31:49.0777 4260  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:31:49.0777 4260  ql40xx - ok
13:31:49.0808 4260  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:31:49.0823 4260  QWAVE - ok
13:31:49.0839 4260  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:31:49.0901 4260  QWAVEdrv - ok
13:31:49.0917 4260  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:31:49.0979 4260  RasAcd - ok
13:31:49.0995 4260  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:31:50.0026 4260  RasAgileVpn - ok
13:31:50.0057 4260  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:31:50.0120 4260  RasAuto - ok
13:31:50.0151 4260  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:50.0213 4260  Rasl2tp - ok
13:31:50.0229 4260  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:31:50.0260 4260  RasMan - ok
13:31:50.0276 4260  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:50.0323 4260  RasPppoe - ok
13:31:50.0354 4260  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:31:50.0416 4260  RasSstp - ok
13:31:50.0447 4260  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:31:50.0510 4260  rdbss - ok
13:31:50.0541 4260  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:31:50.0572 4260  rdpbus - ok
13:31:50.0588 4260  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:50.0619 4260  RDPCDD - ok
13:31:50.0635 4260  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:31:50.0681 4260  RDPENCDD - ok
13:31:50.0713 4260  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:31:50.0759 4260  RDPREFMP - ok
13:31:50.0775 4260  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:31:50.0837 4260  RDPWD - ok
13:31:50.0869 4260  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:31:50.0869 4260  rdyboost - ok
13:31:50.0947 4260  [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:31:50.0978 4260  RegSrvc - ok
13:31:50.0993 4260  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:31:51.0025 4260  RemoteAccess - ok
13:31:51.0040 4260  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:31:51.0118 4260  RemoteRegistry - ok
13:31:51.0149 4260  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:31:51.0196 4260  RFCOMM - ok
13:31:51.0290 4260  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:31:51.0337 4260  RoxMediaDB12OEM - ok
13:31:51.0352 4260  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:31:51.0368 4260  RoxWatch12 - ok
13:31:51.0399 4260  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:31:51.0508 4260  RpcEptMapper - ok
13:31:51.0539 4260  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:31:51.0586 4260  RpcLocator - ok
13:31:51.0617 4260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:31:51.0664 4260  RpcSs - ok
13:31:51.0695 4260  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:31:51.0742 4260  rspndr - ok
13:31:51.0805 4260  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:31:51.0851 4260  RTL8167 - ok
13:31:51.0851 4260  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:31:51.0867 4260  SamSs - ok
13:31:51.0883 4260  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:31:51.0883 4260  sbp2port - ok
13:31:51.0929 4260  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:31:51.0976 4260  SBSDWSCService - ok
13:31:52.0007 4260  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:31:52.0070 4260  SCardSvr - ok
13:31:52.0101 4260  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:31:52.0179 4260  scfilter - ok
13:31:52.0210 4260  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:31:52.0273 4260  Schedule - ok
13:31:52.0304 4260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:31:52.0319 4260  SCPolicySvc - ok
13:31:52.0351 4260  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:31:52.0413 4260  sdbus - ok
13:31:52.0444 4260  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:31:52.0507 4260  SDRSVC - ok
13:31:52.0538 4260  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:31:52.0616 4260  secdrv - ok
13:31:52.0631 4260  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:31:52.0663 4260  seclogon - ok
13:31:52.0678 4260  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:31:52.0709 4260  SENS - ok
13:31:52.0725 4260  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:31:52.0787 4260  SensrSvc - ok
13:31:52.0819 4260  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:31:52.0865 4260  Serenum - ok
13:31:52.0897 4260  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
13:31:52.0959 4260  Serial - ok
13:31:52.0990 4260  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:31:53.0037 4260  sermouse - ok
13:31:53.0084 4260  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:31:53.0146 4260  SessionEnv - ok
13:31:53.0177 4260  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
13:31:53.0193 4260  sffdisk - ok
13:31:53.0193 4260  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:31:53.0224 4260  sffp_mmc - ok
13:31:53.0255 4260  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
13:31:53.0302 4260  sffp_sd - ok
13:31:53.0333 4260  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:31:53.0333 4260  sfloppy - ok
