| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes hat pup.dealio.tb gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2012, 18:21
| #1 |
 |  Malwarebytes hat pup.dealio.tb gefunden Hallo. Hab Malwarebytes mal durchlaufen lassen. Es wurde pup.dealio.tb gefunden. Ich hab immer als Standartbenutzer gearbeitet. System ist stabil. Logfiles im Anhang. Dankeschön im Vorraus Code:
ATTFilter OTL logfile created on: 03.11.2012 17:41:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,42% Memory free 6,49 Gb Paging File | 5,19 Gb Available in Paging File | 79,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,90 Gb Total Space | 194,26 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 12,31 Gb Free Space | 8,26% Space Free | Partition Type: NTFS Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 17:40:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\msr\Downloads\OTL.exe PRC - [2012.10.31 09:10:13 | 000,046,704 | ---- | M] () -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.06 12:01:46 | 004,433,408 | ---- | M] (Hollie-Soft) -- C:\Programme\Klebezettel NG\klebez.exe PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.11.05 20:03:49 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.10.20 06:41:51 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.09.22 22:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.09.22 22:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.09.22 16:00:52 | 002,571,032 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2011.08.22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2011.08.22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2011.08.21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.09.27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.06.29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe PRC - [2009.12.09 03:41:40 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.12.09 03:41:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.08.26 18:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\Audio\HDA\RtDCpl.exe PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 06:26:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 06:25:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 06:25:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.14 11:25:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 11:24:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.14 11:24:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.14 11:24:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.14 11:24:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.20 06:41:47 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2011.10.20 06:41:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.10.19 23:01:02 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2011.10.19 23:01:02 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.10.19 23:01:02 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2011.10.19 23:01:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.10.19 23:01:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.10.19 23:01:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2011.10.19 23:01:01 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.10.19 23:01:01 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.10.19 23:01:01 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.10.19 23:01:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.10.19 23:01:01 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2011.10.19 23:01:00 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:00 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:00 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:00 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.10.19 23:01:00 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.10.19 23:01:00 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.10.19 23:01:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.10.19 23:01:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.10.19 23:01:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.10.19 23:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.10.19 23:01:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.10.19 23:01:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.10.19 23:01:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.10.19 23:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.10.19 23:01:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.10.19 23:01:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.10.19 23:01:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.10.19 23:01:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.10.19 23:01:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.10.19 23:00:59 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.10.19 23:00:59 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.10.19 23:00:59 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.10.19 23:00:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.10.19 23:00:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.10.19 23:00:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.10.19 23:00:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.10.19 23:00:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.10.19 23:00:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.10.19 23:00:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.10.19 23:00:59 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.10.19 23:00:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.10.19 23:00:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.10.19 23:00:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll MOD - [2011.10.19 23:00:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll MOD - [2011.09.22 22:20:28 | 011,233,136 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2010.11.24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2008.11.18 13:25:08 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Services (SafeList) ========== SRV - [2012.10.31 09:10:13 | 000,046,704 | ---- | M] () [Auto | Running] -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe -- (DiinoService) SRV - [2012.10.09 09:52:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.11.05 20:03:49 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.09.22 22:21:10 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.08.22 17:23:28 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.08.22 17:22:54 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.21 23:11:22 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.11.25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.27 09:37:24 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2009.12.09 03:41:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\admin\AppData\Local\Temp\pwdyipod.sys -- (pwdyipod) DRV - [2012.08.21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 10:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.11.05 20:03:51 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2011.11.05 20:03:44 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) DRV - [2011.11.05 20:03:40 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2011.11.05 20:03:32 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.10.20 06:42:00 | 000,296,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2011.10.20 06:41:55 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2011.10.20 06:41:53 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2011.10.20 06:41:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2011.08.22 17:23:36 | 000,055,280 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2011.08.22 17:23:00 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport) DRV - [2011.08.22 17:22:44 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd2) DRV - [2011.08.22 17:22:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2011.08.22 15:12:26 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2011.08.22 15:12:26 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2011.08.21 23:11:22 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2011.08.21 23:01:24 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010.12.02 22:35:58 | 000,349,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2010.09.27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2010.09.27 14:24:50 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2010.09.03 10:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp) DRV - [2009.12.09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.12.09 03:41:40 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.11.17 00:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService) DRV - [2009.09.21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80} IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80} IE - HKCU\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 14:25:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.22 10:43:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions [2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} [2012.10.09 09:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SIEMENS AG [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012.11.03 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 15:30:34 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 15:30:34 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 15:27:43 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 15:27:43 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 15:27:43 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 15:27:43 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 15:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 15:23:15 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini [2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini [2012.03.02 07:56:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll [2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.08 23:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Acronis [2011.11.02 11:33:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ASCOMP Software [2011.11.06 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileMaker [2011.11.06 17:27:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ulead Systems [2011.11.16 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZJMedia ========== Purity Check ========== < End of report >
__________________  Gestern hab ich mir das Internet runtergeladen |
|
05.11.2012, 15:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes hat pup.dealio.tb gefunden Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
05.11.2012, 23:24
| #3 |
| | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 23:06:38
-----------------------------
23:06:38.889 OS Version: Windows 6.1.7601 Service Pack 1
23:06:38.889 Number of processors: 2 586 0x170A
