Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: S.M.A.R.T. HDD Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.04.2012, 07:46   #1
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Guten Morgen,
habe mir den SMART HDD-Virus oder Trojaner eingefangen.
An Avast vorbei, der erst zu einen viel späteren Zeitpunkt aktiv wurde!
Angekündigt hat sich der Virus? durch mehrere Abstürze von Firefox.
Zu Anfang war ich irretiert von der S.M.A.R.T. HDD Meldung, denn ich hatte meinen PC eine Solid-State gegönnt und brachte die Meldung damit in Zusammenhang.
Eingefangen habe ich mir das wahrscheinlich durch ein .pdf Dokument.

Meine Logs:
<code>Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chef :: RIDDICK [Administrator]

02.04.2012 21:31:14
mbam-log-2012-04-02 (23-21-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 593589
Laufzeit: 1 Stunde(n), 38 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\XWUKViYTgmpEre.exe (Backdoor.Agent.RCGen) -> 6444 -> Keine Aktion durchgeführt.
C:\ProgramData\kbHMnKPqYoVwUd.exe (Backdoor.Agent.RCGen) -> 4840 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XWUKViYTgmpEre.exe (Backdoor.Agent.RCGen) -> Daten: C:\ProgramData\XWUKViYTgmpEre.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\XWUKViYTgmpEre.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\ProgramData\kbHMnKPqYoVwUd.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\Users\Chef\AppData\Local\Temp\brvolRsNOpXtiI.exe.tmp (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\Users\Chef\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
</code>
darauf OTL
<code>OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 09:03:45 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Chef\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,61% Memory free
16,00 Gb Paging File | 13,93 Gb Available in Paging File | 87,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 45,86 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive E: | 345,75 Gb Total Space | 200,85 Gb Free Space | 58,09% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 547,91 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 150,07 Gb Free Space | 64,44% Space Free | Partition Type: NTFS
Drive U: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive V: | 39,90 Gb Total Space | 7,20 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Drive W: | 80,00 Gb Total Space | 29,63 Gb Free Space | 37,04% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 227,21 Gb Free Space | 24,39% Space Free | Partition Type: NTFS
 
Computer Name: RIDDICK | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - E:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apache2.2) -- E:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- E:\xampp\mysql\bin\mysqld.exe ()
SRV - (FileZilla Server) -- E:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 C8 3A 09 FD 10 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///E:/200_Kunden/1a_xgans/____start4____.htm"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 12:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.17 12:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.24 08:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 08:07:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.10 14:47:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Extensions
[2012.03.25 07:55:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions
[2012.03.14 00:02:47 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.03.25 07:55:17 | 000,000,000 | -H-D | M] (Page Speed) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.02.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.22 19:09:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.24 12:10:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\PLUGIN@SEITWERT.DE.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2012.03.24 08:20:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Google Mail = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B82D54-3546-4773-BD0E-FF77ACDDE601}: NameServer = 194.25.2.129,192.168.0.40
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 08:48:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 00:46:39 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 00:02:53 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 00:02:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.02 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Malwarebytes
[2012.04.02 21:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.02 21:02:37 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.01 18:39:02 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Local\GPS-Track-Analyse-6
[2012.03.14 07:05:09 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 07:03:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 07:03:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.14 07:03:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 07:03:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 07:03:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 00:02:51 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.03.13 10:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS-Track-Analyse.NET 6
[2012.03.13 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPS-Track-Analyse-6
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 09:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 08:48:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 08:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 08:43:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.03 08:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 00:47:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 00:47:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.03 00:46:39 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 00:14:45 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:14:45 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:09:14 | 001,621,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.03 00:09:14 | 000,700,110 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.03 00:09:14 | 000,654,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.03 00:09:14 | 000,148,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.03 00:09:14 | 000,121,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.03 00:04:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 00:04:30 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 21:28:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 21:02:38 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-kbHMnKPqYoVwUdr
[2012.04.02 21:02:38 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-kbHMnKPqYoVwUd
[2012.04.02 21:02:37 | 000,000,647 | -H-- | M] () -- C:\Users\Chef\Desktop\SMART_HDD.lnk
[2012.04.02 21:02:34 | 000,000,256 | -H-- | M] () -- C:\ProgramData\kbHMnKPqYoVwUd
[2012.03.26 09:34:58 | 001,597,046 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 18:36:47 | 004,957,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.07 11:17:06 | 000,000,132 | -H-- | M] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 02:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.03 00:02:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 21:28:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 21:02:38 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-kbHMnKPqYoVwUdr
[2012.04.02 21:02:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-kbHMnKPqYoVwUd
[2012.04.02 21:02:37 | 000,000,647 | -H-- | C] () -- C:\Users\Chef\Desktop\SMART_HDD.lnk
[2012.04.02 21:02:33 | 000,000,256 | -H-- | C] () -- C:\ProgramData\kbHMnKPqYoVwUd
[2012.03.31 20:37:57 | 733,247,488 | -H-- | C] () -- C:\Users\Public\Documents\Die.nackte.Kanone.2,5.german.DVDRip.rerip.INTERNAL.avi
[2012.03.31 20:34:37 | 4043,210,919 | -H-- | C] () -- C:\Users\Public\Documents\piefke12.nrg
[2012.02.21 22:22:45 | 000,000,132 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.10 21:05:19 | 000,012,953 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2012.02.10 19:43:10 | 000,009,307 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2012.02.10 18:56:58 | 001,597,046 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.10 17:34:05 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2012.02.10 17:34:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2012.02.10 17:34:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.02.10 22:22:53 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Acronis
[2012.02.10 16:16:41 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.02.20 21:24:44 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.03.14 00:02:51 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.02.11 13:21:15 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Helios
[2012.02.17 08:11:13 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\IrfanView
[2012.02.10 21:26:06 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\MAGIX
[2012.04.03 09:06:58 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\NetSpeedMonitor
[2012.02.10 18:57:21 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\OpenOffice.org
[2012.02.20 14:01:22 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.10 19:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,026,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

< End of report >
         
--- --- ---
</code>
mbam-log
<code>
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chef :: RIDDICK [Administrator]

03.04.2012 10:22:16
mbam-log-2012-04-03 (10-22-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 978199
Laufzeit: 2 Stunde(n), 19 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
</code>
<code>
otl-extras
<code>OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.04.2012 13:17:49 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Chef\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 56,74% Memory free
16,00 Gb Paging File | 12,84 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 45,63 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
Drive E: | 345,75 Gb Total Space | 201,04 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 547,91 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 150,07 Gb Free Space | 64,44% Space Free | Partition Type: NTFS
Drive U: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive V: | 39,90 Gb Total Space | 7,20 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Drive W: | 80,00 Gb Total Space | 29,63 Gb Free Space | 37,04% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 227,21 Gb Free Space | 24,39% Space Free | Partition Type: NTFS
 
Computer Name: RIDDICK | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66271203-87F7-4E9F-B0FF-F2360B15147B}" = MAGIX Video deluxe 16 Premium Sonderedition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B1D2A138-D53E-4D3F-B547-EA2277007746}" = Auerswald COMset 2.7.2
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}" = MAGIX Screenshare
"{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}" = Auerswald COMlist 2.5.2
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe16_premium" = MAGIX Video deluxe 16 Premium Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 1.1.11
"xampp" = XAMPP 1.7.7
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2012 10:48:52 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2012 02:03:56 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2012 02:18:33 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2012 10:19:34 | Computer Name = Riddick | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
 Zeitstempel: 0x4d90d339  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1ad0  Startzeit der fehlerhaften Anwendung: 0x01cd10db9d1fafee
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: de98ca04-7cce-11e1-968c-001bdc0f99ba
 
Error - 02.04.2012 10:26:34 | Computer Name = Riddick | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TweetDeck.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4f6b3bc5  Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.0.0,
 Zeitstempel: 0x4f06e735  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001df920  ID des fehlerhaften
 Prozesses: 0xb08  Startzeit der fehlerhaften Anwendung: 0x01cd10db5ccf466a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Twitter\TweetDeck\QtGui4.dll  Berichtskennung:
 d8fb9bf3-7ccf-11e1-968c-001bdc0f99ba
 
Error - 02.04.2012 10:31:41 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2012 11:25:42 | Computer Name = Riddick | Source = Application Hang | ID = 1002
Description = Programm lightroom.exe, Version 3.6.0.10 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 45c    Startzeit: 
01cd10dfeab44582    Endzeit: 19586    Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop
 Lightroom 3.6\lightroom.exe    Berichts-ID: 0cdb5d45-7cd8-11e1-b3e1-001bdc0f99ba  
 
Error - 02.04.2012 13:56:06 | Computer Name = Riddick | Source = Application Hang | ID = 1002
Description = Programm lightroom.exe, Version 3.6.0.10 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 940    Startzeit: 
01cd10e5dbca2777    Endzeit: 33239    Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop
 Lightroom 3.6\lightroom.exe    Berichts-ID: 07b949ab-7ced-11e1-b3e1-001bdc0f99ba  
 
Error - 02.04.2012 17:25:56 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2012 18:06:20 | Computer Name = Riddick | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 02.04.2012 14:33:13 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 02.04.2012 17:23:30 | Computer Name = Riddick | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 02.04.2012 17:24:20 | Computer Name = Riddick | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 02.04.2012 18:04:40 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 02.04.2012 18:04:42 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 02.04.2012 18:04:43 | Computer Name = Riddick | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 02.04.2012 18:04:45 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
 
Error - 02.04.2012 18:04:47 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 02.04.2012 18:32:58 | Computer Name = Riddick | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk8\DR8 gefunden.
 