13:31:53.0411 4260  [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:31:53.0489 4260  SftService - ok
13:31:53.0505 4260  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:31:53.0583 4260  SharedAccess - ok
13:31:53.0599 4260  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:31:53.0661 4260  ShellHWDetection - ok
13:31:53.0677 4260  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:31:53.0692 4260  SiSRaid2 - ok
13:31:53.0692 4260  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:31:53.0708 4260  SiSRaid4 - ok
13:31:53.0848 4260  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:31:53.0957 4260  Skype C2C Service - ok
13:31:53.0989 4260  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:31:54.0020 4260  SkypeUpdate - ok
13:31:54.0035 4260  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:31:54.0113 4260  Smb - ok
13:31:54.0145 4260  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:31:54.0191 4260  SNMPTRAP - ok
13:31:54.0207 4260  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:31:54.0223 4260  spldr - ok
13:31:54.0254 4260  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
13:31:54.0285 4260  Spooler - ok
13:31:54.0347 4260  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:31:54.0472 4260  sppsvc - ok
13:31:54.0488 4260  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:31:54.0519 4260  sppuinotify - ok
13:31:54.0535 4260  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:31:54.0613 4260  srv - ok
13:31:54.0644 4260  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:31:54.0722 4260  srv2 - ok
13:31:54.0737 4260  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:31:54.0753 4260  srvnet - ok
13:31:54.0784 4260  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:31:54.0831 4260  SSDPSRV - ok
13:31:54.0847 4260  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:31:54.0878 4260  SstpSvc - ok
13:31:54.0893 4260  [ 9E1222C417291BC836210743624A8E5E ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:31:54.0925 4260  Stereo Service - ok
13:31:54.0956 4260  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:31:54.0956 4260  stexstor - ok
13:31:54.0987 4260  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:31:55.0034 4260  StillCam - ok
13:31:55.0081 4260  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:31:55.0143 4260  stisvc - ok
13:31:55.0174 4260  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:31:55.0190 4260  stllssvr - ok
13:31:55.0190 4260  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:31:55.0205 4260  swenum - ok
13:31:55.0221 4260  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:31:55.0299 4260  swprv - ok
13:31:55.0377 4260  [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:31:55.0424 4260  SynTP - ok
13:31:55.0455 4260  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:31:55.0564 4260  SysMain - ok
13:31:55.0580 4260  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:31:55.0627 4260  TabletInputService - ok
13:31:55.0642 4260  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:31:55.0689 4260  TapiSrv - ok
13:31:55.0705 4260  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:31:55.0736 4260  TBS - ok
13:31:55.0798 4260  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:31:55.0861 4260  Tcpip - ok
13:31:55.0923 4260  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:31:55.0954 4260  TCPIP6 - ok
13:31:55.0985 4260  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:31:56.0048 4260  tcpipreg - ok
13:31:56.0063 4260  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:31:56.0126 4260  TDPIPE - ok
13:31:56.0157 4260  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:31:56.0204 4260  TDTCP - ok
13:31:56.0219 4260  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:31:56.0266 4260  tdx - ok
13:31:56.0297 4260  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:31:56.0297 4260  TermDD - ok
13:31:56.0329 4260  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:31:56.0407 4260  TermService - ok
13:31:56.0422 4260  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:31:56.0438 4260  Themes - ok
13:31:56.0453 4260  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:31:56.0485 4260  THREADORDER - ok
13:31:56.0500 4260  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:31:56.0563 4260  TrkWks - ok
13:31:56.0625 4260  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
13:31:56.0656 4260  truecrypt - ok
13:31:56.0703 4260  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:31:56.0765 4260  TrustedInstaller - ok
13:31:56.0797 4260  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:56.0859 4260  tssecsrv - ok
13:31:56.0890 4260  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:31:56.0953 4260  TsUsbFlt - ok
13:31:56.0968 4260  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:31:56.0999 4260  TsUsbGD - ok
13:31:57.0015 4260  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:31:57.0077 4260  tunnel - ok
13:31:57.0093 4260  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:31:57.0093 4260  uagp35 - ok