23:06:38.890 ComputerName: OPTIPLEX380 UserName: admin
23:06:43.966 Initialize success
23:06:44.093 AVAST engine defs: 12110500
23:06:47.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:06:47.438 Disk 0 Vendor: WDC_WD3200AAKX-753CA1 19.01H19 Size: 305245MB BusType: 3
23:06:47.443 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
23:06:47.447 Disk 1 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
23:06:47.461 Disk 0 MBR read successfully
23:06:47.466 Disk 0 MBR scan
23:06:47.471 Disk 0 unknown MBR code
23:06:47.477 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:06:47.500 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16538 MB offset 81920
23:06:47.517 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288666 MB offset 33951744
23:06:47.525 Disk 0 scanning sectors +625139712
23:06:47.562 Disk 0 scanning C:\Windows\system32\drivers
23:06:53.722 Service scanning
23:07:07.091 Modules scanning
23:07:30.676 Disk 0 trace - called modules:
23:07:30.693 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
23:07:30.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86547400]
23:07:30.701 3 CLASSPNP.SYS[8c5a659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86093030]
23:07:31.116 AVAST engine scan C:\Windows
23:07:32.850 AVAST engine scan C:\Windows\system32
23:09:24.916 AVAST engine scan C:\Windows\system32\drivers
23:09:35.716 AVAST engine scan C:\Users\admin
23:10:08.016 AVAST engine scan C:\ProgramData
23:11:47.969 Scan finished successfully
23:12:52.459 Disk 0 MBR has been saved successfully to "C:\Users\msr\Desktop\MBR.dat"
23:12:52.463 The log file has been saved successfully to "C:\Users\msr\Desktop\aswMBR.txt"
Code:
ATTFilter 23:17:04.0334 4748 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:17:04.0468 4748 ============================================================
23:17:04.0468 4748 Current date / time: 2012/11/05 23:17:04.0468
23:17:04.0468 4748 SystemInfo:
23:17:04.0468 4748
23:17:04.0468 4748 OS Version: 6.1.7601 ServicePack: 1.0
23:17:04.0468 4748 Product type: Workstation
23:17:04.0468 4748 ComputerName: OPTIPLEX380
23:17:04.0468 4748 UserName: admin
23:17:04.0468 4748 Windows directory: C:\Windows
23:17:04.0469 4748 System windows directory: C:\Windows
23:17:04.0469 4748 Processor architecture: Intel x86
23:17:04.0469 4748 Number of processors: 2
23:17:04.0469 4748 Page size: 0x1000
23:17:04.0469 4748 Boot type: Normal boot
23:17:04.0469 4748 ============================================================
23:17:05.0296 4748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:17:05.0309 4748 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:17:05.0314 4748 ============================================================
23:17:05.0314 4748 \Device\Harddisk0\DR0:
23:17:05.0314 4748 MBR partitions:
23:17:05.0314 4748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x204D000
23:17:05.0314 4748 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2061000, BlocksNum 0x233CD000
23:17:05.0314 4748 \Device\Harddisk1\DR1:
23:17:05.0318 4748 MBR partitions:
23:17:05.0318 4748 ============================================================
23:17:05.0338 4748 C: <-> \Device\Harddisk0\DR0\Partition2
23:17:05.0338 4748 ============================================================
23:17:05.0338 4748 Initialize success
23:17:05.0338 4748 ============================================================
23:17:43.0334 1044 ============================================================
23:17:43.0334 1044 Scan started
23:17:43.0334 1044 Mode: Manual; SigCheck; TDLFS;
23:17:43.0334 1044 ============================================================
23:17:43.0647 1044 ================ Scan system memory ========================
23:17:43.0647 1044 System memory - ok
23:17:43.0647 1044 ================ Scan services =============================
23:17:43.0770 1044 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:17:43.0829 1044 1394ohci - ok
23:17:43.0857 1044 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:17:43.0871 1044 ACPI - ok
23:17:43.0886 1044 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:17:43.0908 1044 AcpiPmi - ok
23:17:44.0015 1044 [ 49C47EBF1C9EF2C5D4988450D79FD544 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:17:44.0044 1044 AcrSch2Svc - ok
23:17:44.0130 1044 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:17:44.0146 1044 AdobeARMservice - ok
23:17:44.0198 1044 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:44.0215 1044 AdobeFlashPlayerUpdateSvc - ok
23:17:44.0241 1044 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:17:44.0257 1044 adp94xx - ok
23:17:44.0272 1044 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:17:44.0285 1044 adpahci - ok
23:17:44.0297 1044 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:17:44.0309 1044 adpu320 - ok
23:17:44.0335 1044 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:17:44.0381 1044 AeLookupSvc - ok
23:17:44.0428 1044 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
23:17:44.0445 1044 afcdp - ok
23:17:44.0538 1044 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
23:17:44.0635 1044 afcdpsrv - ok
23:17:44.0665 1044 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:17:44.0687 1044 AFD - ok
23:17:44.0714 1044 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:17:44.0730 1044 agp440 - ok
23:17:44.0748 1044 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:17:44.0758 1044 aic78xx - ok
23:17:44.0794 1044 [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
23:17:44.0822 1044 aksfridge - ok
23:17:44.0846 1044 [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
23:17:44.0864 1044 akshasp - ok
23:17:44.0887 1044 [ CCE6C56F18D214DE8D66F3F2A774CD5B ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
23:17:44.0912 1044 aksusb - ok
23:17:44.0951 1044 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:17:44.0979 1044 ALG - ok
23:17:44.0998 1044 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:17:45.0008 1044 aliide - ok
23:17:45.0038 1044 [ B370E3F0BDD30A3A5082263461FD90AA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:17:45.0061 1044 AMD External Events Utility - ok
23:17:45.0078 1044 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:17:45.0087 1044 amdagp - ok
23:17:45.0101 1044 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:17:45.0111 1044 amdide - ok
23:17:45.0125 1044 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:17:45.0146 1044 AmdK8 - ok
23:17:45.0150 1044 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:17:45.0164 1044 AmdPPM - ok
23:17:45.0178 1044 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:17:45.0188 1044 amdsata - ok
23:17:45.0201 1044 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:17:45.0212 1044 amdsbs - ok
23:17:45.0225 1044 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:17:45.0234 1044 amdxata - ok
23:17:45.0249 1044 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:17:45.0268 1044 AppID - ok
23:17:45.0291 1044 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:17:45.0331 1044 AppIDSvc - ok
23:17:45.0340 1044 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:17:45.0369 1044 Appinfo - ok
23:17:45.0422 1044 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:45.0436 1044 Apple Mobile Device - ok
23:17:45.0475 1044 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:17:45.0491 1044 AppMgmt - ok
23:17:45.0530 1044 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
23:17:45.0547 1044 arc - ok
23:17:45.0553 1044 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:17:45.0570 1044 arcsas - ok
23:17:45.0651 1044 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:17:45.0665 1044 aspnet_state - ok
23:17:45.0687 1044 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:17:45.0696 1044 aswFsBlk - ok
23:17:45.0715 1044 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:17:45.0723 1044 aswMonFlt - ok
23:17:45.0743 1044 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
23:17:45.0751 1044 aswRdr - ok
23:17:45.0795 1044 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:17:45.0817 1044 aswSnx - ok
23:17:45.0827 1044 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:17:45.0839 1044 aswSP - ok
23:17:45.0871 1044 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:17:45.0885 1044 aswTdi - ok
23:17:45.0902 1044 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:45.0934 1044 AsyncMac - ok
23:17:45.0952 1044 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:17:45.0961 1044 atapi - ok
23:17:46.0053 1044 [ B9290CF76263838ED609F3BDB6AD07EC ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:46.0179 1044 atikmdag - ok
23:17:46.0217 1044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:17:46.0261 1044 AudioEndpointBuilder - ok
23:17:46.0268 1044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:17:46.0290 1044 Audiosrv - ok
23:17:46.0325 1044 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:17:46.0339 1044 avast! Antivirus - ok
23:17:46.0369 1044 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:17:46.0401 1044 AxInstSV - ok
23:17:46.0438 1044 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
23:17:46.0472 1044 b06bdrv - ok
23:17:46.0492 1044 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:17:46.0515 1044 b57nd60x - ok
23:17:46.0637 1044 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
23:17:46.0659 1044 BBSvc - ok
23:17:46.0707 1044 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
23:17:46.0728 1044 BBUpdate - ok
23:17:46.0753 1044 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:17:46.0789 1044 BDESVC - ok
23:17:46.0810 1044 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:17:46.0851 1044 Beep - ok
23:17:46.0885 1044 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:17:46.0926 1044 BFE - ok
23:17:46.0951 1044 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
23:17:46.0979 1044 BITS - ok
23:17:46.0989 1044 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:47.0007 1044 blbdrive - ok
23:17:47.0037 1044 [ A1115D933E7E3588E6DD53B03219F808 ] Blfp C:\Windows\system32\DRIVERS\basp.sys
23:17:47.0050 1044 Blfp - ok
23:17:47.0111 1044 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:17:47.0131 1044 Bonjour Service - ok
23:17:47.0155 1044 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:17:47.0183 1044 bowser - ok
23:17:47.0227 1044 [ E7CA80FA5A7E82ED87E8140E0BDFA13B ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
23:17:47.0246 1044 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
23:17:47.0246 1044 BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
23:17:47.0271 1044 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:17:47.0300 1044 BrFiltLo - ok
23:17:47.0312 1044 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:17:47.0327 1044 BrFiltUp - ok
23:17:47.0362 1044 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:17:47.0390 1044 Browser - ok