Error - 03.04.2012 02:41:08 | Computer Name = Riddick | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >
         
--- --- ---
</code>
und wieder OTL
<code>OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 13:17:49 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Chef\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 56,74% Memory free
16,00 Gb Paging File | 12,84 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 45,63 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
Drive E: | 345,75 Gb Total Space | 201,04 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 547,91 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 150,07 Gb Free Space | 64,44% Space Free | Partition Type: NTFS
Drive U: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive V: | 39,90 Gb Total Space | 7,20 Gb Free Space | 18,05% Space Free | Partition Type: NTFS
Drive W: | 80,00 Gb Total Space | 29,63 Gb Free Space | 37,04% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 227,21 Gb Free Space | 24,39% Space Free | Partition Type: NTFS
 
Computer Name: RIDDICK | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - E:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apache2.2) -- E:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- E:\xampp\mysql\bin\mysqld.exe ()
SRV - (FileZilla Server) -- E:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 C8 3A 09 FD 10 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///E:/200_Kunden/1a_xgans/____start4____.htm"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 12:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.17 12:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.24 08:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 08:07:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.10 14:47:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Extensions
[2012.03.25 07:55:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions
[2012.03.14 00:02:47 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.03.25 07:55:17 | 000,000,000 | -H-D | M] (Page Speed) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.02.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.22 19:09:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.24 12:10:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\PLUGIN@SEITWERT.DE.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2012.03.24 08:20:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Google Mail = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B82D54-3546-4773-BD0E-FF77ACDDE601}: NameServer = 194.25.2.129,192.168.0.40
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 08:48:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 00:46:39 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 00:02:53 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 00:02:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.02 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Malwarebytes
[2012.04.02 21:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.02 21:02:37 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.01 18:39:02 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Local\GPS-Track-Analyse-6
[2012.03.14 07:05:09 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 07:03:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 07:03:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.14 07:03:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 07:03:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 07:03:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 00:02:51 | 000,000,000 | -H-D | C] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.03.13 10:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS-Track-Analyse.NET 6
[2012.03.13 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPS-Track-Analyse-6
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 13:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 12:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 08:48:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 08:43:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.03 08:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 00:47:03 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.03 00:47:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.03 00:46:39 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.03 00:14:45 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:14:45 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:09:14 | 001,621,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.03 00:09:14 | 000,700,110 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.03 00:09:14 | 000,654,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.03 00:09:14 | 000,148,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.03 00:09:14 | 000,121,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.03 00:04:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 00:04:30 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 21:28:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 21:02:38 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-kbHMnKPqYoVwUdr
[2012.04.02 21:02:38 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-kbHMnKPqYoVwUd
[2012.04.02 21:02:37 | 000,000,647 | -H-- | M] () -- C:\Users\Chef\Desktop\SMART_HDD.lnk
[2012.04.02 21:02:34 | 000,000,256 | -H-- | M] () -- C:\ProgramData\kbHMnKPqYoVwUd
[2012.03.26 09:34:58 | 001,597,046 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 18:36:47 | 004,957,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.07 11:17:06 | 000,000,132 | -H-- | M] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 02:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.03 00:02:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 21:28:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 21:02:38 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-kbHMnKPqYoVwUdr
[2012.04.02 21:02:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-kbHMnKPqYoVwUd
[2012.04.02 21:02:37 | 000,000,647 | -H-- | C] () -- C:\Users\Chef\Desktop\SMART_HDD.lnk
[2012.04.02 21:02:33 | 000,000,256 | -H-- | C] () -- C:\ProgramData\kbHMnKPqYoVwUd
[2012.03.31 20:37:57 | 733,247,488 | -H-- | C] () -- C:\Users\Public\Documents\Die.nackte.Kanone.2,5.german.DVDRip.rerip.INTERNAL.avi
[2012.03.31 20:34:37 | 4043,210,919 | -H-- | C] () -- C:\Users\Public\Documents\piefke12.nrg
[2012.02.21 22:22:45 | 000,000,132 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.10 21:05:19 | 000,012,953 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2012.02.10 19:43:10 | 000,009,307 | -H-- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2012.02.10 18:56:58 | 001,597,046 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.10 17:34:05 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2012.02.10 17:34:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2012.02.10 17:34:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.02.10 22:22:53 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Acronis
[2012.02.10 16:16:41 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.02.20 21:24:44 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.03.14 00:02:51 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.02.11 13:21:15 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Helios
[2012.02.17 08:11:13 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\IrfanView
[2012.02.10 21:26:06 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\MAGIX
[2012.04.03 13:21:29 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\NetSpeedMonitor
[2012.02.10 18:57:21 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\OpenOffice.org
[2012.02.20 14:01:22 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.10 19:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Chef\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,026,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

< End of report >
         
--- --- ---
</code>
Seit 18 Stunden läut nun ESET Online Scanner, mit diversen Funden.
Ergebnisse sobald der Scan vorbei ist.

Der Virus hat auch ein im Heim-Netzwerk eingebundenes Laptop befallen (zeitgleich).

Für eine Hilfe von Euch wäre ich sehr dankbar!

Scan von ESET.

<code>
E:\****\webseiten\wordpress28102011\wp-content\themes\kingsize\timtumb.php PHP/Rst.R trojan
E:\****\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php PHP/Rst.R trojan
E:\****\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php PHP/Rst.R trojan
E:\****\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php PHP/Small.NAI trojan
E:\****\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\index.php PHP/Obfuscated.B application
E:\****\webseiten\wordpress29102011\wp-content\themes\kingsize\timtumb.php PHP/Rst.R trojan
E:\****\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php PHP/Rst.R trojan
E:\****\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php PHP/Rst.R trojan
E:\****\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php PHP/Small.NAI trojan
E:\****\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\index.php PHP/Obfuscated.B application
E:\weg\Analysis\Nero\Nero-8.3.6.0_deu.exe Win32/Toolbar.AskSBar application
F:\SI_2012\download_firefox\SoftonicDownloader_fuer_camstudio.exe a variant of Win32/SoftonicDownloader.A application
G:\wallpaper\92007.exe multiple threats
</code>

Status:
Kein Startmenü, keine Programme, Daten auf div. Festplatten sind nicht zu sehen.

Wie mache ich weiter? Systemwiederherstellung?

Status:
Kein Startmenü, keine Programme, Daten auf div. Festplatten sind nicht zu sehen.

Wie mache ich weiter? Systemwiederherstellung?

Alt 04.04.2012, 16:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Die Tags werden hier in BB-Code also mit eckigen und nicht mit spitzen Klammern geschrieben!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Zitat:
Status:
Kein Startmenü, keine Programme, Daten auf div. Festplatten sind nicht zu sehen.
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________

__________________

Alt 04.04.2012, 18:59   #3
klaiser
 
S.M.A.R.T. HDD Problem - Icon26

S.M.A.R.T. HDD Problem



unhide ausgeführt -

Sieht gut aus!

Thunderbird hat noch gezickt (gleiche Mails immer wieder abgefragt und runter geladen).
Lösung: im Profilordner popstate.dat gelöscht.