13:31:57.0109 4260  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:31:57.0171 4260  udfs - ok
13:31:57.0187 4260  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:31:57.0233 4260  UI0Detect - ok
13:31:57.0265 4260  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:31:57.0280 4260  uliagpkx - ok
13:31:57.0296 4260  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:31:57.0343 4260  umbus - ok
13:31:57.0358 4260  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:31:57.0374 4260  UmPass - ok
13:31:57.0499 4260  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:31:57.0608 4260  UNS - ok
13:31:57.0623 4260  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:31:57.0670 4260  upnphost - ok
13:31:57.0717 4260  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:31:57.0764 4260  USBAAPL64 - ok
13:31:57.0795 4260  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:57.0873 4260  usbccgp - ok
13:31:57.0873 4260  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:31:57.0889 4260  usbcir - ok
13:31:57.0904 4260  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:31:57.0951 4260  usbehci - ok
13:31:57.0982 4260  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:31:58.0045 4260  usbhub - ok
13:31:58.0091 4260  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:31:58.0138 4260  usbohci - ok
13:31:58.0154 4260  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:31:58.0216 4260  usbprint - ok
13:31:58.0247 4260  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:58.0310 4260  USBSTOR - ok
13:31:58.0341 4260  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:31:58.0388 4260  usbuhci - ok
13:31:58.0403 4260  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:31:58.0450 4260  usbvideo - ok
13:31:58.0481 4260  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:31:58.0544 4260  UxSms - ok
13:31:58.0575 4260  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:31:58.0591 4260  VaultSvc - ok
13:31:58.0606 4260  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:31:58.0606 4260  vdrvroot - ok
13:31:58.0637 4260  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:31:58.0669 4260  vds - ok
13:31:58.0684 4260  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:58.0700 4260  vga - ok
13:31:58.0715 4260  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:31:58.0778 4260  VgaSave - ok
13:31:58.0809 4260  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:31:58.0825 4260  vhdmp - ok
13:31:58.0840 4260  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:31:58.0840 4260  viaide - ok
13:31:58.0856 4260  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:31:58.0871 4260  volmgr - ok
13:31:58.0887 4260  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:31:58.0903 4260  volmgrx - ok
13:31:58.0918 4260  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:31:58.0934 4260  volsnap - ok
13:31:58.0949 4260  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:31:58.0949 4260  vsmraid - ok
13:31:59.0012 4260  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:31:59.0090 4260  VSS - ok
13:31:59.0090 4260  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:31:59.0121 4260  vwifibus - ok
13:31:59.0152 4260  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:31:59.0215 4260  vwififlt - ok
13:31:59.0230 4260  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:31:59.0261 4260  vwifimp - ok
13:31:59.0324 4260  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:31:59.0371 4260  W32Time - ok
13:31:59.0386 4260  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:31:59.0402 4260  WacomPen - ok
13:31:59.0402 4260  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:31:59.0449 4260  WANARP - ok
13:31:59.0449 4260  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:31:59.0480 4260  Wanarpv6 - ok
13:31:59.0527 4260  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:31:59.0636 4260  wbengine - ok
13:31:59.0651 4260  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:31:59.0667 4260  WbioSrvc - ok
13:31:59.0683 4260  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:31:59.0761 4260  wcncsvc - ok
13:31:59.0776 4260  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:31:59.0839 4260  WcsPlugInService - ok
13:31:59.0870 4260  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:31:59.0870 4260  Wd - ok
13:31:59.0901 4260  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:31:59.0932 4260  Wdf01000 - ok
13:31:59.0948 4260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:32:00.0041 4260  WdiServiceHost - ok
13:32:00.0041 4260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:32:00.0057 4260  WdiSystemHost - ok
13:32:00.0073 4260  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:32:00.0119 4260  WebClient - ok
13:32:00.0135 4260  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:32:00.0213 4260  Wecsvc - ok
13:32:00.0229 4260  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:32:00.0275 4260  wercplsupport - ok
13:32:00.0307 4260  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:32:00.0369 4260  WerSvc - ok