23:17:47.0404 1044 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:17:47.0417 1044 Brserid - ok
23:17:47.0432 1044 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:47.0444 1044 BrSerWdm - ok
23:17:47.0458 1044 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:47.0475 1044 BrUsbMdm - ok
23:17:47.0487 1044 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:47.0507 1044 BrUsbSer - ok
23:17:47.0523 1044 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:17:47.0536 1044 BTHMODEM - ok
23:17:47.0567 1044 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:17:47.0605 1044 bthserv - ok
23:17:47.0622 1044 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:17:47.0655 1044 cdfs - ok
23:17:47.0682 1044 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:17:47.0698 1044 cdrom - ok
23:17:47.0713 1044 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:17:47.0733 1044 CertPropSvc - ok
23:17:47.0737 1044 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
23:17:47.0749 1044 circlass - ok
23:17:47.0766 1044 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:17:47.0779 1044 CLFS - ok
23:17:47.0809 1044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:47.0818 1044 clr_optimization_v2.0.50727_32 - ok
23:17:47.0849 1044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:17:47.0865 1044 clr_optimization_v4.0.30319_32 - ok
23:17:47.0875 1044 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:17:47.0887 1044 CmBatt - ok
23:17:47.0897 1044 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:17:47.0907 1044 cmdide - ok
23:17:47.0949 1044 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:17:47.0976 1044 CNG - ok
23:17:47.0993 1044 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:17:48.0002 1044 Compbatt - ok
23:17:48.0023 1044 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:17:48.0041 1044 CompositeBus - ok
23:17:48.0050 1044 COMSysApp - ok
23:17:48.0067 1044 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:17:48.0077 1044 crcdisk - ok
23:17:48.0118 1044 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:17:48.0143 1044 CryptSvc - ok
23:17:48.0168 1044 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:17:48.0202 1044 CSC - ok
23:17:48.0223 1044 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:17:48.0253 1044 CscService - ok
23:17:48.0280 1044 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:17:48.0314 1044 DcomLaunch - ok
23:17:48.0338 1044 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:17:48.0390 1044 defragsvc - ok
23:17:48.0399 1044 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:17:48.0428 1044 DfsC - ok
23:17:48.0449 1044 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:17:48.0481 1044 Dhcp - ok
23:17:48.0633 1044 [ 8046B45C3B77004FB47796B9FDCF721E ] DiinoService C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe
23:17:48.0647 1044 DiinoService - ok
23:17:48.0668 1044 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:17:48.0697 1044 discache - ok
23:17:48.0722 1044 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
23:17:48.0734 1044 Disk - ok
23:17:48.0754 1044 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:17:48.0771 1044 dmvsc - ok
23:17:48.0796 1044 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:17:48.0820 1044 Dnscache - ok
23:17:48.0843 1044 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:17:48.0874 1044 dot3svc - ok
23:17:48.0901 1044 [ B5E479EB83707DD698F66953E922042C ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:17:48.0924 1044 dot4 - ok
23:17:48.0954 1044 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:17:48.0978 1044 Dot4Print - ok
23:17:48.0991 1044 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:17:49.0016 1044 dot4usb - ok
23:17:49.0027 1044 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:17:49.0048 1044 DPS - ok
23:17:49.0075 1044 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:17:49.0092 1044 drmkaud - ok
23:17:49.0126 1044 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:17:49.0143 1044 DXGKrnl - ok
23:17:49.0160 1044 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:17:49.0191 1044 EapHost - ok
23:17:49.0258 1044 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
23:17:49.0341 1044 ebdrv - ok
23:17:49.0374 1044 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:17:49.0398 1044 EFS - ok
23:17:49.0447 1044 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:17:49.0477 1044 ehRecvr - ok
23:17:49.0491 1044 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:17:49.0512 1044 ehSched - ok
23:17:49.0553 1044 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:17:49.0577 1044 elxstor - ok
23:17:49.0593 1044 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:17:49.0613 1044 ErrDev - ok
23:17:49.0660 1044 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:17:49.0711 1044 EventSystem - ok
23:17:49.0729 1044 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:17:49.0751 1044 exfat - ok
23:17:49.0764 1044 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:17:49.0786 1044 fastfat - ok
23:17:49.0815 1044 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:17:49.0843 1044 Fax - ok
23:17:49.0856 1044 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
23:17:49.0867 1044 fdc - ok
23:17:49.0883 1044 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:17:49.0914 1044 fdPHost - ok
23:17:49.0924 1044 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:17:49.0953 1044 FDResPub - ok
23:17:49.0974 1044 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:17:49.0984 1044 FileInfo - ok
23:17:50.0003 1044 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:17:50.0024 1044 Filetrace - ok
23:17:50.0040 1044 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:17:50.0050 1044 flpydisk - ok
23:17:50.0076 1044 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:17:50.0088 1044 FltMgr - ok
23:17:50.0120 1044 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:17:50.0141 1044 FontCache - ok
23:17:50.0210 1044 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:17:50.0222 1044 FontCache3.0.0.0 - ok
23:17:50.0239 1044 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:17:50.0249 1044 FsDepends - ok
23:17:50.0276 1044 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:17:50.0291 1044 Fs_Rec - ok
23:17:50.0318 1044 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:17:50.0332 1044 fvevol - ok
23:17:50.0352 1044 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:17:50.0362 1044 gagp30kx - ok
23:17:50.0397 1044 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:17:50.0407 1044 GEARAspiWDM - ok
23:17:50.0450 1044 [ 29C3D2A2398B980A73043FA3688E2F30 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys
23:17:50.0463 1044 GenericMount - ok
23:17:50.0504 1044 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:17:50.0551 1044 gpsvc - ok
23:17:50.0573 1044 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\Windows\system32\drivers\hardlock.sys
23:17:50.0589 1044 hardlock - ok
23:17:50.0592 1044 hasplms - ok
23:17:50.0638 1044 [ D2A04F50B18B85FE236143399123EC0D ] hcmon C:\Windows\system32\drivers\hcmon.sys
23:17:50.0650 1044 hcmon - ok
23:17:50.0683 1044 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:17:50.0709 1044 hcw85cir - ok
23:17:50.0728 1044 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:17:50.0741 1044 HDAudBus - ok
23:17:50.0756 1044 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:17:50.0777 1044 HidBatt - ok
23:17:50.0787 1044 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:17:50.0807 1044 HidBth - ok
23:17:50.0811 1044 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:17:50.0828 1044 HidIr - ok
23:17:50.0856 1044 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:17:50.0879 1044 hidserv - ok
23:17:50.0905 1044 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:17:50.0930 1044 HidUsb - ok
23:17:50.0975 1044 [ 8AE0753A124F5FADBECFB38E4AF92036 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
23:17:50.0989 1044 hitmanpro36 - ok
23:17:51.0011 1044 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:17:51.0032 1044 hkmsvc - ok
23:17:51.0050 1044 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:17:51.0069 1044 HomeGroupListener - ok
23:17:51.0087 1044 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:17:51.0109 1044 HomeGroupProvider - ok
23:17:51.0122 1044 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:17:51.0132 1044 HpSAMD - ok
23:17:51.0158 1044 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:17:51.0183 1044 HTTP - ok
23:17:51.0193 1044 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:17:51.0202 1044 hwpolicy - ok
23:17:51.0217 1044 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:17:51.0232 1044 i8042prt - ok
23:17:51.0245 1044 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:17:51.0258 1044 iaStorV - ok
23:17:51.0305 1044 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:17:51.0336 1044 idsvc - ok
23:17:51.0349 1044 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:17:51.0359 1044 iirsp - ok
23:17:51.0404 1044 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:17:51.0456 1044 IKEEXT - ok
23:17:51.0536 1044 [ 2D8D9516281E27A721897A388F17DEFB ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys
23:17:51.0587 1044 IntcAzAudAddService - ok
23:17:51.0596 1044 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:17:51.0605 1044 intelide - ok
23:17:51.0631 1044 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:17:51.0649 1044 intelppm - ok
23:17:51.0663 1044 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:17:51.0693 1044 IPBusEnum - ok
23:17:51.0706 1044 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:17:51.0727 1044 IpFilterDriver - ok
23:17:51.0749 1044 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:17:51.0783 1044 iphlpsvc - ok
23:17:51.0797 1044 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:17:51.0808 1044 IPMIDRV - ok
23:17:51.0821 1044 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:17:51.0848 1044 IPNAT - ok
23:17:51.0896 1044 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:17:51.0927 1044 iPod Service - ok
23:17:51.0947 1044 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:17:51.0978 1044 IRENUM - ok
23:17:52.0003 1044 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:17:52.0013 1044 isapnp - ok
23:17:52.0025 1044 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:17:52.0037 1044 iScsiPrt - ok
23:17:52.0063 1044 [ 51B719F0BCE4430A6EAAD43FB9FF61A3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
23:17:52.0074 1044 k57nd60x - ok
23:17:52.0096 1044 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:17:52.0106 1044 kbdclass - ok
23:17:52.0132 1044 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:17:52.0158 1044 kbdhid - ok