Herzlichen Dank!!!!
__________________

Alt 04.04.2012, 23:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logs bitte immer in CODE-Tags posten

Alt 05.04.2012, 11:14   #5
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



ESET Online Scanner log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.cabErr:Der Vorgang wurde erfolgreich beendet.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36bd411d3b649244941b8426c791bac2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-04 07:15:48
# local_time=2012-04-04 09:15:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776573 100 94 11317 85083070 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=822528
# found=13
# cleaned=0
# scan_time=70528
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\timtumb.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php	PHP/Small.NAI trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\index.php	PHP/Obfuscated.B application (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\timtumb.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php	PHP/Small.NAI trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\index.php	PHP/Obfuscated.B application (unable to clean)	00000000000000000000000000000000	I
E:\weg\Analysis\Nero\Nero-8.3.6.0_deu.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
F:\SI_2012\download_firefox\SoftonicDownloader_fuer_camstudio.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\wallpaper\92007.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36bd411d3b649244941b8426c791bac2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-05 08:55:59
# local_time=2012-04-05 10:55:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776573 100 94 56562 85234086 0 0
# compatibility_mode=8192 67108863 100 0 151675 151675 0 0
# scanned=823375
# found=12
# cleaned=0
# scan_time=11924
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\timtumb.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php	PHP/Small.NAI trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress28102011\wp-content\themes\kingsize\cache\index.php	PHP/Obfuscated.B application (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\timtumb.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_1aa6a8a11e55bcf516ded694ed62e29a.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_45feaec91d99f3893edd41a0a6e660b9.php	PHP/Rst.R trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\external_ffe37f6533095659017bd96829adf796.php	PHP/Small.NAI trojan (unable to clean)	00000000000000000000000000000000	I
E:\100_Kunden\**********\webseiten\wordpress29102011\wp-content\themes\kingsize\cache\index.php	PHP/Obfuscated.B application (unable to clean)	00000000000000000000000000000000	I
E:\weg\Analysis\Nero\Nero-8.3.6.0_deu.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
F:\SI_2012\download_firefox\SoftonicDownloader_fuer_camstudio.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         


Alt 05.04.2012, 14:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Ach, den hattest du ja schon am Anfang ausgeführt
Naja, doppelt hält besser


Hätte da mal zwei Fragen bevor es weiter geht, ich muss vergewissern bevor es weitergeht:

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du noch irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> S.M.A.R.T. HDD Problem

Alt 05.04.2012, 16:41   #7
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Sieht gut aus,
arbeite schon seit einigen Stunden (muß) an dem PC.
Startmenü ok alles wieder da, in der Taskleiste sind die angehefteten Programme verschwunden, läßt sich aber einfach beheben. Thunderbird zickte ein bischen - eine Einstellung bei Konten war nicht mehr vorhanden.

Alt 05.04.2012, 17:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logs bitte immer in CODE-Tags posten

Alt 05.04.2012, 23:52   #9
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



OTL-Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.04.2012 22:00:26 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Chef\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,72 Gb Available Physical Memory | 58,98% Memory free
16,00 Gb Paging File | 13,24 Gb Available in Paging File | 82,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 44,78 Gb Free Space | 37,55% Space Free | Partition Type: NTFS
Drive E: | 345,75 Gb Total Space | 202,97 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 560,06 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 150,08 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Drive H: | 68,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive U: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive V: | 39,90 Gb Total Space | 7,34 Gb Free Space | 18,40% Space Free | Partition Type: NTFS
Drive W: | 80,00 Gb Total Space | 30,01 Gb Free Space | 37,51% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 263,18 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
 
Computer Name: RIDDICK | User Name: Chef | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - E:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - E:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apache2.2) -- E:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- E:\xampp\mysql\bin\mysqld.exe ()
SRV - (FileZilla Server) -- E:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 C8 3A 09 FD 10 CD 01  [binary data]
IE - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "file:///E:/200_Kunden/1a_xgans/____start4____.htm"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 12:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.17 12:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.24 08:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 08:07:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.10 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Extensions
[2012.03.25 07:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions
[2012.03.14 00:02:47 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.03.25 07:55:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\gbxr7zyf.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.02.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.22 19:09:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.24 12:10:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\PLUGIN@SEITWERT.DE.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
() (No name found) -- C:\USERS\CHEF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GBXR7ZYF.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2012.03.24 08:20:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Google Mail = C:\Users\Chef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1505544067-1280113800-2499777443-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B82D54-3546-4773-BD0E-FF77ACDDE601}: NameServer = 194.25.2.129,192.168.0.40
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.03 13:27:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Chef\Desktop\esetsmartinstaller_enu.exe
[2012.04.03 08:48:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 00:02:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.02 21:28:45 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Malwarebytes
[2012.04.02 21:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.02 21:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.02 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.01 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Local\GPS-Track-Analyse-6
[2012.03.14 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.03.13 10:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS-Track-Analyse.NET 6
[2012.03.13 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPS-Track-Analyse-6
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.05 21:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.05 21:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.05 17:04:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.05 07:32:38 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 07:32:38 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 07:30:20 | 001,621,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.05 07:30:20 | 000,700,110 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.05 07:30:20 | 000,654,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.05 07:30:20 | 000,148,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.05 07:30:20 | 000,121,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.05 07:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.05 07:25:17 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 13:27:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Chef\Desktop\esetsmartinstaller_enu.exe
[2012.04.03 08:48:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2012.04.03 08:43:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.02 21:28:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 08:08:23 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.26 09:34:58 | 001,597,046 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.14 18:36:47 | 004,957,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 10:43:59 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\GPS-Track-Analyse.NET 6.lnk
[2012.03.07 11:17:06 | 000,000,132 | ---- | M] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 02:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.04 17:55:40 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.04 17:55:40 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.04.04 17:55:40 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.04.04 17:55:40 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.04 17:55:40 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.04.04 17:55:40 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\COMlist 2.5.2.lnk
[2012.04.04 17:55:40 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\GPS-Track-Analyse.NET 6.lnk
[2012.04.04 17:55:40 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.6 64-Bit.lnk
[2012.04.04 17:55:40 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.04.04 17:55:40 | 000,001,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[2012.04.04 17:55:40 | 000,001,569 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk
[2012.04.04 17:55:40 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.04.04 17:55:40 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.04.04 17:55:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.04.04 17:55:40 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.04.04 17:55:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.04.04 17:55:40 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.04.04 17:55:40 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.04.04 17:55:40 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.04 17:55:40 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2012.04.04 17:55:40 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.04 17:55:40 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 16 Premium Sonderedition.lnk
[2012.04.04 17:55:40 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.04.04 17:55:40 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012.04.04 17:55:40 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.04.04 17:55:40 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.04.03 00:02:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 21:28:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.31 20:37:57 | 733,247,488 | ---- | C] () -- C:\Users\Public\Documents\Die.nackte.Kanone.2,5.german.DVDRip.rerip.INTERNAL.avi
[2012.03.31 20:34:37 | 4043,210,919 | ---- | C] () -- C:\Users\Public\Documents\piefke12.nrg
[2012.02.21 22:22:45 | 000,000,132 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.10 21:05:19 | 000,012,953 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2012.02.10 19:43:10 | 000,009,307 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2012.02.10 18:56:58 | 001,597,046 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.10 17:34:05 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2012.02.10 17:34:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2012.02.10 17:34:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AuerUsbJNINative.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.02.10 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Acronis
[2012.02.10 16:16:41 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.02.20 21:24:44 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.03.14 00:02:51 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.02.11 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Helios
[2012.02.17 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\IrfanView
[2012.02.10 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\MAGIX
[2012.04.05 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\NetSpeedMonitor
[2012.02.10 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\OpenOffice.org
[2012.02.20 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.10 19:48:30 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,026,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.10 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Acronis
[2012.04.01 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Adobe
[2012.02.20 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Adobe Mini Bridge CS5.1
[2012.02.10 16:16:41 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.02.20 21:24:44 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.03.14 00:02:51 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Garmin
[2012.02.11 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Helios
[2012.02.10 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Identities
[2012.02.17 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\IrfanView
[2012.02.10 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Logishrd
[2012.02.10 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Logitech
[2012.02.10 15:21:12 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Macromedia
[2012.02.10 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\MAGIX
[2012.04.02 21:28:45 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Media Center Programs
[2012.02.21 11:00:13 | 000,000,000 | --SD | M] -- C:\Users\Chef\AppData\Roaming\Microsoft
[2012.02.10 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla
[2012.04.05 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\NetSpeedMonitor
[2012.02.10 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\NVIDIA
[2012.02.10 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\OpenOffice.org
[2012.04.02 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Skype
[2012.02.20 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.10 19:48:30 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Thunderbird
[2012.02.17 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\vlc
[2012.02.10 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.21 01:17:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Chef\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.11 08:26:06 | 000,576,536 | R--- | M] () -- C:\Users\Chef\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Chef\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

< End of report >
         
--- --- ---
[/code]

Alt 06.04.2012, 15:13   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logs bitte immer in CODE-Tags posten

Alt 06.04.2012, 16:33   #11
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



OTL möchte Neustart - OTL.exe frägt um um Erlaubnis vor ausführen Windows.
OTL.log:
Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chef
->Temp folder emptied: 889779562 bytes
->Temporary Internet Files folder emptied: 140128841 bytes
->Java cache emptied: 72810 bytes
->FireFox cache emptied: 246745997 bytes
->Google Chrome cache emptied: 9191236 bytes
->Flash cache emptied: 85634 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75108422 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 96955632 bytes
 
Total Files Cleaned = 1.391,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Chef
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04062012_162314

Files\Folders moved on Reboot...
C:\Users\Chef\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 06.04.2012, 16:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logs bitte immer in CODE-Tags posten

Alt 06.04.2012, 17:07   #13
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



