Blockierter PC durch Suisa Trojaner

waltch · 06.06.2012, 10:23

Hallo

Vor 2 Tagen hat plötzlich dieser Suisa Trojaner bei mir zugeschlagen und meinen PC blockiert. Zum Glück habe ich über einen zweiten PC diese Website gefunden und mich schlau gemacht (Anleitungen,Regeln, Forum, etc.).

Beim Aufstarten ist mir jeweils noch aufgefallen (bevor der blockierte weisse Bildschim kam mit der Meldung auf die Verbindungsaufnahme zu warten), dass ganz kurz rechts unten ein Fenster von AVIRA aufging mit einer Meldung, dass das Registry blockiert sei....

Ich bin zwar kein PC-Spezialist, konnte aber über den zweiten PC und einen UBS-Stick zumindest 'Malwarebytes' auf dem Problem-PC installieren (abgesicherter Modus mit Eingabe-Aufforderung hat funktioniert).

Der Quick Scan hat dann tatsächlich 3 infizierte Objekte gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Walter :: WALTER-PC [Administrator]

Schutz: Deaktiviert

05.06.2012 21:57:35
mbam-log-2012-06-05 (21-57-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223926
Laufzeit: 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|C0mDiXEtF1yrWmk (Trojan.Winlock) -> Daten: C:\Users\Walter\AppData\Roaming\TarArchiver.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Walter\AppData\Roaming\TarArchiver.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Walter\AppData\Local\Temp\cs8v0k.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Nach dieser Aktion konnte ich den PC wieder normal starten, musste auf dem Desktop aber die Symbole wieder aktivieren und ordnen (ist alles wieder da). Auch im Start-Menu und unter "Alle Programm" sieht alles wieder okay aus wie vor dem Trojaner.

Heute habe ich nun noch einen vollständigen Scan durchgeführt (inkl. externe Festplatte) und Malwarebytes hat keine infizierte Objekte mehr gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Walter :: WALTER-PC [Administrator]

Schutz: Aktiviert

06.06.2012 08:55:58
mbam-log-2012-06-06 (08-55-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 990624
Laufzeit: 1 Stunde(n), 21 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Derzeit habe ich auch sonst keine negativen Auffälligkeiten beim normalen Betrieb des PC bemerkt (natürlich werden vorerst keine kritischen Arbeiten wie Online-Banking o.ä. ausgeführt, bzw. auf den zweiten PC verlegt).

Hier noch die Liste der installierten Programme aus CC-Cleaner, die für eure Analyse jeweils auch nötig ist, wie ich aus dem Forum gesehen habe:

Code:

ATTFilter

 7-Zip 9.20 (x64 edition)	Igor Pavlov	30.03.2012	4.53MB	9.20.00.0
A380v2 (FSX)		06.04.2012		
Active Sky Evolution	HiFi Technologies, Inc.	05.12.2011	85.7MB	12.00.0572
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	03.05.2012	6.00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	10.04.2012	121.7MB	10.1.3
Aerosoft's - Aerosoft Launcher	Aerosoft	03.06.2012		1.1.0.1
aerosoft's - Balearic Islands X for FSX	aerosoft	06.12.2011		1.01
aerosoft's - FlightSim Commander 9	aerosoft	02.06.2012		9.2.0.0
Aerosoft's - German Airports 1 - Friedrichshafen X	Aerosoft	03.05.2012		1.01
aerosoft's - German Airports 1 - FS2004		04.12.2011		
aerosoft's - German Airports 1 - Stuttgart X	aerosoft	06.12.2011		1.00
aerosoft's - German Airports 2 X - FSX	aerosoft	31.03.2012		1.00
aerosoft's - German Airports 3 - FS2004		04.12.2011		
aerosoft's - German Airports 3 X - FSX	aerosoft	06.12.2011		1.01
aerosoft's - Holiday Airports FSX	aerosoft	06.12.2011		1.00
aerosoft's - Mega Airport Amsterdam FSX	aerosoft	02.06.2012		1.04
aerosoft's - Mega Airport Barcelona X	aerosoft	03.06.2012		1.02
Aerosoft's - Mega Airport Brussels X	Aerosoft	06.12.2011		1.01
Aerosoft's - Mega Airport Budapest	Aerosoft	03.06.2012		2.00
aerosoft's - Mega Airport Frankfurt X	aerosoft	06.12.2011		1.04
aerosoft's - Mega Airport London Heathrow X	aerosoft	03.06.2012		1.10
aerosoft's - Mega Airport Madrid Barajas	aerosoft	03.06.2012		1.02
aerosoft's - Mega Airport Munich X	aerosoft	06.12.2011		1.01
aerosoft's - Mega Airport Paris CDG X	aerosoft	03.06.2012		1.00
aerosoft's - Mega Airport Stockholm Arlanda X	aerosoft	03.06.2012		1.01
Aerosoft's - Mega Airport Zurich 2012 - FSX	Aerosoft	05.12.2011		1.01
aerosoft's - Nice Cote dAzur X	aerosoft	06.12.2011		1.10
aerosoft's - Tahiti X	aerosoft	07.12.2011		1.10
AFX		05.12.2011		
Airbus Series 1 Deluxe - Evolution Full (FSX)		05.04.2012		
Airbus Series 2 - Evolution Full (FSX)		06.04.2012		
Apple Application Support	Apple Inc.	07.03.2012	61.0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	07.03.2012	24.9MB	5.1.1.4
Apple Software Update	Apple Inc.	28.11.2011	2.38MB	2.1.3.127
Avira Free Antivirus	Avira	07.05.2012	108.9MB	12.0.0.1125
Bonjour	Apple Inc.	28.11.2011	1.86MB	3.0.0.10
CCleaner	Piriform	22.05.2012		3.19
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.05.2012	113.7MB	12.0.6612.1000
EditVoicepack X	Bevelstone Production	05.12.2011	32.1MB	4.0.7
FlyLogic's - Altenrhein X	FlyLogic	05.12.2011		1.00
FlyLogic's - Bern-Belp X	FlyLogic	05.12.2011		1.00
FlyLogic's - Lugano X	FlyLogic	10.05.2012		1.00
FlyTampa's - Mega Airport Vienna X - FSX	FlyTampa	06.12.2011		1.00
Fritz11	ChessBase	28.11.2011		11
FSDreamTeam Geneva FS9 1.1		04.12.2011		
FSDreamTeam Geneva FSX 1.3.2		05.12.2011	314MB	
FSDreamTeam GSX 1.4.1		06.05.2012	213MB	
FSDreamTeam Los Angeles International FSX 1.4		23.03.2012	430MB	
FSDreamTeam OHareX 2.0		23.03.2012	216MB	
FSDreamTeam ZurichX 2.0.2		05.12.2011	278MB	
FSNavigator	FSNavigator team	03.12.2011		4.7
Google Chrome	Google Inc.	28.11.2011		19.0.1084.52
Google Earth	Google	28.11.2011	92.7MB	6.1.0.5001
Google Toolbar for Internet Explorer	Google Inc.	19.03.2012		7.3.2710.138
HDD Health v3.3 Beta		10.01.2012		
iTunes	Apple Inc.	29.03.2012	156.9MB	10.6.1.7
Java(TM) 6 Update 30	Oracle	03.01.2012	95.2MB	6.0.300
Just Flight - 767-200/300 for FSX	Just Flight	04.04.2012		1.00.000
Just Flight - World Airports 3 FSX	Just Flight	07.12.2011		1.00.000
Just Flight - World Airports 4 for FSX	Just Flight	07.12.2011		1.00.000
Mailsoft's - Kleinflugplätze Schweiz Teil 3 X	Mailsoft	06.12.2011		1.00
Mailsoft's - Kleinflugplätze Schweiz Teil 5 X	Mailsoft	06.12.2011		1.00
Mailsoft's - Sion X	Mailsoft	05.12.2011		1.00
Mailsoft's - Switzerland Professional X	Mailsoft	05.12.2011		1.00
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	04.06.2012	18.0MB	1.61.0.1400
McAfee Security Scan Plus	McAfee, Inc.	02.04.2012	8.30MB	2.0.181.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.11.2011	38.8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.11.2011	2.94MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	03.12.2011	52.0MB	4.0.30319