23:17:52.0174 1044 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:17:52.0185 1044 KeyIso - ok
23:17:52.0216 1044 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:17:52.0226 1044 KSecDD - ok
23:17:52.0239 1044 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:17:52.0250 1044 KSecPkg - ok
23:17:52.0277 1044 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:17:52.0303 1044 KtmRm - ok
23:17:52.0323 1044 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
23:17:52.0352 1044 LanmanServer - ok
23:17:52.0371 1044 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:17:52.0394 1044 LanmanWorkstation - ok
23:17:52.0427 1044 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:17:52.0473 1044 lltdio - ok
23:17:52.0497 1044 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:17:52.0521 1044 lltdsvc - ok
23:17:52.0532 1044 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:17:52.0565 1044 lmhosts - ok
23:17:52.0589 1044 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:17:52.0599 1044 LSI_FC - ok
23:17:52.0603 1044 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:17:52.0614 1044 LSI_SAS - ok
23:17:52.0628 1044 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:17:52.0638 1044 LSI_SAS2 - ok
23:17:52.0642 1044 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:17:52.0652 1044 LSI_SCSI - ok
23:17:52.0668 1044 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:17:52.0689 1044 luafv - ok
23:17:52.0707 1044 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:17:52.0720 1044 Mcx2Svc - ok
23:17:52.0730 1044 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
23:17:52.0740 1044 megasas - ok
23:17:52.0755 1044 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:17:52.0767 1044 MegaSR - ok
23:17:52.0792 1044 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:17:52.0833 1044 MMCSS - ok
23:17:52.0847 1044 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:17:52.0876 1044 Modem - ok
23:17:52.0896 1044 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:17:52.0919 1044 monitor - ok
23:17:52.0943 1044 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:17:52.0953 1044 mouclass - ok
23:17:52.0970 1044 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:17:52.0989 1044 mouhid - ok
23:17:53.0001 1044 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:17:53.0011 1044 mountmgr - ok
23:17:53.0086 1044 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:17:53.0102 1044 MozillaMaintenance - ok
23:17:53.0123 1044 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:17:53.0141 1044 mpio - ok
23:17:53.0156 1044 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:17:53.0177 1044 mpsdrv - ok
23:17:53.0205 1044 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:17:53.0241 1044 MpsSvc - ok
23:17:53.0258 1044 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:17:53.0276 1044 MRxDAV - ok
23:17:53.0307 1044 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:17:53.0324 1044 mrxsmb - ok
23:17:53.0340 1044 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:17:53.0352 1044 mrxsmb10 - ok
23:17:53.0364 1044 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:17:53.0381 1044 mrxsmb20 - ok
23:17:53.0405 1044 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:17:53.0414 1044 msahci - ok
23:17:53.0430 1044 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:17:53.0440 1044 msdsm - ok
23:17:53.0448 1044 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:17:53.0469 1044 MSDTC - ok
23:17:53.0502 1044 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:17:53.0524 1044 Msfs - ok
23:17:53.0532 1044 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:17:53.0564 1044 mshidkmdf - ok
23:17:53.0580 1044 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:17:53.0589 1044 msisadrv - ok
23:17:53.0616 1044 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:17:53.0656 1044 MSiSCSI - ok
23:17:53.0660 1044 msiserver - ok
23:17:53.0683 1044 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:17:53.0703 1044 MSKSSRV - ok
23:17:53.0713 1044 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:17:53.0744 1044 MSPCLOCK - ok
23:17:53.0757 1044 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:17:53.0786 1044 MSPQM - ok
23:17:53.0804 1044 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:17:53.0815 1044 MsRPC - ok
23:17:53.0830 1044 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:17:53.0839 1044 mssmbios - ok
23:17:53.0854 1044 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:17:53.0875 1044 MSTEE - ok
23:17:53.0885 1044 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:17:53.0900 1044 MTConfig - ok
23:17:53.0910 1044 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:17:53.0919 1044 Mup - ok
23:17:53.0937 1044 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:17:53.0961 1044 napagent - ok
23:17:53.0985 1044 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:17:54.0019 1044 NativeWifiP - ok
23:17:54.0059 1044 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:17:54.0091 1044 NDIS - ok
23:17:54.0106 1044 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:17:54.0134 1044 NdisCap - ok
23:17:54.0161 1044 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:17:54.0198 1044 NdisTapi - ok
23:17:54.0210 1044 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:17:54.0229 1044 Ndisuio - ok
23:17:54.0243 1044 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:17:54.0276 1044 NdisWan - ok
23:17:54.0287 1044 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:17:54.0306 1044 NDProxy - ok
23:17:54.0335 1044 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:17:54.0350 1044 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:17:54.0350 1044 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:17:54.0370 1044 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:17:54.0402 1044 NetBIOS - ok
23:17:54.0415 1044 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:17:54.0450 1044 NetBT - ok
23:17:54.0466 1044 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:17:54.0479 1044 Netlogon - ok
23:17:54.0513 1044 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:17:54.0550 1044 Netman - ok
23:17:54.0576 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0585 1044 NetMsmqActivator - ok
23:17:54.0589 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0597 1044 NetPipeActivator - ok
23:17:54.0614 1044 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:17:54.0649 1044 netprofm - ok
23:17:54.0653 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0662 1044 NetTcpActivator - ok
23:17:54.0665 1044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:17:54.0674 1044 NetTcpPortSharing - ok
23:17:54.0704 1044 [ 104BE93F0607C6AA0D85319581F96EC2 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
23:17:54.0724 1044 netvsc - ok
23:17:54.0757 1044 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:17:54.0774 1044 nfrd960 - ok
23:17:54.0793 1044 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:17:54.0822 1044 NlaSvc - ok
23:17:54.0838 1044 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:17:54.0868 1044 Npfs - ok
23:17:54.0881 1044 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:17:54.0929 1044 nsi - ok
23:17:54.0944 1044 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:17:54.0965 1044 nsiproxy - ok
23:17:55.0016 1044 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:17:55.0071 1044 Ntfs - ok
23:17:55.0087 1044 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:17:55.0108 1044 Null - ok
23:17:55.0123 1044 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:17:55.0134 1044 nvraid - ok
23:17:55.0142 1044 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:17:55.0153 1044 nvstor - ok
23:17:55.0168 1044 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:17:55.0179 1044 nv_agp - ok
23:17:55.0190 1044 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:17:55.0214 1044 ohci1394 - ok
23:17:55.0257 1044 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:17:55.0271 1044 ose - ok
23:17:55.0311 1044 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:17:55.0337 1044 p2pimsvc - ok
23:17:55.0365 1044 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:17:55.0395 1044 p2psvc - ok
23:17:55.0414 1044 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:17:55.0427 1044 Parport - ok
23:17:55.0461 1044 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:17:55.0473 1044 partmgr - ok
23:17:55.0479 1044 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:17:55.0491 1044 Parvdm - ok
23:17:55.0504 1044 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:17:55.0520 1044 PcaSvc - ok
23:17:55.0532 1044 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:17:55.0544 1044 pci - ok
23:17:55.0553 1044 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:17:55.0562 1044 pciide - ok
23:17:55.0571 1044 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:17:55.0583 1044 pcmcia - ok
23:17:55.0597 1044 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:17:55.0607 1044 pcw - ok
23:17:55.0634 1044 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:17:55.0683 1044 PEAUTH - ok
23:17:55.0733 1044 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:17:55.0780 1044 PeerDistSvc - ok
23:17:55.0840 1044 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:17:55.0921 1044 pla - ok
23:17:55.0963 1044 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:17:55.0995 1044 PlugPlay - ok
23:17:56.0029 1044 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:17:56.0033 1044 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:17:56.0033 1044 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:17:56.0044 1044 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:17:56.0074 1044 PNRPAutoReg - ok
23:17:56.0095 1044 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:17:56.0111 1044 PNRPsvc - ok
23:17:56.0141 1044 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:17:56.0190 1044 PolicyAgent - ok
23:17:56.0212 1044 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:17:56.0247 1044 Power - ok
23:17:56.0280 1044 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:17:56.0318 1044 PptpMiniport - ok
23:17:56.0334 1044 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
23:17:56.0353 1044 Processor - ok
23:17:56.0398 1044 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:17:56.0419 1044 ProfSvc - ok
23:17:56.0433 1044 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:17:56.0445 1044 ProtectedStorage - ok
23:17:56.0462 1044 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:17:56.0494 1044 Psched - ok
23:17:56.0527 1044 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:17:56.0540 1044 PxHelp20 - ok
23:17:56.0610 1044 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:17:56.0669 1044 ql2300 - ok
23:17:56.0684 1044 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:17:56.0694 1044 ql40xx - ok