TDSS-Killer Log:
Code:
ATTFilter
17:00:54.0949 2812	TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
17:00:55.0464 2812	============================================================
17:00:55.0464 2812	Current date / time: 2012/04/06 17:00:55.0464
17:00:55.0464 2812	SystemInfo:
17:00:55.0464 2812	
17:00:55.0464 2812	OS Version: 6.1.7601 ServicePack: 1.0
17:00:55.0464 2812	Product type: Workstation
17:00:55.0464 2812	ComputerName: RIDDICK
17:00:55.0464 2812	UserName: Chef
17:00:55.0464 2812	Windows directory: C:\Windows
17:00:55.0464 2812	System windows directory: C:\Windows
17:00:55.0464 2812	Running under WOW64
17:00:55.0464 2812	Processor architecture: Intel x64
17:00:55.0464 2812	Number of processors: 4
17:00:55.0464 2812	Page size: 0x1000
17:00:55.0464 2812	Boot type: Normal boot
17:00:55.0464 2812	============================================================
17:00:55.0729 2812	Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:55.0760 2812	Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:01:03.0529 2812	Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:01:03.0529 2812	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:01:03.0576 2812	Drive \Device\Harddisk8\DR8 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:01:10.0924 2812	\Device\Harddisk0\DR0:
17:01:10.0924 2812	MBR used
17:01:10.0924 2812	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
17:01:10.0924 2812	\Device\Harddisk3\DR3:
17:01:10.0924 2812	MBR used
17:01:10.0924 2812	\Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:01:10.0924 2812	\Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4FCE000
17:01:10.0924 2812	\Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x5000800, BlocksNum 0x9FFF000
17:01:10.0939 2812	\Device\Harddisk3\DR3\Partition3: MBR, Type 0x7, StartLBA 0xF000030, BlocksNum 0x2B380D50
17:01:10.0939 2812	\Device\Harddisk2\DR2:
17:01:10.0955 2812	MBR used
17:01:10.0955 2812	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:01:10.0955 2812	\Device\Harddisk1\DR1:
17:01:10.0955 2812	MBR used
17:01:10.0955 2812	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:01:10.0955 2812	\Device\Harddisk8\DR8:
17:01:10.0955 2812	MBR used
17:01:10.0955 2812	\Device\Harddisk8\DR8\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:01:11.0126 2812	Initialize success
17:01:11.0126 2812	============================================================
17:02:30.0390 5892	============================================================
17:02:30.0390 5892	Scan started
17:02:30.0390 5892	Mode: Manual; SigCheck; TDLFS; 
17:02:30.0390 5892	============================================================
17:02:30.0546 5892	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:02:30.0609 5892	1394ohci - ok
17:02:30.0624 5892	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:02:30.0640 5892	ACPI - ok
17:02:30.0640 5892	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:02:30.0671 5892	AcpiPmi - ok
17:02:30.0687 5892	AcrSch2Svc      (249386d5903657326265c996b32a0edb) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:02:30.0702 5892	AcrSch2Svc - ok
17:02:30.0718 5892	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:02:30.0733 5892	AdobeFlashPlayerUpdateSvc - ok
17:02:30.0749 5892	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:02:30.0765 5892	adp94xx - ok
17:02:30.0780 5892	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:02:30.0796 5892	adpahci - ok
17:02:30.0811 5892	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:02:30.0827 5892	adpu320 - ok
17:02:30.0827 5892	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:02:30.0874 5892	AeLookupSvc - ok
17:02:30.0874 5892	afcdp           (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
17:02:31.0779 5892	afcdp - ok
17:02:31.0810 5892	afcdpsrv        (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:02:31.0872 5892	afcdpsrv - ok
17:02:31.0888 5892	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:02:31.0903 5892	AFD - ok
17:02:31.0919 5892	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:02:31.0935 5892	agp440 - ok
17:02:31.0935 5892	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:02:31.0950 5892	ALG - ok
17:02:31.0966 5892	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:02:31.0981 5892	aliide - ok
17:02:31.0981 5892	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:02:31.0997 5892	amdide - ok
17:02:32.0013 5892	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:02:32.0028 5892	AmdK8 - ok
17:02:32.0028 5892	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:02:32.0044 5892	AmdPPM - ok
17:02:32.0059 5892	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:02:32.0075 5892	amdsata - ok
17:02:32.0075 5892	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:02:32.0091 5892	amdsbs - ok
17:02:32.0106 5892	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:02:32.0122 5892	amdxata - ok
17:02:32.0169 5892	Apache2.2       (f41e453a90ef19217cee1675f5256ee7) E:\xampp\apache\bin\httpd.exe
17:02:32.0169 5892	Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
17:02:32.0169 5892	Apache2.2 - detected UnsignedFile.Multi.Generic (1)
17:02:32.0184 5892	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:02:32.0215 5892	AppID - ok
17:02:32.0231 5892	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:02:32.0262 5892	AppIDSvc - ok
17:02:32.0278 5892	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:02:32.0309 5892	Appinfo - ok
17:02:32.0325 5892	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:02:32.0340 5892	AppMgmt - ok
17:02:32.0340 5892	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:02:32.0356 5892	arc - ok
17:02:32.0371 5892	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:02:32.0387 5892	arcsas - ok
17:02:32.0387 5892	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:02:32.0403 5892	aspnet_state - ok
17:02:32.0403 5892	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
17:02:32.0418 5892	aswFsBlk - ok
17:02:32.0434 5892	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
17:02:32.0434 5892	aswMonFlt - ok
17:02:32.0449 5892	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
17:02:32.0449 5892	aswRdr - ok
17:02:32.0481 5892	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
17:02:32.0496 5892	aswSnx - ok
17:02:32.0512 5892	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
17:02:32.0527 5892	aswSP - ok
17:02:32.0527 5892	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
17:02:32.0543 5892	aswTdi - ok
17:02:32.0543 5892	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:32.0590 5892	AsyncMac - ok
17:02:32.0590 5892	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:02:32.0605 5892	atapi - ok
17:02:32.0621 5892	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:02:32.0668 5892	AudioEndpointBuilder - ok
17:02:32.0668 5892	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:02:32.0715 5892	AudioSrv - ok
17:02:32.0715 5892	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:02:32.0730 5892	avast! Antivirus - ok
17:02:32.0730 5892	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:02:32.0761 5892	AxInstSV - ok
17:02:32.0761 5892	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:02:32.0793 5892	b06bdrv - ok
17:02:32.0808 5892	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:02:32.0824 5892	b57nd60a - ok
17:02:32.0839 5892	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:02:32.0855 5892	BDESVC - ok
17:02:32.0855 5892	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:02:32.0886 5892	Beep - ok
17:02:32.0902 5892	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:02:32.0949 5892	BFE - ok
17:02:32.0964 5892	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:02:33.0011 5892	BITS - ok
17:02:33.0027 5892	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:02:33.0042 5892	blbdrive - ok
17:02:33.0058 5892	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:02:33.0073 5892	bowser - ok
17:02:33.0073 5892	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:02:33.0089 5892	BrFiltLo - ok
17:02:33.0105 5892	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:02:33.0120 5892	BrFiltUp - ok
17:02:33.0120 5892	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:02:33.0167 5892	Browser - ok
17:02:33.0167 5892	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:02:33.0198 5892	Brserid - ok
17:02:33.0198 5892	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:02:33.0214 5892	BrSerWdm - ok
17:02:33.0229 5892	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:02:33.0245 5892	BrUsbMdm - ok
17:02:33.0245 5892	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:02:33.0261 5892	BrUsbSer - ok
17:02:33.0276 5892	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:02:33.0292 5892	BthEnum - ok
17:02:33.0307 5892	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:02:33.0323 5892	BTHMODEM - ok
17:02:33.0323 5892	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:02:33.0339 5892	BthPan - ok
17:02:33.0354 5892	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:02:33.0385 5892	BTHPORT - ok
17:02:33.0385 5892	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:02:33.0432 5892	bthserv - ok
17:02:33.0432 5892	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:02:33.0448 5892	BTHUSB - ok
17:02:33.0463 5892	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:02:33.0495 5892	cdfs - ok
17:02:33.0510 5892	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:02:33.0526 5892	cdrom - ok
17:02:33.0526 5892	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:02:33.0573 5892	CertPropSvc - ok
17:02:33.0573 5892	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:02:33.0604 5892	circlass - ok
17:02:33.0604 5892	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:02:33.0635 5892	CLFS - ok
17:02:33.0635 5892	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:33.0651 5892	clr_optimization_v2.0.50727_32 - ok
17:02:33.0651 5892	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:02:33.0666 5892	clr_optimization_v2.0.50727_64 - ok
17:02:33.0666 5892	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:33.0682 5892	clr_optimization_v4.0.30319_32 - ok
17:02:33.0682 5892	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:02:33.0697 5892	clr_optimization_v4.0.30319_64 - ok
17:02:33.0713 5892	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:02:33.0729 5892	CmBatt - ok
17:02:33.0729 5892	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:02:33.0744 5892	cmdide - ok
17:02:33.0760 5892	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:02:33.0775 5892	CNG - ok
17:02:33.0791 5892	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:02:33.0807 5892	Compbatt - ok
17:02:33.0807 5892	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:02:33.0822 5892	CompositeBus - ok
17:02:33.0838 5892	COMSysApp - ok
17:02:33.0853 5892	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:02:33.0853 5892	crcdisk - ok
17:02:33.0869 5892	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:02:33.0900 5892	CryptSvc - ok
17:02:33.0916 5892	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:02:33.0947 5892	CSC - ok
17:02:33.0963 5892	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:02:33.0978 5892	CscService - ok
17:02:33.0994 5892	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:02:34.0041 5892	DcomLaunch - ok
17:02:34.0056 5892	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:02:34.0087 5892	defragsvc - ok
17:02:34.0103 5892	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:02:34.0134 5892	DfsC - ok
17:02:34.0150 5892	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:02:34.0181 5892	Dhcp - ok
17:02:34.0197 5892	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:02:34.0228 5892	discache - ok
17:02:34.0243 5892	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:02:34.0243 5892	Disk - ok
17:02:34.0259 5892	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:02:34.0275 5892	dmvsc - ok
17:02:34.0290 5892	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:02:34.0306 5892	Dnscache - ok
17:02:34.0306 5892	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:02:34.0353 5892	dot3svc - ok
17:02:34.0353 5892	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:02:34.0399 5892	DPS - ok
17:02:34.0399 5892	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:02:34.0415 5892	drmkaud - ok
17:02:34.0446 5892	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:02:34.0462 5892	DXGKrnl - ok