13:32:00.0385 4260  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:00.0416 4260  WfpLwf - ok
13:32:00.0447 4260  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:32:00.0478 4260  WimFltr - ok
13:32:00.0494 4260  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:32:00.0494 4260  WIMMount - ok
13:32:00.0509 4260  WinDefend - ok
13:32:00.0509 4260  WinHttpAutoProxySvc - ok
13:32:00.0556 4260  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:32:00.0619 4260  Winmgmt - ok
13:32:00.0728 4260  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:32:00.0821 4260  WinRM - ok
13:32:00.0899 4260  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:00.0946 4260  WinUsb - ok
13:32:00.0993 4260  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:32:01.0087 4260  Wlansvc - ok
13:32:01.0118 4260  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:32:01.0149 4260  wlcrasvc - ok
13:32:01.0258 4260  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:32:01.0321 4260  wlidsvc - ok
13:32:01.0352 4260  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:01.0399 4260  WmiAcpi - ok
13:32:01.0430 4260  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:32:01.0477 4260  wmiApSrv - ok
13:32:01.0523 4260  WMPNetworkSvc - ok
13:32:01.0555 4260  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:32:01.0601 4260  WPCSvc - ok
13:32:01.0601 4260  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:32:01.0617 4260  WPDBusEnum - ok
13:32:01.0633 4260  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:32:01.0664 4260  ws2ifsl - ok
13:32:01.0679 4260  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:32:01.0711 4260  wscsvc - ok
13:32:01.0711 4260  WSearch - ok
13:32:01.0820 4260  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:32:01.0913 4260  wuauserv - ok
13:32:01.0929 4260  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:32:01.0991 4260  WudfPf - ok
13:32:02.0023 4260  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:02.0085 4260  WUDFRd - ok
13:32:02.0116 4260  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:32:02.0147 4260  wudfsvc - ok
13:32:02.0163 4260  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:32:02.0210 4260  WwanSvc - ok
13:32:02.0225 4260  ================ Scan global ===============================
13:32:02.0241 4260  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:32:02.0272 4260  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:32:02.0288 4260  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:32:02.0319 4260  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:32:02.0350 4260  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:32:02.0366 4260  [Global] - ok
13:32:02.0366 4260  ================ Scan MBR ==================================
13:32:02.0381 4260  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:32:02.0740 4260  \Device\Harddisk0\DR0 - ok
13:32:02.0740 4260  ================ Scan VBR ==================================
13:32:02.0756 4260  [ E0639F128EEFA9ED8BC88C9F7D3AE6A4 ] \Device\Harddisk0\DR0\Partition1
13:32:02.0756 4260  \Device\Harddisk0\DR0\Partition1 - ok
13:32:02.0787 4260  [ 4114FF163AFC1440D5EA2B5405EAD13B ] \Device\Harddisk0\DR0\Partition2
13:32:02.0787 4260  \Device\Harddisk0\DR0\Partition2 - ok
13:32:02.0787 4260  [ C55F9122D86E5D6EF1C602B3287D8429 ] \Device\Harddisk0\DR0\Partition3
13:32:02.0787 4260  \Device\Harddisk0\DR0\Partition3 - ok
13:32:02.0803 4260  ============================================================
13:32:02.0803 4260  Scan finished
13:32:02.0803 4260  ============================================================
13:32:02.0818 4256  Detected object count: 5
13:32:02.0818 4256  Actual detected object count: 5
13:32:38.0121 4256  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:38.0121 4256  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:32:38.0121 4256  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:38.0121 4256  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:32:38.0121 4256  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:38.0121 4256  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:32:38.0121 4256  MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:38.0121 4256  MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:32:38.0121 4256  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:38.0121 4256  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 25.01.2013, 13:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Ist unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 14:42   #11
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo,
hier der AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.108 - Datei am 25/01/2013 um 14:57:48 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Petro - PETER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Petro\Downloads\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\pricepeep@getpricepeep.com.xpi
Datei Gefunden : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Protected Search
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Petro\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