23:17:56.0710 1044 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:17:56.0742 1044 QWAVE - ok
23:17:56.0752 1044 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:17:56.0768 1044 QWAVEdrv - ok
23:17:56.0777 1044 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:17:56.0808 1044 RasAcd - ok
23:17:56.0847 1044 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:17:56.0878 1044 RasAgileVpn - ok
23:17:56.0894 1044 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:17:56.0939 1044 RasAuto - ok
23:17:56.0956 1044 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:17:56.0982 1044 Rasl2tp - ok
23:17:57.0004 1044 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:17:57.0040 1044 RasMan - ok
23:17:57.0052 1044 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:17:57.0073 1044 RasPppoe - ok
23:17:57.0100 1044 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:17:57.0137 1044 RasSstp - ok
23:17:57.0163 1044 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:17:57.0207 1044 rdbss - ok
23:17:57.0223 1044 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:17:57.0250 1044 rdpbus - ok
23:17:57.0265 1044 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:17:57.0292 1044 RDPCDD - ok
23:17:57.0317 1044 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:17:57.0345 1044 RDPDR - ok
23:17:57.0357 1044 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:17:57.0378 1044 RDPENCDD - ok
23:17:57.0394 1044 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:17:57.0424 1044 RDPREFMP - ok
23:17:57.0453 1044 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:17:57.0473 1044 RDPWD - ok
23:17:57.0492 1044 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:17:57.0503 1044 rdyboost - ok
23:17:57.0523 1044 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:17:57.0545 1044 RemoteAccess - ok
23:17:57.0565 1044 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:17:57.0591 1044 RemoteRegistry - ok
23:17:57.0686 1044 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:17:57.0735 1044 RoxMediaDB12OEM - ok
23:17:57.0755 1044 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:17:57.0764 1044 RoxWatch12 - ok
23:17:57.0787 1044 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:17:57.0821 1044 RpcEptMapper - ok
23:17:57.0841 1044 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:17:57.0863 1044 RpcLocator - ok
23:17:57.0880 1044 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:17:57.0905 1044 RpcSs - ok
23:17:57.0932 1044 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:17:57.0971 1044 rspndr - ok
23:17:57.0991 1044 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:17:58.0009 1044 s3cap - ok
23:17:58.0025 1044 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:17:58.0036 1044 SamSs - ok
23:17:58.0059 1044 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:17:58.0070 1044 sbp2port - ok
23:17:58.0104 1044 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:17:58.0128 1044 SCardSvr - ok
23:17:58.0140 1044 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:17:58.0168 1044 scfilter - ok
23:17:58.0190 1044 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:17:58.0233 1044 Schedule - ok
23:17:58.0247 1044 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:17:58.0267 1044 SCPolicySvc - ok
23:17:58.0280 1044 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:17:58.0302 1044 SDRSVC - ok
23:17:58.0336 1044 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:17:58.0377 1044 secdrv - ok
23:17:58.0388 1044 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:17:58.0436 1044 seclogon - ok
23:17:58.0453 1044 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:17:58.0490 1044 SENS - ok
23:17:58.0513 1044 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:17:58.0526 1044 SensrSvc - ok
23:17:58.0545 1044 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:17:58.0555 1044 Serenum - ok
23:17:58.0567 1044 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:17:58.0588 1044 Serial - ok
23:17:58.0597 1044 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:17:58.0608 1044 sermouse - ok
23:17:58.0626 1044 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:17:58.0670 1044 SessionEnv - ok
23:17:58.0686 1044 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:17:58.0708 1044 sffdisk - ok
23:17:58.0721 1044 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:17:58.0733 1044 sffp_mmc - ok
23:17:58.0746 1044 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:17:58.0763 1044 sffp_sd - ok
23:17:58.0773 1044 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:17:58.0793 1044 sfloppy - ok
23:17:58.0815 1044 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:17:58.0861 1044 SharedAccess - ok
23:17:58.0891 1044 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:17:58.0930 1044 ShellHWDetection - ok
23:17:58.0943 1044 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:17:58.0953 1044 sisagp - ok
23:17:58.0974 1044 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:17:58.0983 1044 SiSRaid2 - ok
23:17:58.0994 1044 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:17:59.0004 1044 SiSRaid4 - ok
23:17:59.0026 1044 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:17:59.0047 1044 Smb - ok
23:17:59.0104 1044 [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
23:17:59.0119 1044 snapman - ok
23:17:59.0156 1044 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:17:59.0176 1044 SNMPTRAP - ok
23:17:59.0182 1044 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:17:59.0195 1044 spldr - ok
23:17:59.0238 1044 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:17:59.0260 1044 Spooler - ok
23:17:59.0324 1044 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:17:59.0421 1044 sppsvc - ok
23:17:59.0434 1044 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:17:59.0457 1044 sppuinotify - ok
23:17:59.0477 1044 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:17:59.0496 1044 srv - ok
23:17:59.0515 1044 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:17:59.0540 1044 srv2 - ok
23:17:59.0555 1044 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:17:59.0575 1044 srvnet - ok
23:17:59.0597 1044 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:17:59.0622 1044 SSDPSRV - ok
23:17:59.0638 1044 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:17:59.0673 1044 SstpSvc - ok
23:17:59.0694 1044 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:17:59.0703 1044 stexstor - ok
23:17:59.0734 1044 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:17:59.0770 1044 StiSvc - ok
23:17:59.0805 1044 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:17:59.0812 1044 stllssvr - ok
23:17:59.0834 1044 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:17:59.0847 1044 StorSvc - ok
23:17:59.0880 1044 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:17:59.0897 1044 storvsc - ok
23:17:59.0916 1044 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:17:59.0925 1044 swenum - ok
23:17:59.0955 1044 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:17:59.0988 1044 swprv - ok
23:18:00.0002 1044 [ 04990C25043705985F1EC40BF704AAAC ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
23:18:00.0012 1044 SynthVid - ok
23:18:00.0035 1044 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:18:00.0079 1044 SysMain - ok
23:18:00.0090 1044 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:18:00.0113 1044 TabletInputService - ok
23:18:00.0131 1044 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:18:00.0164 1044 TapiSrv - ok
23:18:00.0175 1044 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:18:00.0204 1044 TBS - ok
23:18:00.0263 1044 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:18:00.0311 1044 Tcpip - ok
23:18:00.0334 1044 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:18:00.0358 1044 TCPIP6 - ok
23:18:00.0384 1044 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:18:00.0422 1044 tcpipreg - ok
23:18:00.0436 1044 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:18:00.0455 1044 TDPIPE - ok
23:18:00.0505 1044 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
23:18:00.0533 1044 tdrpman273 - ok
23:18:00.0576 1044 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:18:00.0593 1044 TDTCP - ok
23:18:00.0607 1044 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:18:00.0627 1044 tdx - ok
23:18:00.0636 1044 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:18:00.0645 1044 TermDD - ok
23:18:00.0676 1044 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:18:00.0704 1044 TermService - ok
23:18:00.0712 1044 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:18:00.0736 1044 Themes - ok
23:18:00.0751 1044 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:18:00.0774 1044 THREADORDER - ok
23:18:00.0822 1044 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
23:18:00.0844 1044 timounter - ok
23:18:00.0869 1044 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:18:00.0894 1044 TrkWks - ok
23:18:00.0926 1044 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:18:00.0967 1044 TrustedInstaller - ok
23:18:00.0985 1044 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:01.0016 1044 tssecsrv - ok
23:18:01.0029 1044 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:18:01.0052 1044 TsUsbFlt - ok
23:18:01.0075 1044 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:18:01.0098 1044 TsUsbGD - ok
23:18:01.0120 1044 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:18:01.0149 1044 tunnel - ok
23:18:01.0161 1044 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:18:01.0171 1044 uagp35 - ok
23:18:01.0189 1044 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:18:01.0210 1044 udfs - ok
23:18:01.0235 1044 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:18:01.0259 1044 UI0Detect - ok
23:18:01.0263 1044 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:18:01.0272 1044 uliagpkx - ok
23:18:01.0291 1044 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:18:01.0308 1044 umbus - ok
23:18:01.0323 1044 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
23:18:01.0342 1044 UmPass - ok
23:18:01.0368 1044 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:18:01.0383 1044 UmRdpService - ok
23:18:01.0399 1044 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:18:01.0431 1044 upnphost - ok
23:18:01.0451 1044 [ 4663AD7F61519E88687393BFCB154E4C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:01.0477 1044 usbccgp - ok
23:18:01.0489 1044 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:18:01.0505 1044 usbcir - ok
23:18:01.0514 1044 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:18:01.0532 1044 usbehci - ok
23:18:01.0575 1044 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:18:01.0593 1044 usbhub - ok