17:02:34.0477 5892	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:02:34.0509 5892	EapHost - ok
17:02:34.0555 5892	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:02:34.0602 5892	ebdrv - ok
17:02:34.0618 5892	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:02:34.0633 5892	EFS - ok
17:02:34.0649 5892	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:02:34.0665 5892	ehRecvr - ok
17:02:34.0680 5892	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:02:34.0696 5892	ehSched - ok
17:02:34.0711 5892	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:02:34.0743 5892	elxstor - ok
17:02:34.0743 5892	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:02:34.0758 5892	ErrDev - ok
17:02:34.0774 5892	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:02:34.0821 5892	EventSystem - ok
17:02:34.0821 5892	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:02:34.0867 5892	exfat - ok
17:02:34.0867 5892	Fabs - ok
17:02:34.0883 5892	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:02:34.0914 5892	fastfat - ok
17:02:34.0930 5892	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:02:34.0961 5892	Fax - ok
17:02:34.0961 5892	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:02:34.0977 5892	fdc - ok
17:02:34.0992 5892	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:02:35.0023 5892	fdPHost - ok
17:02:35.0039 5892	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:02:35.0070 5892	FDResPub - ok
17:02:35.0086 5892	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:02:35.0086 5892	FileInfo - ok
17:02:35.0101 5892	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:02:35.0133 5892	Filetrace - ok
17:02:35.0179 5892	FileZilla Server (bf72c20b44b85fd030aeaa721e35d512) E:\xampp\FileZillaFTP\FileZillaServer.exe
17:02:35.0195 5892	FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
17:02:35.0195 5892	FileZilla Server - detected UnsignedFile.Multi.Generic (1)
17:02:35.0226 5892	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:02:35.0289 5892	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:02:35.0289 5892	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:02:35.0289 5892	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:02:35.0304 5892	flpydisk - ok
17:02:35.0320 5892	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:02:35.0335 5892	FltMgr - ok
17:02:35.0367 5892	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:02:35.0382 5892	FontCache - ok
17:02:35.0398 5892	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:02:35.0398 5892	FontCache3.0.0.0 - ok
17:02:35.0413 5892	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:02:35.0429 5892	FsDepends - ok
17:02:35.0429 5892	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:02:35.0445 5892	Fs_Rec - ok
17:02:35.0460 5892	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:02:35.0476 5892	fvevol - ok
17:02:35.0491 5892	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:02:35.0491 5892	gagp30kx - ok
17:02:35.0507 5892	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:02:35.0554 5892	gpsvc - ok
17:02:35.0569 5892	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:35.0569 5892	gupdate - ok
17:02:35.0585 5892	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:35.0585 5892	gupdatem - ok
17:02:35.0601 5892	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:02:35.0616 5892	hcw85cir - ok
17:02:35.0632 5892	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:02:35.0647 5892	HdAudAddService - ok
17:02:35.0663 5892	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:02:35.0679 5892	HDAudBus - ok
17:02:35.0679 5892	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:02:35.0694 5892	HidBatt - ok
17:02:35.0710 5892	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:02:35.0725 5892	HidBth - ok
17:02:35.0741 5892	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:02:35.0757 5892	HidIr - ok
17:02:35.0757 5892	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:02:35.0803 5892	hidserv - ok
17:02:35.0803 5892	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:02:35.0819 5892	HidUsb - ok
17:02:35.0835 5892	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:02:35.0866 5892	hkmsvc - ok
17:02:35.0881 5892	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:02:35.0897 5892	HomeGroupListener - ok
17:02:35.0913 5892	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:02:35.0928 5892	HomeGroupProvider - ok
17:02:35.0928 5892	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:02:35.0944 5892	HpSAMD - ok
17:02:35.0959 5892	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:02:36.0006 5892	HTTP - ok
17:02:36.0022 5892	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:02:36.0022 5892	hwpolicy - ok
17:02:36.0037 5892	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:02:36.0053 5892	i8042prt - ok
17:02:36.0069 5892	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:02:36.0084 5892	iaStorV - ok
17:02:36.0100 5892	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:02:36.0131 5892	idsvc - ok
17:02:36.0131 5892	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:02:36.0147 5892	iirsp - ok
17:02:36.0162 5892	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:02:36.0209 5892	IKEEXT - ok
17:02:36.0225 5892	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:02:36.0240 5892	intelide - ok
17:02:36.0240 5892	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:02:36.0256 5892	intelppm - ok
17:02:36.0271 5892	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:02:36.0303 5892	IPBusEnum - ok
17:02:36.0318 5892	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:36.0349 5892	IpFilterDriver - ok
17:02:36.0365 5892	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:02:36.0396 5892	iphlpsvc - ok
17:02:36.0412 5892	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:02:36.0427 5892	IPMIDRV - ok
17:02:36.0443 5892	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:02:36.0474 5892	IPNAT - ok
17:02:36.0490 5892	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:02:36.0505 5892	IRENUM - ok
17:02:36.0505 5892	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:02:36.0521 5892	isapnp - ok
17:02:36.0537 5892	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:02:36.0552 5892	iScsiPrt - ok
17:02:36.0568 5892	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:02:36.0568 5892	kbdclass - ok
17:02:36.0583 5892	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:02:36.0599 5892	kbdhid - ok
17:02:36.0599 5892	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:02:36.0615 5892	KeyIso - ok
17:02:36.0630 5892	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:02:36.0646 5892	KSecDD - ok
17:02:36.0661 5892	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:02:36.0661 5892	KSecPkg - ok
17:02:36.0677 5892	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:02:36.0708 5892	ksthunk - ok
17:02:36.0724 5892	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:02:36.0771 5892	KtmRm - ok
17:02:36.0771 5892	L1E             (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
17:02:36.0786 5892	L1E - ok
17:02:36.0802 5892	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:02:36.0833 5892	LanmanServer - ok
17:02:36.0849 5892	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:02:36.0880 5892	LanmanWorkstation - ok
17:02:36.0895 5892	LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:02:36.0911 5892	LBTServ - ok
17:02:36.0927 5892	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:02:36.0927 5892	LHidFilt - ok
17:02:36.0942 5892	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:02:36.0973 5892	lltdio - ok
17:02:36.0989 5892	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:02:37.0036 5892	lltdsvc - ok
17:02:37.0036 5892	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:02:37.0083 5892	lmhosts - ok
17:02:37.0083 5892	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:02:37.0098 5892	LMouFilt - ok
17:02:37.0114 5892	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:02:37.0114 5892	LSI_FC - ok
17:02:37.0129 5892	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:02:37.0145 5892	LSI_SAS - ok
17:02:37.0145 5892	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:02:37.0161 5892	LSI_SAS2 - ok
17:02:37.0176 5892	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:02:37.0192 5892	LSI_SCSI - ok
17:02:37.0192 5892	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:02:37.0239 5892	luafv - ok
17:02:37.0239 5892	LUsbFilt        (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:02:37.0254 5892	LUsbFilt - ok
17:02:37.0270 5892	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:02:37.0285 5892	Mcx2Svc - ok
17:02:37.0285 5892	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:02:37.0301 5892	megasas - ok
17:02:37.0317 5892	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:02:37.0332 5892	MegaSR - ok
17:02:37.0332 5892	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:02:37.0379 5892	MMCSS - ok
17:02:37.0379 5892	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:02:37.0426 5892	Modem - ok
17:02:37.0426 5892	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:02:37.0441 5892	monitor - ok
17:02:37.0457 5892	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:02:37.0473 5892	mouclass - ok
17:02:37.0473 5892	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:02:37.0488 5892	mouhid - ok
17:02:37.0504 5892	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:02:37.0519 5892	mountmgr - ok
17:02:37.0519 5892	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:02:37.0535 5892	mpio - ok
17:02:37.0551 5892	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:02:37.0582 5892	mpsdrv - ok
17:02:37.0597 5892	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:02:37.0644 5892	MpsSvc - ok
17:02:37.0660 5892	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:02:37.0675 5892	MRxDAV - ok
17:02:37.0691 5892	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:37.0707 5892	mrxsmb - ok
17:02:37.0722 5892	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:37.0738 5892	mrxsmb10 - ok
17:02:37.0753 5892	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:37.0769 5892	mrxsmb20 - ok
17:02:37.0769 5892	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:02:37.0785 5892	msahci - ok
17:02:37.0800 5892	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:02:37.0800 5892	msdsm - ok
17:02:37.0816 5892	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:02:37.0831 5892	MSDTC - ok
17:02:37.0847 5892	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:02:37.0878 5892	Msfs - ok
17:02:37.0894 5892	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:02:37.0925 5892	mshidkmdf - ok
17:02:37.0941 5892	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:02:37.0941 5892	msisadrv - ok
17:02:37.0956 5892	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:02:38.0003 5892	MSiSCSI - ok
17:02:38.0003 5892	msiserver - ok
17:02:38.0019 5892	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:02:38.0050 5892	MSKSSRV - ok
17:02:38.0065 5892	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:38.0097 5892	MSPCLOCK - ok
17:02:38.0097 5892	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:02:38.0143 5892	MSPQM - ok
17:02:38.0143 5892	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:02:38.0175 5892	MsRPC - ok
17:02:38.0175 5892	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:02:38.0190 5892	mssmbios - ok
17:02:38.0206 5892	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:02:38.0237 5892	MSTEE - ok
17:02:38.0237 5892	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:02:38.0253 5892	MTConfig - ok
17:02:38.0268 5892	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:02:38.0284 5892	Mup - ok
17:02:38.0315 5892	mysql - ok
17:02:38.0331 5892	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:02:38.0377 5892	napagent - ok
17:02:38.0393 5892	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:02:38.0409 5892	NativeWifiP - ok
17:02:38.0440 5892	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:02:38.0455 5892	NDIS - ok
17:02:38.0471 5892	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:02:38.0502 5892	NdisCap - ok
17:02:38.0518 5892	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:38.0549 5892	NdisTapi - ok
17:02:38.0565 5892	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:38.0596 5892	Ndisuio - ok
17:02:38.0611 5892	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:38.0643 5892	NdisWan - ok