*************************

AdwCleaner[R1].txt - [4970 octets] - [25/01/2013 14:57:48]

########## EOF - C:\AdwCleaner[R1].txt - [5030 octets] ##########
         

Alt 25.01.2013, 14:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 16:19   #13
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo,
der adwCleander läßt sich nicht mehr öffnen. Es erscheint "C:\....adwcleaner.exe ist keine gültige 32-bit Anwendung. Habe ihn auch schon mal wieder gelöscht und neu downgeloaded.

Was soll ich tun? Rechner runterfahren und nochmal downloaden?

Danke für kurze Rückinfo!

sushi

Hallo cosinus,
denke ich habe es doch geschafft , hoffe es lief alles richtig mit dem AdwCleaner. OTL im Anschluß.

1) AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.108 - Datei am 25/01/2013 um 18:15:31 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Petro - PETER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Petro\Downloads\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\pricepeep@getpricepeep.com.xpi
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Protected Search
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Petro\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

*************************

AdwCleaner[R1].txt - [5089 octets] - [25/01/2013 14:57:48]
AdwCleaner[R2].txt - [5149 octets] - [25/01/2013 16:47:28]
AdwCleaner[R3].txt - [5209 octets] - [25/01/2013 16:47:56]
AdwCleaner[R4].txt - [5269 octets] - [25/01/2013 18:12:35]
AdwCleaner[S1].txt - [5248 octets] - [25/01/2013 18:15:31]