23:18:01.0605 1044 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:18:01.0620 1044 usbohci - ok
23:18:01.0641 1044 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:18:01.0671 1044 usbprint - ok
23:18:01.0682 1044 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:18:01.0699 1044 USBSTOR - ok
23:18:01.0713 1044 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:18:01.0723 1044 usbuhci - ok
23:18:01.0745 1044 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:18:01.0787 1044 UxSms - ok
23:18:01.0808 1044 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:18:01.0819 1044 VaultSvc - ok
23:18:01.0840 1044 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:18:01.0850 1044 vdrvroot - ok
23:18:01.0867 1044 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:18:01.0908 1044 vds - ok
23:18:01.0924 1044 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:18:01.0943 1044 vga - ok
23:18:01.0955 1044 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:18:01.0976 1044 VgaSave - ok
23:18:01.0993 1044 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:18:02.0005 1044 vhdmp - ok
23:18:02.0025 1044 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:18:02.0035 1044 viaagp - ok
23:18:02.0042 1044 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:18:02.0060 1044 ViaC7 - ok
23:18:02.0067 1044 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:18:02.0077 1044 viaide - ok
23:18:02.0129 1044 [ 0FC29ADB3F634ED3E535A76395B470B5 ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe
23:18:02.0146 1044 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:18:02.0146 1044 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:18:02.0161 1044 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:18:02.0184 1044 VMBusHID - ok
23:18:02.0229 1044 [ 15759158F7531853616B2B43AF962FCB ] vmci C:\Windows\system32\DRIVERS\vmci.sys
23:18:02.0245 1044 vmci - ok
23:18:02.0277 1044 [ A9E4854540B6AC08B223ACC421F8723C ] vmkbd2 C:\Windows\system32\drivers\VMkbd.sys
23:18:02.0290 1044 vmkbd2 - ok
23:18:02.0307 1044 [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:18:02.0315 1044 VMnetAdapter - ok
23:18:02.0350 1044 [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:18:02.0357 1044 VMnetBridge - ok
23:18:02.0374 1044 [ 82FF155BF3F16AFEF04A26045EFECECF ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
23:18:02.0389 1044 VMnetDHCP - ok
23:18:02.0400 1044 [ 45F7C87EC9A7965F8FE133EAA0BC162A ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
23:18:02.0408 1044 VMnetuserif - ok
23:18:02.0413 1044 [ DF9A432334F8B2B4D8D37B3F5439F819 ] VMparport C:\Windows\system32\Drivers\VMparport.sys
23:18:02.0420 1044 VMparport - ok
23:18:02.0452 1044 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\Windows\system32\Drivers\vmusb.sys
23:18:02.0459 1044 vmusb - ok
23:18:02.0502 1044 [ 4D09B93F16DA1AA08EB226F9F1AA4D51 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
23:18:02.0526 1044 VMUSBArbService - ok
23:18:02.0549 1044 [ 95EEC9F8FEB9D06872A433F058AB8E60 ] VMware NAT Service C:\Windows\system32\vmnat.exe
23:18:02.0565 1044 VMware NAT Service - ok
23:18:02.0575 1044 [ 5DB0E62BA22D7B1DDA7F97873C3B9A46 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
23:18:02.0582 1044 vmx86 - ok
23:18:02.0605 1044 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:18:02.0615 1044 volmgr - ok
23:18:02.0626 1044 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:18:02.0640 1044 volmgrx - ok
23:18:02.0649 1044 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:18:02.0662 1044 volsnap - ok
23:18:02.0678 1044 [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:18:02.0689 1044 vpcbus - ok
23:18:02.0706 1044 [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:18:02.0727 1044 vpcnfltr - ok
23:18:02.0743 1044 [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:18:02.0766 1044 vpcusb - ok
23:18:02.0794 1044 [ E8E4757A9DC0B2836A85F932227B5BD6 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:18:02.0816 1044 vpcvmm - ok
23:18:02.0844 1044 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:18:02.0860 1044 vsmraid - ok
23:18:02.0895 1044 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:18:02.0953 1044 VSS - ok
23:18:02.0969 1044 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:18:02.0989 1044 vwifibus - ok
23:18:03.0010 1044 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:18:03.0037 1044 W32Time - ok
23:18:03.0057 1044 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:18:03.0072 1044 WacomPen - ok
23:18:03.0095 1044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:18:03.0124 1044 WANARP - ok
23:18:03.0127 1044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:18:03.0147 1044 Wanarpv6 - ok
23:18:03.0178 1044 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:18:03.0233 1044 wbengine - ok
23:18:03.0247 1044 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:18:03.0275 1044 WbioSrvc - ok
23:18:03.0291 1044 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:18:03.0310 1044 wcncsvc - ok
23:18:03.0325 1044 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:18:03.0349 1044 WcsPlugInService - ok
23:18:03.0375 1044 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
23:18:03.0385 1044 Wd - ok
23:18:03.0404 1044 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:18:03.0421 1044 Wdf01000 - ok
23:18:03.0431 1044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:18:03.0457 1044 WdiServiceHost - ok
23:18:03.0460 1044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:18:03.0476 1044 WdiSystemHost - ok
23:18:03.0496 1044 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:18:03.0521 1044 WebClient - ok
23:18:03.0533 1044 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:18:03.0565 1044 Wecsvc - ok
23:18:03.0580 1044 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:18:03.0627 1044 wercplsupport - ok
23:18:03.0644 1044 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:18:03.0681 1044 WerSvc - ok
23:18:03.0700 1044 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:18:03.0720 1044 WfpLwf - ok
23:18:03.0743 1044 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:18:03.0752 1044 WIMMount - ok
23:18:03.0803 1044 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:18:03.0840 1044 WinDefend - ok
23:18:03.0845 1044 WinHttpAutoProxySvc - ok
23:18:03.0881 1044 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:18:03.0904 1044 Winmgmt - ok
23:18:03.0945 1044 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:18:04.0009 1044 WinRM - ok
23:18:04.0064 1044 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:18:04.0123 1044 Wlansvc - ok
23:18:04.0168 1044 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:18:04.0181 1044 wlcrasvc - ok
23:18:04.0222 1044 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:18:04.0272 1044 wlidsvc - ok
23:18:04.0286 1044 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:18:04.0304 1044 WmiAcpi - ok
23:18:04.0330 1044 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:18:04.0363 1044 wmiApSrv - ok
23:18:04.0416 1044 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:18:04.0477 1044 WMPNetworkSvc - ok
23:18:04.0501 1044 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:18:04.0532 1044 WPCSvc - ok
23:18:04.0545 1044 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:18:04.0568 1044 WPDBusEnum - ok
23:18:04.0587 1044 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:18:04.0613 1044 ws2ifsl - ok
23:18:04.0621 1044 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
23:18:04.0638 1044 wscsvc - ok
23:18:04.0642 1044 WSearch - ok
23:18:04.0702 1044 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:18:04.0740 1044 wuauserv - ok
23:18:04.0754 1044 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:18:04.0783 1044 WudfPf - ok
23:18:04.0812 1044 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:18:04.0832 1044 WUDFRd - ok
23:18:04.0855 1044 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:18:04.0879 1044 wudfsvc - ok
23:18:04.0896 1044 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:18:04.0924 1044 WwanSvc - ok
23:18:04.0940 1044 ================ Scan global ===============================
23:18:04.0969 1044 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:18:05.0005 1044 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:18:05.0022 1044 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:18:05.0047 1044 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:18:05.0076 1044 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:18:05.0085 1044 [Global] - ok
23:18:05.0085 1044 ================ Scan MBR ==================================
23:18:05.0095 1044 [ CF3BAAEC88DAB348129CC7DADD8C9BCF ] \Device\Harddisk0\DR0
23:18:05.0530 1044 \Device\Harddisk0\DR0 - ok
23:18:05.0558 1044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:18:05.0631 1044 \Device\Harddisk1\DR1 - ok
23:18:05.0631 1044 ================ Scan VBR ==================================
23:18:05.0659 1044 [ 02D58985CDABE851B691F85A259C4315 ] \Device\Harddisk0\DR0\Partition1
23:18:05.0661 1044 \Device\Harddisk0\DR0\Partition1 - ok
23:18:05.0677 1044 [ 132671EAA6328BFD9D59D90F6C5202AC ] \Device\Harddisk0\DR0\Partition2
23:18:05.0679 1044 \Device\Harddisk0\DR0\Partition2 - ok
23:18:05.0680 1044 ============================================================
23:18:05.0680 1044 Scan finished
23:18:05.0680 1044 ============================================================
23:18:05.0692 5600 Detected object count: 4
23:18:05.0692 5600 Actual detected object count: 4
23:18:45.0937 5600 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0937 5600 BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:45.0938 5600 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0938 5600 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:45.0941 5600 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0941 5600 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:18:45.0942 5600 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:18:45.0942 5600 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
erstmal im vorraus vielen dank für deine hilfe. noch ein hinweis > nach den scans wurden beim runterfahren noch 7 windows updates installiert (nur zur info) mfg stefan
__________________ |
|
06.11.2012, 14:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
:Files
C:\Windows\jestertb.dll
C:\Programme\pdfforge Toolbar
C:\Program Files\Application Updater
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.11.2012, 00:49
| #5 |
| | Malwarebytes hat pup.dealio.tb gefunden nach dem fixen wurde rechner neu gestartet Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C7F6C6-8D67-4534-92B5-529A0EC09405}\ not found.
File c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found.
========== FILES ==========
C:\Windows\jestertb.dll moved successfully.
File\Folder C:\Programme\pdfforge Toolbar not found.