17:02:38.0658 5892	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:02:38.0689 5892	NDProxy - ok
17:02:38.0689 5892	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:02:38.0736 5892	NetBIOS - ok
17:02:38.0736 5892	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:02:38.0783 5892	NetBT - ok
17:02:38.0783 5892	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:02:38.0799 5892	Netlogon - ok
17:02:38.0814 5892	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:02:38.0861 5892	Netman - ok
17:02:38.0861 5892	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:02:38.0877 5892	NetMsmqActivator - ok
17:02:38.0877 5892	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:02:38.0892 5892	NetPipeActivator - ok
17:02:38.0908 5892	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:02:38.0939 5892	netprofm - ok
17:02:38.0955 5892	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:02:38.0970 5892	NetTcpActivator - ok
17:02:38.0970 5892	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:02:38.0970 5892	NetTcpPortSharing - ok
17:02:38.0986 5892	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:02:39.0001 5892	nfrd960 - ok
17:02:39.0017 5892	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:02:39.0048 5892	NlaSvc - ok
17:02:39.0064 5892	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:02:39.0095 5892	Npfs - ok
17:02:39.0111 5892	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:02:39.0142 5892	nsi - ok
17:02:39.0157 5892	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:02:39.0189 5892	nsiproxy - ok
17:02:39.0220 5892	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:02:39.0251 5892	Ntfs - ok
17:02:39.0267 5892	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:02:39.0298 5892	Null - ok
17:02:39.0423 5892	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:02:39.0610 5892	nvlddmkm - ok
17:02:39.0625 5892	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:02:39.0641 5892	nvraid - ok
17:02:39.0657 5892	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:02:39.0657 5892	nvstor - ok
17:02:39.0688 5892	nvsvc           (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:02:39.0735 5892	nvsvc - ok
17:02:39.0735 5892	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:02:39.0750 5892	nv_agp - ok
17:02:39.0766 5892	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:02:39.0781 5892	odserv - ok
17:02:39.0797 5892	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:02:39.0813 5892	ohci1394 - ok
17:02:39.0813 5892	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:02:39.0828 5892	ose - ok
17:02:39.0844 5892	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:02:39.0859 5892	p2pimsvc - ok
17:02:39.0875 5892	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:02:39.0891 5892	p2psvc - ok
17:02:39.0906 5892	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:02:39.0922 5892	Parport - ok
17:02:39.0922 5892	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:02:39.0937 5892	partmgr - ok
17:02:39.0953 5892	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:02:39.0969 5892	PcaSvc - ok
17:02:39.0984 5892	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:02:40.0000 5892	pci - ok
17:02:40.0000 5892	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:02:40.0015 5892	pciide - ok
17:02:40.0031 5892	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:02:40.0047 5892	pcmcia - ok
17:02:40.0047 5892	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:02:40.0062 5892	pcw - ok
17:02:40.0078 5892	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:02:40.0125 5892	PEAUTH - ok
17:02:40.0140 5892	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:02:40.0187 5892	PeerDistSvc - ok
17:02:40.0187 5892	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:02:40.0203 5892	PerfHost - ok
17:02:40.0234 5892	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:02:40.0296 5892	pla - ok
17:02:40.0312 5892	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:02:40.0327 5892	PlugPlay - ok
17:02:40.0327 5892	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:02:40.0359 5892	PNRPAutoReg - ok
17:02:40.0359 5892	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:02:40.0374 5892	PNRPsvc - ok
17:02:40.0390 5892	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:02:40.0437 5892	PolicyAgent - ok
17:02:40.0452 5892	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:02:40.0483 5892	Power - ok
17:02:40.0499 5892	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:02:40.0530 5892	PptpMiniport - ok
17:02:40.0546 5892	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:02:40.0561 5892	Processor - ok
17:02:40.0561 5892	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:02:40.0608 5892	ProfSvc - ok
17:02:40.0624 5892	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:02:40.0624 5892	ProtectedStorage - ok
17:02:40.0639 5892	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:02:40.0671 5892	Psched - ok
17:02:40.0702 5892	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:02:40.0733 5892	ql2300 - ok
17:02:40.0749 5892	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:02:40.0764 5892	ql40xx - ok
17:02:40.0780 5892	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:02:40.0795 5892	QWAVE - ok
17:02:40.0811 5892	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:02:40.0827 5892	QWAVEdrv - ok
17:02:40.0842 5892	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:02:40.0873 5892	RasAcd - ok
17:02:40.0873 5892	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:02:40.0920 5892	RasAgileVpn - ok
17:02:40.0920 5892	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:02:40.0967 5892	RasAuto - ok
17:02:40.0967 5892	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:41.0014 5892	Rasl2tp - ok
17:02:41.0014 5892	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:02:41.0061 5892	RasMan - ok
17:02:41.0076 5892	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:41.0107 5892	RasPppoe - ok
17:02:41.0123 5892	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:02:41.0154 5892	RasSstp - ok
17:02:41.0170 5892	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:02:41.0201 5892	rdbss - ok
17:02:41.0217 5892	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:02:41.0232 5892	rdpbus - ok
17:02:41.0232 5892	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:41.0263 5892	RDPCDD - ok
17:02:41.0279 5892	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:02:41.0295 5892	RDPDR - ok
17:02:41.0310 5892	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:02:41.0341 5892	RDPENCDD - ok
17:02:41.0357 5892	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:02:41.0388 5892	RDPREFMP - ok
17:02:41.0404 5892	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:02:41.0419 5892	RDPWD - ok
17:02:41.0435 5892	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:02:41.0451 5892	rdyboost - ok
17:02:41.0451 5892	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:02:41.0497 5892	RemoteAccess - ok
17:02:41.0497 5892	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:02:41.0544 5892	RemoteRegistry - ok
17:02:41.0544 5892	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:02:41.0575 5892	RFCOMM - ok
17:02:41.0575 5892	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:02:41.0622 5892	RpcEptMapper - ok
17:02:41.0622 5892	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:02:41.0638 5892	RpcLocator - ok
17:02:41.0653 5892	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:02:41.0700 5892	RpcSs - ok
17:02:41.0700 5892	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:02:41.0747 5892	rspndr - ok
17:02:41.0747 5892	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:02:41.0763 5892	s3cap - ok
17:02:41.0778 5892	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:02:41.0794 5892	SamSs - ok
17:02:41.0794 5892	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:02:41.0809 5892	sbp2port - ok
17:02:41.0825 5892	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:02:41.0856 5892	SCardSvr - ok
17:02:41.0872 5892	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:02:41.0903 5892	scfilter - ok
17:02:41.0919 5892	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:02:41.0981 5892	Schedule - ok
17:02:41.0981 5892	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:02:42.0012 5892	SCPolicySvc - ok
17:02:42.0028 5892	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:02:42.0043 5892	SDRSVC - ok
17:02:42.0059 5892	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:02:42.0090 5892	secdrv - ok
17:02:42.0106 5892	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:02:42.0137 5892	seclogon - ok
17:02:42.0153 5892	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:02:42.0184 5892	SENS - ok
17:02:42.0184 5892	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:02:42.0215 5892	SensrSvc - ok
17:02:42.0215 5892	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:02:42.0231 5892	Serenum - ok
17:02:42.0246 5892	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:02:42.0262 5892	Serial - ok
17:02:42.0262 5892	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:02:42.0277 5892	sermouse - ok
17:02:42.0293 5892	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:02:42.0340 5892	SessionEnv - ok
17:02:42.0340 5892	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:02:42.0355 5892	sffdisk - ok
17:02:42.0371 5892	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:02:42.0387 5892	sffp_mmc - ok
17:02:42.0402 5892	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:02:42.0418 5892	sffp_sd - ok
17:02:42.0418 5892	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:02:42.0433 5892	sfloppy - ok
17:02:42.0449 5892	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:02:42.0496 5892	SharedAccess - ok
17:02:42.0496 5892	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:02:42.0543 5892	ShellHWDetection - ok
17:02:42.0558 5892	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:02:42.0558 5892	SiSRaid2 - ok
17:02:42.0574 5892	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:02:42.0589 5892	SiSRaid4 - ok
17:02:42.0589 5892	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:02:42.0605 5892	SkypeUpdate - ok
17:02:42.0621 5892	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:02:42.0652 5892	Smb - ok
17:02:42.0667 5892	snapman         (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
17:02:42.0683 5892	snapman - ok
17:02:42.0699 5892	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:02:42.0714 5892	SNMPTRAP - ok
17:02:42.0714 5892	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:02:42.0730 5892	spldr - ok
17:02:42.0745 5892	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:02:42.0792 5892	Spooler - ok
17:02:42.0823 5892	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:02:42.0917 5892	sppsvc - ok
17:02:42.0917 5892	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:02:42.0964 5892	sppuinotify - ok
17:02:42.0979 5892	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:02:42.0995 5892	srv - ok
17:02:43.0011 5892	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:02:43.0026 5892	srv2 - ok
17:02:43.0042 5892	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:02:43.0057 5892	srvnet - ok
17:02:43.0073 5892	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:02:43.0104 5892	SSDPSRV - ok
17:02:43.0120 5892	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:02:43.0151 5892	SstpSvc - ok
17:02:43.0167 5892	Stereo Service  (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:02:43.0182 5892	Stereo Service - ok
17:02:43.0182 5892	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:02:43.0198 5892	stexstor - ok
17:02:43.0213 5892	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:02:43.0245 5892	stisvc - ok
17:02:43.0260 5892	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:02:43.0260 5892	storflt - ok
17:02:43.0276 5892	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:02:43.0291 5892	StorSvc - ok
17:02:43.0307 5892	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:02:43.0307 5892	storvsc - ok
17:02:43.0323 5892	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:02:43.0338 5892	swenum - ok
17:02:43.0338 5892	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:02:43.0354 5892	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:02:43.0354 5892	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:02:43.0369 5892	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:02:43.0416 5892	swprv - ok