########## EOF - C:\AdwCleaner[S1].txt - [5308 octets] ##########
         
2) OTL
Code:
ATTFilter
OTL logfile created on: 25.01.2013 18:23:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Petro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 4,98 Gb Available Physical Memory | 63,12% Memory free
15,79 Gb Paging File | 12,49 Gb Available in Paging File | 79,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 479,00 Gb Total Space | 418,81 Gb Free Space | 87,43% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,58 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: PETER | User Name: Petro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Petro\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MCSWASVR) -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\SearchScopes\{15F620D2-897B-471D-9956-C3016F0C5CAA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2BE4545B-25D7-405E-8F7E-F0B3EC0EB377&apn_sauid=16919A42-E075-49AB-A10A-1B7BAB17E09E
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BB0D70E72-2FC1-4b9f-A3D4-5921C854D906%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.12 13:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.25 08:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.23 21:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.24 09:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.24 09:02:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.17 13:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\Extensions
[2013.01.25 18:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\Firefox\Profiles\xdcit4i9.default\extensions
[2013.01.19 20:44:12 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\extension@ciuvo.com.xpi
[2013.01.19 20:46:59 | 000,175,931 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\support@shoptimate.com.xpi
[2013.01.07 16:02:36 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
[2013.01.23 20:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.23 20:58:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.23 20:58:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.01.23 21:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.25 08:40:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.25 08:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.25 08:40:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.25 08:40:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.25 08:40:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.19 17:25:49 | 000,003,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2013.01.25 08:40:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.25 08:40:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1005..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1005..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-695438745-3103446122-1789299792-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Petro\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O4 - Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E2EC9B-15DF-4544-91EB-287045EF297B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93EDA5A-9FE4-4481-B7AC-37708D12E29F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 09:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.24 03:07:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.23 22:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.01.23 22:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.01.23 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\Petro\Documents\Anti-Malware
[2013.01.23 21:09:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.23 21:08:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.23 21:08:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.23 21:08:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.23 21:08:21 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.21 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\Malwarebytes
[2013.01.21 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.21 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.21 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.21 21:14:28 | 000,000,000 | ---D | C] -- C:\rei
[2013.01.21 21:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.01.21 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\deltra Software GmbH
[2013.01.21 20:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2013.01.21 09:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013.01.21 09:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013.01.21 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\TestApp
[2013.01.21 09:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.01.19 17:29:07 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Local\Programs
[2013.01.19 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.19 17:01:35 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop Elements
[2013.01.19 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\WinRAR
[2013.01.19 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Local\DownTango
[2013.01.19 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.09 11:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2013.01.09 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2013.01.09 01:21:15 | 000,000,000 | ---D | C] -- C:\Users\Petro\restore
[2013.01.09 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.01.09 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.01.09 00:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2013.01.09 00:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CEWE COLOR
[2013.01.07 16:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic
[2013.01.07 16:01:33 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscmcde.dll
[2013.01.07 16:01:33 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb6de.dll
[2013.01.07 16:01:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Tabctde.dll
[2013.01.07 16:01:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winskde.dll
[2013.01.07 16:01:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stdftde.dll
[2013.01.07 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Petro\AppData\Roaming\BOM
[2013.01.07 16:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biet-O-Matic
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.25 18:27:09 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 18:27:09 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 18:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 18:17:31 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 18:05:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.25 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 21:00:06 | 000,005,632 | ---- | M] () -- C:\Users\Petro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.24 03:27:48 | 000,461,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.24 03:10:27 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.24 03:10:27 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 03:10:27 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 03:10:27 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 03:10:27 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 03:10:20 | 001,590,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.23 22:43:52 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.23 21:09:57 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 21:02:14 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 21:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.01.23 21:01:57 | 000,000,021 | ---- | M] () -- C:\Users\Petro\AppData\Local\mc.pixel.data
[2013.01.22 09:59:23 | 000,000,000 | ---- | M] () -- C:\Users\Petro\defogger_reenable
[2013.01.21 21:14:28 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.19 16:59:00 | 000,000,168 | ---- | M] () -- C:\Users\Public\Desktop\Search.url
[2013.01.09 22:37:19 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 22:37:19 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 11:19:33 | 000,001,899 | ---- | M] () -- C:\Users\Petro\Desktop\IrfanView Thumbnails.lnk
[2013.01.09 11:19:33 | 000,001,007 | ---- | M] () -- C:\Users\Petro\Desktop\IrfanView.lnk
[2013.01.09 11:15:00 | 000,001,798 | ---- | M] () -- C:\Users\Petro\Desktop\XnView.lnk
[2013.01.09 00:49:23 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
[2013.01.09 00:49:23 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.01.07 16:01:47 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2013.01.01 11:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2013.01.23 22:43:52 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.23 21:09:57 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 21:02:14 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.22 09:59:23 | 000,000,000 | ---- | C] () -- C:\Users\Petro\defogger_reenable
[2013.01.21 21:14:28 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.19 16:59:00 | 000,000,168 | ---- | C] () -- C:\Users\Public\Desktop\Search.url
[2013.01.09 11:15:00 | 000,001,798 | ---- | C] () -- C:\Users\Petro\Desktop\XnView.lnk
[2013.01.09 10:45:47 | 000,001,899 | ---- | C] () -- C:\Users\Petro\Desktop\IrfanView Thumbnails.lnk
[2013.01.09 10:45:47 | 000,001,007 | ---- | C] () -- C:\Users\Petro\Desktop\IrfanView.lnk
[2013.01.09 00:49:23 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
[2013.01.09 00:49:23 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.01.07 16:01:46 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2013.01.07 16:01:33 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.12.21 21:36:56 | 000,005,632 | ---- | C] () -- C:\Users\Petro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.20 20:23:55 | 000,000,021 | ---- | C] () -- C:\Users\Petro\AppData\Local\mc.pixel.data
[2012.03.11 11:25:54 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.02.26 10:04:09 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.02.26 10:04:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.02.26 10:03:53 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.26 10:03:53 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2012.02.26 10:03:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.02.26 10:03:04 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.02.26 10:03:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.26 10:02:59 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.02.26 10:02:54 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.02.25 12:12:31 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.02.25 12:12:26 | 000,001,024 | ---- | C] () -- C:\Users\Petro\.rnd
[2012.01.16 19:39:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.23 18:10:27 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.12.23 15:09:00 | 000,001,636 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2011.12.23 15:09:00 | 000,000,036 | ---- | C] () -- C:\Windows\TSNPL.dat
[2011.12.17 15:18:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.17 15:17:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.17 15:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.17 15:17:39 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.17 15:17:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.17 15:17:37 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.11 11:22:50 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         

Alt 26.01.2013, 18:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-695438745-3103446122-1789299792-1005\..\SearchScopes\{15F620D2-897B-471D-9956-C3016F0C5CAA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2BE4545B-25D7-405E-8F7E-F0B3EC0EB377&apn_sauid=16919A42-E075-49AB-A10A-1B7BAB17E09E
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2013, 00:28   #15
sushi0510
 
certified toolbar eingefangen - Browser hijacker - Standard

certified toolbar eingefangen - Browser hijacker



Hallo Cosinus,
wurde er nun beseitigt, der Hitacker oder was auch immer das Miststück war?
Dir nochmals vielen Dank!