File\Folder C:\Program Files\Application Updater not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\msr\Downloads\cmd.bat deleted successfully.
C:\Users\msr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 1814543 bytes
->Temporary Internet Files folder emptied: 31894871 bytes
->Java cache emptied: 60069 bytes
->FireFox cache emptied: 43357721 bytes
->Flash cache emptied: 470 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: msr
->Temp folder emptied: 286787279 bytes
->Temporary Internet Files folder emptied: 14809445 bytes
->Java cache emptied: 10597510 bytes
->FireFox cache emptied: 65692231 bytes
->Flash cache emptied: 901 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8980788 bytes
RecycleBin emptied: 6162304 bytes
Total Files Cleaned = 448,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11072012_004019
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2200.log moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
__________________ Gestern hab ich mir das Internet runtergeladen |
|
07.11.2012, 12:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Malwarebytes hat pup.dealio.tb gefunden |
|
07.11.2012, 18:40
| #7 |
| | Malwarebytes hat pup.dealio.tb gefunden hallo. bin erst am montag wieder am rechner, dienstreise. bis dann stefan
__________________ Gestern hab ich mir das Internet runtergeladen |
|
07.11.2012, 21:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden ok, dann bis Montag
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2012, 09:29
| #9 |
| | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter # AdwCleaner v2.007 - Datei am 12/11/2012 um 09:28:20 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : admin - OPTIPLEX380
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\msr\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\Users\admin\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\admin\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\msr\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\msr\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKLM\Software\pdfforge
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1962 octets] - [12/11/2012 09:28:20]
########## EOF - \AdwCleaner[R1].txt - [2022 octets] ##########
__________________ Gestern hab ich mir das Internet runtergeladen |
|
12.11.2012, 11:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2012, 17:14
| #11 |
| | Malwarebytes hat pup.dealio.tb gefunden Codebox streikt
__________________ Gestern hab ich mir das Internet runtergeladen Geändert von mravebe (14.11.2012 um 17:29 Uhr) |
|
14.11.2012, 17:26
| #12 |
| | Malwarebytes hat pup.dealio.tb gefunden Codebox streikt Code:
ATTFilter # AdwCleaner v2.007 - Datei am 14/11/2012 um 16:51:24 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : admin - OPTIPLEX380
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\msr\Desktop\Systemcheck\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\msr\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\msr\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\Software\pdfforge
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\msr\AppData\Roaming\Mozilla\Firefox\Profiles\unxdbqsz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2089 octets] - [12/11/2012 09:28:20]
AdwCleaner[S1].txt - [2036 octets] - [14/11/2012 16:51:24]
########## EOF - \AdwCleaner[S1].txt - [2096 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.11.2012 17:01:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,36% Memory free 6,49 Gb Paging File | 5,21 Gb Available in Paging File | 80,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,90 Gb Total Space | 194,44 Gb Free Space | 68,98% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\msr\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Users\msr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (DiinoService) -- C:\Users\msr\AppData\Roaming\Diino\DiinoService_win7_i386.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys () DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (vmkbd2) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTDVHDA.sys (Realtek Semiconductor Corp.) DRV - (GenericMount) -- C:\Windows\System32\drivers\GenericMount.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8AB3EB1F-6E33-46DE-BA3C-BF756A92EA80}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\..\SearchScopes\{53F523B2-D321-4573-A360-0526DE565B7F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 [binary data] IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/ IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 15:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 20:54:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 16:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions [2012.11.04 20:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nf2nf4gi.default\extensions [2012.07.30 14:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:54:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 20:54:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.07 00:40:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Diino 5] C:\Users\msr\AppData\Roaming\Diino\DiinoLauncher.exe () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingA1170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA129] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1326] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1353] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA15] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1824] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA1913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2081] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2181] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2390] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA252] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2736] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2851] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA2946] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3646] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA3755] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4170] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA4714] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA5833] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA609] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA618] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6318] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6420] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6704] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6748] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA6857] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7125] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7127] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7423] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7515] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7862] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA7899] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8008] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8340] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8431] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8592] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA8913] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9113] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9336] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9339] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9621] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9731] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingA9738] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingC1078] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1249] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1291] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC1472] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2033] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC2810] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3008] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3044] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC3336] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4048] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC431] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4542] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4550] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4618] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC4794] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5066] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5095] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5340] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5544] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5612] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5635] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC5709] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC630] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6520] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC663] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC6923] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7333] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7459] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7464] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC7753] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC777] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8046] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8119] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8337] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8555] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8586] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8628] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8757] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8941] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC8997] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9011] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9552] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingC9646] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1509] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1609] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1969] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2008] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2043] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB2128] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3168] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3192] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3273] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3303] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3358] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3532] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3661] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3704] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB3895] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4135] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4253] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB4782] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5615] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5731] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB5860] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6677] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6817] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB6992] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7482] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7799] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7818] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB7938] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8095] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8180] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB832] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8572] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8596] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8614] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB870] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB8743] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9326] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB9339] C:\Windows\System32\COMMAND.COM () O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1135] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1243] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1598] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1664] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD1796] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2087] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2174] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2326] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2410] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD2732] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD293] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3101] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3672] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD3822] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4415] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD4651] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5156] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5227] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD5993] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6036] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6049] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6162] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6170] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6194] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6314] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6405] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD6817] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7465] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7473] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7594] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7751] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD7755] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8215] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8536] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8653] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD8934] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9018] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9264] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9488] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9605] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9636] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9694] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingD9957] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\msr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2747569099-919654209-3544242804-1003\..Trusted Domains: localhost ([]http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B466B2-28D1-4E4D-8E5C-A2777040F99C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2DC81A6C-FA93-11E0-89AC-806E6F6E6963}\bootwiz\asrm.bin) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 00:40:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.05 23:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.04 