17:02:43.0447 5892	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:02:43.0494 5892	SysMain - ok
17:02:43.0494 5892	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:02:43.0525 5892	TabletInputService - ok
17:02:43.0525 5892	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:02:43.0572 5892	TapiSrv - ok
17:02:43.0588 5892	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:02:43.0619 5892	TBS - ok
17:02:43.0650 5892	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:02:43.0697 5892	Tcpip - ok
17:02:43.0728 5892	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:02:43.0759 5892	TCPIP6 - ok
17:02:43.0775 5892	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:02:43.0806 5892	tcpipreg - ok
17:02:43.0822 5892	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:02:43.0837 5892	TDPIPE - ok
17:02:43.0853 5892	tdrpman273      (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
17:02:43.0884 5892	tdrpman273 - ok
17:02:43.0900 5892	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:02:43.0915 5892	TDTCP - ok
17:02:43.0915 5892	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:02:43.0962 5892	tdx - ok
17:02:43.0962 5892	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:02:43.0978 5892	TermDD - ok
17:02:43.0993 5892	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:02:44.0040 5892	TermService - ok
17:02:44.0056 5892	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:02:44.0071 5892	Themes - ok
17:02:44.0087 5892	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:02:44.0118 5892	THREADORDER - ok
17:02:44.0134 5892	timounter       (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
17:02:44.0165 5892	timounter - ok
17:02:44.0165 5892	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:02:44.0212 5892	TrkWks - ok
17:02:44.0212 5892	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:02:44.0259 5892	TrustedInstaller - ok
17:02:44.0259 5892	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:44.0290 5892	tssecsrv - ok
17:02:44.0305 5892	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:02:44.0321 5892	TsUsbFlt - ok
17:02:44.0337 5892	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:02:44.0352 5892	TsUsbGD - ok
17:02:44.0352 5892	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:02:44.0399 5892	tunnel - ok
17:02:44.0399 5892	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:02:44.0415 5892	uagp35 - ok
17:02:44.0430 5892	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:02:44.0461 5892	udfs - ok
17:02:44.0477 5892	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:02:44.0493 5892	UI0Detect - ok
17:02:44.0508 5892	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:02:44.0524 5892	uliagpkx - ok
17:02:44.0524 5892	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:02:44.0539 5892	umbus - ok
17:02:44.0555 5892	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:02:44.0571 5892	UmPass - ok
17:02:44.0586 5892	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:02:44.0602 5892	UmRdpService - ok
17:02:44.0617 5892	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:02:44.0649 5892	upnphost - ok
17:02:44.0664 5892	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:02:44.0680 5892	usbaudio - ok
17:02:44.0695 5892	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:44.0711 5892	usbccgp - ok
17:02:44.0727 5892	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:02:44.0742 5892	usbcir - ok
17:02:44.0758 5892	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
17:02:44.0773 5892	usbehci - ok
17:02:44.0773 5892	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
17:02:44.0805 5892	usbhub - ok
17:02:44.0805 5892	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
17:02:44.0820 5892	usbohci - ok
17:02:44.0836 5892	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:02:44.0851 5892	usbprint - ok
17:02:44.0867 5892	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:02:44.0883 5892	usbscan - ok
17:02:44.0883 5892	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:44.0914 5892	USBSTOR - ok
17:02:44.0914 5892	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:02:44.0929 5892	usbuhci - ok
17:02:44.0945 5892	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:02:44.0961 5892	usbvideo - ok
17:02:44.0976 5892	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:02:45.0007 5892	UxSms - ok
17:02:45.0023 5892	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:02:45.0039 5892	VaultSvc - ok
17:02:45.0039 5892	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:02:45.0054 5892	vdrvroot - ok
17:02:45.0070 5892	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:02:45.0117 5892	vds - ok
17:02:45.0117 5892	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:45.0132 5892	vga - ok
17:02:45.0148 5892	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:02:45.0179 5892	VgaSave - ok
17:02:45.0195 5892	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:02:45.0210 5892	vhdmp - ok
17:02:45.0226 5892	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:02:45.0226 5892	viaide - ok
17:02:45.0241 5892	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:02:45.0257 5892	vmbus - ok
17:02:45.0273 5892	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:02:45.0288 5892	VMBusHID - ok
17:02:45.0288 5892	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:02:45.0304 5892	volmgr - ok
17:02:45.0319 5892	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:02:45.0335 5892	volmgrx - ok
17:02:45.0351 5892	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:02:45.0366 5892	volsnap - ok
17:02:45.0382 5892	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:02:45.0397 5892	vsmraid - ok
17:02:45.0413 5892	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:02:45.0475 5892	VSS - ok
17:02:45.0491 5892	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:02:45.0507 5892	vwifibus - ok
17:02:45.0522 5892	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:02:45.0553 5892	W32Time - ok
17:02:45.0569 5892	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:02:45.0585 5892	WacomPen - ok
17:02:45.0600 5892	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:45.0631 5892	WANARP - ok
17:02:45.0631 5892	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:45.0663 5892	Wanarpv6 - ok
17:02:45.0694 5892	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:02:45.0725 5892	WatAdminSvc - ok
17:02:45.0756 5892	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:02:45.0787 5892	wbengine - ok
17:02:45.0803 5892	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:02:45.0819 5892	WbioSrvc - ok
17:02:45.0834 5892	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:02:45.0865 5892	wcncsvc - ok
17:02:45.0881 5892	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:02:45.0897 5892	WcsPlugInService - ok
17:02:45.0897 5892	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:02:45.0912 5892	Wd - ok
17:02:45.0928 5892	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:02:45.0959 5892	Wdf01000 - ok
17:02:45.0959 5892	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:02:45.0990 5892	WdiServiceHost - ok
17:02:45.0990 5892	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:02:46.0006 5892	WdiSystemHost - ok
17:02:46.0021 5892	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:02:46.0053 5892	WebClient - ok
17:02:46.0053 5892	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:02:46.0099 5892	Wecsvc - ok
17:02:46.0115 5892	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:02:46.0146 5892	wercplsupport - ok
17:02:46.0162 5892	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:02:46.0193 5892	WerSvc - ok
17:02:46.0209 5892	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:02:46.0240 5892	WfpLwf - ok
17:02:46.0255 5892	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:02:46.0271 5892	WIMMount - ok
17:02:46.0271 5892	WinDefend - ok
17:02:46.0271 5892	WinHttpAutoProxySvc - ok
17:02:46.0287 5892	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:02:46.0333 5892	Winmgmt - ok
17:02:46.0349 5892	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:02:46.0411 5892	WinRM - ok
17:02:46.0443 5892	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:02:46.0474 5892	Wlansvc - ok
17:02:46.0489 5892	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:02:46.0505 5892	WmiAcpi - ok
17:02:46.0521 5892	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:02:46.0536 5892	wmiApSrv - ok
17:02:46.0536 5892	WMPNetworkSvc - ok
17:02:46.0552 5892	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:02:46.0567 5892	WPCSvc - ok
17:02:46.0567 5892	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:02:46.0599 5892	WPDBusEnum - ok
17:02:46.0599 5892	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:02:46.0645 5892	ws2ifsl - ok
17:02:46.0645 5892	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:02:46.0677 5892	wscsvc - ok
17:02:46.0677 5892	WSearch - ok
17:02:46.0708 5892	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:02:46.0786 5892	wuauserv - ok
17:02:46.0786 5892	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:02:46.0833 5892	WudfPf - ok
17:02:46.0848 5892	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:46.0879 5892	WUDFRd - ok
17:02:46.0879 5892	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:02:46.0926 5892	wudfsvc - ok
17:02:46.0942 5892	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:02:46.0957 5892	WwanSvc - ok
17:02:46.0973 5892	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:02:46.0989 5892	\Device\Harddisk0\DR0 - ok
17:02:46.0989 5892	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
17:02:47.0035 5892	\Device\Harddisk3\DR3 - ok
17:02:47.0035 5892	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
17:02:47.0098 5892	\Device\Harddisk2\DR2 - ok
17:02:47.0098 5892	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:02:47.0145 5892	\Device\Harddisk1\DR1 - ok
17:02:47.0613 5892	MBR (0x1B8)     (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk8\DR8
17:02:47.0722 5892	\Device\Harddisk8\DR8 - ok
17:02:47.0722 5892	Boot (0x1200)   (b6d2963cf33bcaac2c7b01718490a5fd) \Device\Harddisk0\DR0\Partition0
17:02:47.0722 5892	\Device\Harddisk0\DR0\Partition0 - ok
17:02:47.0722 5892	Boot (0x1200)   (0b6aaf63000d0d53b0aba4163355dbcb) \Device\Harddisk3\DR3\Partition0
17:02:47.0722 5892	\Device\Harddisk3\DR3\Partition0 - ok
17:02:47.0722 5892	Boot (0x1200)   (1b74d02a36a03cd053d1e1caf35010fc) \Device\Harddisk3\DR3\Partition1
17:02:47.0722 5892	\Device\Harddisk3\DR3\Partition1 - ok
17:02:47.0737 5892	Boot (0x1200)   (a0a3e98b805d1ffd05fe5053debd3c0d) \Device\Harddisk3\DR3\Partition2
17:02:47.0737 5892	\Device\Harddisk3\DR3\Partition2 - ok
17:02:47.0737 5892	Boot (0x1200)   (ccbe9e84af8c7175cc287164884001ea) \Device\Harddisk3\DR3\Partition3
17:02:47.0737 5892	\Device\Harddisk3\DR3\Partition3 - ok
17:02:47.0737 5892	Boot (0x1200)   (c68c146e280e1351f3e51e4811cf051e) \Device\Harddisk2\DR2\Partition0
17:02:47.0737 5892	\Device\Harddisk2\DR2\Partition0 - ok
17:02:47.0769 5892	Boot (0x1200)   (67d7a68c5e13f837d47d96620b20fa47) \Device\Harddisk1\DR1\Partition0
17:02:47.0769 5892	\Device\Harddisk1\DR1\Partition0 - ok
17:02:47.0769 5892	Boot (0x1200)   (03f4791b0a084906f95faadf87c435bc) \Device\Harddisk8\DR8\Partition0
17:02:47.0769 5892	\Device\Harddisk8\DR8\Partition0 - ok
17:02:47.0769 5892	============================================================
17:02:47.0769 5892	Scan finished
17:02:47.0769 5892	============================================================
17:02:47.0784 5836	Detected object count: 4
17:02:47.0784 5836	Actual detected object count: 4
17:03:57.0346 5836	Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:57.0346 5836	Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:57.0346 5836	FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:57.0346 5836	FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:57.0346 5836	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:57.0346 5836	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:57.0346 5836	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:57.0346 5836	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.04.2012, 17:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Zitat:
FileZilla Server ( UnsignedFile.Multi.Generic )
Hast du Filezilla Server installiert? Das ist ein FTP-Server, ist der gewollt?
__________________
Logs bitte immer in CODE-Tags posten