Microsoft Flight	Microsoft Studios	06.03.2012		1.0.0000.129
Microsoft Flight Simulator 2004 A Century of Flight	Microsoft	03.12.2011		9.0
Microsoft Flight Simulator X: Acceleration	Microsoft Game Studios	05.12.2011		10.0.61637.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	06.03.2012	31.3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	06.03.2012	6.04MB	3.5.50.0
Microsoft Office File Validation Add-In	Microsoft Corporation	10.03.2012	7.95MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	07.05.2012	0.50MB	2.0.4024.1
Microsoft Office Standard Edition 2003	Microsoft Corporation	09.05.2012	647MB	11.0.8173.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.03.2012	0.29MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	06.12.2011	2.37MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.03.2012	0.58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	07.03.2012	0.59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	07.03.2012	12.3MB	10.0.40219
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	05.12.2011	1.28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	05.12.2011	1.33MB	4.20.9876.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	05.12.2011	1.23MB	4.20.9818.0
NVIDIA 3D Vision Controller-Treiber 296.10	NVIDIA Corporation	18.05.2012		296.10
NVIDIA 3D Vision Treiber 296.10	NVIDIA Corporation	18.05.2012		296.10
NVIDIA Grafiktreiber 296.10	NVIDIA Corporation	18.05.2012		296.10
NVIDIA HD-Audiotreiber 1.3.12.0	NVIDIA Corporation	18.05.2012		1.3.12.0
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	18.05.2012		9.12.0213
NVIDIA Update 1.7.11	NVIDIA Corporation	18.05.2012		1.7.11
PMDG 747-400/400F for FSX	Precision Manuals Development Group	19.05.2012		2.10.0040
PMDG744X_GE_AC	Precision Manuals Development Group	23.05.2012		1.10.0000
PMDG744X_GE_AF	Precision Manuals Development Group	19.05.2012		1.10.0000
PMDG744X_GE_BR2	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_GE_JL3	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_GE_KL	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_GE_LH	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_GE_NH	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_GE_SV	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_GE_TG	Precision Manuals Development Group	23.05.2012		1.20.0000
PMDG744X_GE_VS	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_PW_AI	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_PW_CI	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_PW_IB	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_PW_MH	Precision Manuals Development Group	23.05.2012		1.20.0000
PMDG744X_PW_NW3	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_PW_SQ	Precision Manuals Development Group	23.05.2012		1.10.0000
PMDG744X_PW_UA3	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_RR_BA	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744X_RR_CX	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744X_RR_QF	Precision Manuals Development Group	23.05.2012		1.10.0000
PMDG744XF_GE_5XF	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744XF_GE_CVF	Precision Manuals Development Group	23.05.2012		1.10.0000
PMDG744XF_PW_FXF	Precision Manuals Development Group	19.05.2012		1.00.0000
PMDG744XF_PW_SQF	Precision Manuals Development Group	23.05.2012		1.00.0000
PMDG744XF_RR_CXF	Precision Manuals Development Group	19.05.2012		1.00.0000
QualityWings Ultimate 757 Collection		07.04.2012		
QualityWings Ultimate 757 Collection FSX 1.2.6		07.04.2012	606MB	
QuickTime	Apple Inc.	28.11.2011	73.3MB	7.71.80.42
Steam	Valve Corporation	03.12.2011	1.59MB	1.0.0.0
Steuer 2011 12.0.1	Information Factory AG	18.03.2012		12.0.1
Train Simulator 2012	RailSimulator.com	03.12.2011		
Ultimate Terrain X - Europe		05.12.2011		
Ultimate Terrain X - USA		05.12.2011		
VIRTUALI Addon ManagerX		11.05.2012	38.7MB	
VIRTUALI Addon ManagerX		24.03.2012		
VIRTUALI Addon ManagerX		12.05.2012		
VistaMare ViMaCore X		07.01.2012		
Windows Live ID Sign-in Assistant	Microsoft Corporation	06.03.2012	10.0MB	6.500.3165.0