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Internet Explorer\SearchScopes\{15F620D2-897B-471D-9956-C3016F0C5CAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F620D2-897B-471D-9956-C3016F0C5CAA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Petro\Downloads\cmd.bat deleted successfully.
C:\Users\Petro\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: peter
 
User: Petro
->Temp folder emptied: 125625837 bytes
->Temporary Internet Files folder emptied: 227445166 bytes
->Java cache emptied: 419676 bytes
->FireFox cache emptied: 71384511 bytes
->Flash cache emptied: 58765 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 204274968 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 1095823289 bytes
 
Total Files Cleaned = 1.645,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01282013_011902

Files\Folders moved on Reboot...
C:\Users\Petro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Petro\AppData\Local\Temp\~DFBCDDF129FA93BCD8.TMP moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu certified toolbar eingefangen - Browser hijacker
anhang, anleitung, ansehen, avast, browser, browser hijacker, certified, certified toolbar, einfach, eingefangen, erstellt, firefox, gen, gmer, google, guten, hijacker, installiert, kostenlose, logfiles, relativ, richtig, scanner, version, versucht, virenscan, virenscanner



Ähnliche Themen: certified toolbar eingefangen - Browser hijacker


  1. Win 7\Firefox\Browser-Hijacker eingefangen\Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (13)
  2. Hijacker? -> search.certified-toolbar / ständig download wünsche von unbekannten programmen
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (20)
  3. certified-toolbar.com entfernen
    Anleitungen, FAQs & Links - 10.10.2013 (2)
  4. Browser von Highjacker (Certified Toolbar) befallen?
    Log-Analyse und Auswertung - 21.09.2013 (3)
  5. Certified Toolbar nach download eingefangen
    Log-Analyse und Auswertung - 16.09.2013 (14)
  6. Certified Toolbar: wie kann ich sie löschen?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (7)
  7. Windows 7, search.certified-toolbar.com
    Log-Analyse und Auswertung - 14.09.2013 (21)
  8. Windows 7: Hijackerbefall search.certified-toolbar.com
    Log-Analyse und Auswertung - 11.09.2013 (9)
  9. search.certified-toolbar entfernen?
    Log-Analyse und Auswertung - 01.09.2013 (19)
  10. Windows 7: HomeTab und Certified Toolbar
    Log-Analyse und Auswertung - 16.08.2013 (11)
  11. Search.certified-toolbar.com... Logfile Auswertung
    Log-Analyse und Auswertung - 30.06.2013 (11)
  12. certified-toolbar entfernen
    Log-Analyse und Auswertung - 31.01.2013 (9)
  13. Certified-toolbar - bekommt man die weg ?
    Mülltonne - 31.01.2013 (0)
  14. Search.certified-toolbar.com Browser Hijacker entfernen
    Anleitungen, FAQs & Links - 28.01.2013 (2)
  15. Certified Toolbar Infektion
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (1)
  16. Hilfe, Browser Hijacker 209.66.114.130 eingefangen!!
    Log-Analyse und Auswertung - 07.01.2006 (8)
  17. Browser Hijacker Eingefangen!!! HILFE
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (2)

Zum Thema certified toolbar eingefangen - Browser hijacker - Hallo, ich habe mir die sog. certified toolbar eingefangen und weiß leider nicht wie ich sie losbekomme. Leider habe ich von der Materie relativ wenig Ahnung. Google hat mir mitgeteilt, - certified toolbar eingefangen - Browser hijacker...
Archiv
Du betrachtest: certified toolbar eingefangen - Browser hijacker auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.