Alt 06.04.2012, 18:11   #15
klaiser
 
S.M.A.R.T. HDD Problem - Standard

S.M.A.R.T. HDD Problem



Lokal betreibe ich auf dem Rechner einen Apache Server - beim installieren des Servers ist der wohl "mitgekommen". Brauche ich nicht zwingend.

Antwort

Themen zu S.M.A.R.T. HDD Problem
administrator, adobe, alternate, anfang, antivirus, autorun, avast, backdoor.agent.rcgen, bho, dateisystem, error, explorer, flash player, format, hdd-virus, helper, heuristiks/extra, heuristiks/shuriken, hängen, install.exe, langs, laptop befallen, logfile, microsoft office word, mozilla thunderbird, ntdll.dll, nvidia, photoshop, plug-in, problem, registry, rundll, s.m.a.r.t., s.m.a.r.t. hdd, scan, searchscopes, security, server, software, temp, trojaner, win32/softonicdownloader.a, wordpress



Ähnliche Themen: S.M.A.R.T. HDD Problem


  1. Trojaner-Warnung/PC-Problem: Liegt es an der Hardware oder an einem Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (7)
  2. Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  3. McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da
    Log-Analyse und Auswertung - 09.02.2014 (5)
  4. Internet läuft langsam .. DNS Problem ? Manchmal friert alles ein Neustart behebt Problem
    Log-Analyse und Auswertung - 25.04.2012 (1)
  5. gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  6. Problem mit explorer.exe verbunden mit Active Desktop-Problem
    Alles rund um Windows - 05.01.2011 (5)
  7. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)
  8. Problem mit Webseite und cikutalist-wo das Problem posten?
    Mülltonne - 30.09.2010 (2)
  9. Bildschirm-Problem oder Grafikkarten-Problem oder..?
    Netzwerk und Hardware - 08.09.2010 (9)
  10. AntiVir-Installations-Problem und Win-Problem!
    Log-Analyse und Auswertung - 21.10.2009 (1)
  11. problem mit Desktop symbol problem
    Alles rund um Windows - 06.09.2009 (14)
  12. Problem = you have a secruity problem
    Log-Analyse und Auswertung - 04.10.2008 (1)
  13. problem mit der maus, wohl internes problem
    Alles rund um Windows - 24.02.2008 (5)
  14. Sorry für F**** Problem mit PC...neues Problem mit SV-Host
    Log-Analyse und Auswertung - 18.07.2005 (21)
  15. Problem mit Startseite - genau das gleiche Problem wie Staux!!!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (30)
  16. Anti Vir Problem + Firefox Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 15.12.2004 (8)

Zum Thema S.M.A.R.T. HDD Problem - Guten Morgen, habe mir den SMART HDD-Virus oder Trojaner eingefangen. An Avast vorbei, der erst zu einen viel späteren Zeitpunkt aktiv wurde! Angekündigt hat sich der Virus? durch mehrere Abstürze - S.M.A.R.T. HDD Problem...
Archiv
Du betrachtest: S.M.A.R.T. HDD Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.