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.04 20:32:43 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:43 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 18:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.04 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.04 17:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.11.04 17:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.11.03 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.03 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.31 08:31:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2012.10.31 08:31:50 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2012.10.31 08:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012.10.31 08:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} ========== Files - Modified Within 30 Days ========== [2012.11.14 17:00:17 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 17:00:17 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 16:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 16:52:50 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 16:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.08 23:05:18 | 000,712,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.08 23:05:18 | 000,666,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.08 23:05:18 | 000,153,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.08 23:05:18 | 000,126,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.07 00:40:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.11.07 00:31:13 | 000,382,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.05 23:04:57 | 332,920,021 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:32:26 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.04 20:32:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.04 20:32:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.04 20:32:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.04 20:32:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.04 20:32:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.04 20:12:59 | 000,003,488 | ---- | M] () -- C:\Windows\wininit.ini [2012.11.04 18:57:42 | 000,001,240 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk [2012.11.04 18:57:42 | 000,001,218 | ---- | M] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk [2012.11.04 17:49:54 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.04 17:48:28 | 000,001,024 | ---- | M] () -- C:\Windows\System32\.crusader [2012.11.03 17:39:43 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable [2012.11.02 19:39:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 08:30:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf ========== Files Created - No Company Name ========== [2012.11.05 23:04:57 | 332,920,021 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.04 20:12:52 | 000,003,488 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.04 18:57:42 | 000,001,240 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy (for blind users).lnk [2012.11.04 18:57:42 | 000,001,218 | ---- | C] () -- C:\Users\admin\Desktop\Spybot - Search & Destroy.lnk [2012.11.04 17:48:28 | 000,001,024 | ---- | C] () -- C:\Windows\System32\.crusader [2012.11.04 17:42:58 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.11.03 17:39:43 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable [2012.10.31 08:30:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf [2012.05.22 07:19:05 | 000,000,016 | ---- | C] () -- C:\Windows\GRAMCard.ini [2012.03.06 03:49:55 | 000,016,954 | ---- | C] () -- C:\Windows\System32\BradyTranslations.ini [2011.11.06 17:11:43 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.11.06 15:12:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.10.25 17:13:59 | 000,001,536 | ---- | C] () -- C:\Windows\System32\RtkMsgs.dll [2011.10.20 06:35:05 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2011.10.20 06:35:05 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 06:35:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2011.10.19 21:46:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.21 01:46:14 | 000,712,192 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,153,262 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 17:01:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\msr\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,36% Memory free
6,49 Gb Paging File | 5,21 Gb Available in Paging File | 80,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281,90 Gb Total Space | 194,44 Gb Free Space | 68,98% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 12,32 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
Computer Name: OPTIPLEX380 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4704C3-7B42-4D15-894B-4C49C66A0355}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10C03517-E44F-452B-B7CA-7698D6C79419}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{1A44387F-0DB4-4468-A4D4-D443DAB22CD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F452FA4-9060-486E-98C3-74D05565476E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D904129-9661-456E-AA98-B22F72E0D6E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{413BABF0-6CA4-46AF-A82A-17158B9EBC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{426F4A77-E045-4A8E-AA69-47D4C3F6D963}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47DBBAE2-78AE-4E8D-9E85-14EB5330954E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549D28B0-19A9-4404-A90B-3A51AC9848B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72CDCF94-EE84-4A4E-A6B4-5E5AA1D32FA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{758454C0-7B33-46C0-8764-834B51C349B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{80EB5828-D6B9-4838-A798-24A05B5745EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{846C4D50-BDAC-4294-B9B9-6A8FB0778375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89BC5888-FA98-45E8-B30D-C4102D59061C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B2A1008-8988-44B6-A3A9-8F756D813DF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{9CA6EFDB-F7ED-4735-94F3-0189B6B5563D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F5EAC7D-9519-4D3B-8EA2-72958264CAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A02DAE5A-DCBE-4816-AE11-E04FA5159B74}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{A78AF99B-1E3C-4D2C-9C00-7B24A8681194}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF10C3FC-C8E8-48E8-93F5-CD697A6DDB7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4EB1796-3C1D-42E3-8985-E0281D6E637F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64148E7-8266-4E96-AA11-9AF7C2E914CF}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{DAF48259-9895-4012-BACB-AE81E712AFDC}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{DB4A09C3-F183-492D-A2AE-706214A502DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD6663A6-9B18-4BAD-ACDC-832DCF1AF9A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFC181D6-6C25-455B-9DDE-0BEF8BEDDED3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD1DF68D-DA99-4B06-8192-A75E3DA38FAB}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC14C1-6F92-47CD-83C9-5BE293D7D6DB}" = protocol=17 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{073099D5-B6CB-4583-92AA-A5D99C22E811}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{0DFE3540-D2E6-4A93-A703-10DF8656CACA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{0FDC9713-E75C-4411-B219-F39148070833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21FDA86F-7C85-4499-9B38-C59FFF23828D}" = protocol=6 | dir=out | app=system |
"{36B9706E-18BD-4CB5-8A84-ED5CD2FBAFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C96FD18-E37A-4012-B63B-CBA3BE2FE252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42E46A8C-B7CB-4CD8-9B1E-F32B550D678A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{54D34425-8AC2-49E5-A8AD-38A99904B0CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{589753BA-28A6-4EFE-8F10-2448C2D5D9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D631953-D882-43B8-836B-2A669B285498}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{665EFE42-0003-4DF4-B6BC-AA235609F10F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ED6F8CE-BADF-4C70-B8AF-4C996E2AA4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70627151-16D2-446D-990E-85577F22CCD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BF3623A-FAB4-46A0-9DB3-CD7E38C2BF6B}" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{8362CF04-2744-46B2-A8B8-DD7B09EC1548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C461833-188E-45F2-8105-DE86137BF384}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6EA5C56-F395-4BB0-ACE3-18A72D9A417F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A8A69CD0-DBE5-43BE-AD83-1CF6FD28F83A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB6FDA47-1B8C-4824-A535-8E40A820D5ED}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{C1341D73-02CD-4D86-ABC7-13A14D8C07A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C60C74D8-0DB8-410D-81D5-3F05D75732D8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CD9BB431-F569-48FE-853E-D8ABCF8B77FF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{D389C213-BB18-44AC-9DC6-B20BFC0E9289}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BAA1FB-0D1A-4B3B-849B-1306C37782A2}" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"{EA62C671-3330-4096-AAF0-F0FD05443689}" = protocol=6 | dir=in | app=c:\users\msr\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED1209B4-B3FA-4944-AA02-7879052BB83A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F171DF75-3B87-4354-B469-A0437AA84BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2AB2ADC-B315-483D-BBB3-8A636E9E8E98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9559637-9E35-4932-BB64-16EF3E268510}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA544C0A-452C-4339-8D26-9AF629A1351E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF6B9B45-C6B8-43C7-AF0C-9C1254C48C82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{83907A66-B654-4142-B41F-8FB1EF3D06FB}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{A1CFD68E-E745-4D06-B6BA-428D1DC3B48A}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
"TCP Query User{E29872B9-F290-4BE3-B7CB-1203AB4877C9}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"TCP Query User{EF17FDD0-7FB5-4174-B83E-AB8F90390253}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{3E139840-8504-48CC-B269-F2B63351EFF5}C:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{45029AEB-56AD-45AB-9504-A47EBCCA4853}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{88AE95CB-60C1-4DA6-9112-B15696C0A2C6}H:\program files\eplan\platform\2.1.4\bin\eplan.exe" = protocol=17 | dir=in | app=h:\program files\eplan\platform\2.1.4\bin\eplan.exe |
"UDP Query User{F3F1FE03-3419-46F0-973F-8E36B4F0981F}C:\program files\filemaker\filemaker pro 6\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 6\filemaker pro.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000223-40C1-2701-0100-000001000000}" = Siemens Manual Collection (SR)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{8707E615-B513-444E-B5A9-1D2DC4E593FC}" = InsideIR4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A523B6C0-E70F-4FA1-933D-DA04971F607F}" = VmciSockets
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA2B5971-E0B9-4D01-B732-88768933543E}" = EPLAN Data Archive Zipped
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.3
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"LoxPLAN_is1" = Loxone Config
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MarkWare3.9.0" = MarkWare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VMware_Player" = VMware Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2747569099-919654209-3544242804-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diino 5" = Diino 5
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.10.2012 01:55:57 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.10.2012 11:53:54 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.10.2012 12:24:48 | Computer Name = Optiplex380 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 31.10.2012 02:34:49 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 31.10.2012 03:36:46 | Computer Name = Optiplex380 | Source = Norton Ghost | ID = 100
Description =
Error - 31.10.2012 03:46:59 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 31.10.2012 04:03:19 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
Error - 31.10.2012 04:05:18 | Computer Name = Optiplex380 | Source = MsiInstaller | ID = 11704
Description =
Error - 31.10.2012 04:07:58 | Computer Name = Optiplex380 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =
Error - 31.10.2012 04:09:24 | Computer Name = Optiplex380 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04.11.2012 12:48:24 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 04.11.2012 12:50:17 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.6 Crusader (Boot)" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 05.11.2012 18:05:00 | Computer Name = Optiplex380 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?11.?2012 um 23:03:32 unerwartet heruntergefahren.
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Time is unreliable
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = BugCheck | ID = 1001
Description =
Error - 05.11.2012 18:05:05 | Computer Name = OPTIPLEX380 | Source = hasplms | ID = 458755
Description = ERROR: 2012-11-05 23:05:05 [2096] Abort requested
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
VMware Authorization Service erreicht.
Error - 05.11.2012 18:05:33 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VMware Authorization Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 05.11.2012 18:05:40 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "Sentinel HASP License Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 06.11.2012 19:40:19 | Computer Name = Optiplex380 | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
__________________ Gestern hab ich mir das Internet runtergeladen Geändert von cosinus (14.11.2012 um 20:30 Uhr) Grund: CODE-Tags |
|
14.11.2012, 20:47
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefundenCode:
ATTFilter O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1143] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1299] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1318] C:\Windows\System32\COMMAND.COM ()
O4 - HKU\S-1-5-21-2747569099-919654209-3544242804-1000..\RunOnce: [SpybotDeletingB1325] C:\Windows\System32\COMMAND.COM ()
Du solltest doch während der Analyse hier keine Scans machen bzw. Programme ausführen oder gar installieren/deinstallieren ohne, dass ein Helfer das gesagt hat! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2012, 21:28
| #14 |
| | Malwarebytes hat pup.dealio.tb gefunden das kläre ich ab, ich nutz den rechner nicht allein :-( ich hoffe das dadurch nichts vergeigt wurde, oder?
__________________ Gestern hab ich mir das Internet runtergeladen |
|
14.11.2012, 22:30
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes hat pup.dealio.tb gefunden Wer nutzt den denn noch? Habt ihr keine Absprachen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malwarebytes hat pup.dealio.tb gefunden |
| adobe, antivirus, avast, bho, bingbar, bonjour, branding, defender, desktop, excel, explorer, firefox, flash player, format, helper, mozilla, pdfforge toolbar, plug-in, programme, realtek, registry, scan, security, software, symantec, system, temp, usb, windows |
Linear-Darstellung