Ich bin etwas überfordert von den vielen weiteren Tools und Programmen
(OLT, etc.), welche bei vielen Anfragen zur Sprache kommen. Da ich kein Spezialist bin, kenne ich all diese Dinge nicht.

Daher meine Fragen:

Welche weitere Aktionen sollte ich unbedingt vornehmen?
oder
Wäre es besser mein System ganz neu aufzusetzen?

Schon mal vielen Dank für eure Bemühungen und Gruss aus der Schweiz.

Walter

cosinus · 08.06.2012, 13:25

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

waltch · 09.06.2012, 11:59

Hallo Arne

Erstmals danke für Deine Hilfe. Der ESET Online Scan gemäss den obigen Anweisungen ausgeführt ergab folgendes Resultat:

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 10:51:05
# local_time=2012-06-09 12:51:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13474968 13474968 0 0
# compatibility_mode=5893 16776573 100 94 59774 90860976 0 0
# compatibility_mode=8192 67108863 100 0 92 92 0 0
# scanned=775200
# found=4
# cleaned=0
# scan_time=7939
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5d1efb9a-76058492	multiple threats (unable to clean)	00000000000000000000000000000000	I
K:\WALTER-PC\Backup Set 2012-01-10 165152\Backup Files 2012-01-10 165152\Backup files 2.zip	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
K:\WALTER-PC\Backup Set 2012-01-22 223724\Backup Files 2012-01-22 223724\Backup files 2.zip	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
K:\ZZZ_Master_Archiv\Aktuelle_Downloads\Basisanwendungen\SwisscomQuickHelp_m-Setup.exe	probably unknown NewHeur_PE virus (unable to clean)	00000000000000000000000000000000	I

Gerne erwarte ich Deinen weiteren Feedback, was zu tun ist.

Gruss
Walter

cosinus · 10.06.2012, 00:07

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

waltch · 10.06.2012, 09:53

Hallo Arne

Ja, der normale Windows Modus funktioniert wieder problemlos und auch im Startmenü und unter "alle Programme" ist alles vorhanden wie vorher.

Die im ESET-Scan gefundenen Files überraschen mich etwas, insbesondere diejenigen im externen Laufwerk K, da dieses beim Einfangen des Trojaners anfangs letzter Woche nicht lief und die erwähnten Dateien ältere Back-ups sind, die vorher nie auffielen oder Probleme bereiteten.

Gruss
Walter

cosinus · 10.06.2012, 16:04

ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

waltch · 11.06.2012, 09:24

Hallo Arne

Okay, habe den OLT-Scan gemäss Deiner Anweisung ausgeführt. Hier ist der Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.06.2012 10:12:49 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Walter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.56% Memory free
23.98 Gb Paging File | 21.71 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 714.71 Gb Total Space | 656.08 Gb Free Space | 91.80% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 90.83 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
Drive E: | 321.21 Gb Total Space | 316.21 Gb Free Space | 98.44% Space Free | Partition Type: NTFS
Drive F: | 146.49 Gb Total Space | 62.66 Gb Free Space | 42.77% Space Free | Partition Type: NTFS
Drive G: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive H: | 119.14 Gb Total Space | 42.96 Gb Free Space | 36.06% Space Free | Partition Type: NTFS
Drive K: | 931.28 Gb Total Space | 729.19 Gb Free Space | 78.30% Space Free | Partition Type: FAT32
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 10:07:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
PRC - [2012.05.19 16:16:45 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.05.08 22:36:18 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:36:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 22:36:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.04 23:14:17 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.04 12:57:41 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe
PRC - [2008.06.15 13:14:30 | 001,692,672 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.19 16:16:45 | 020,313,384 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.05.19 16:16:44 | 001,099,576 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.05.19 16:16:44 | 000,895,312 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012.05.19 16:16:44 | 000,190,776 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.05.19 16:16:44 | 000,123,192 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.19 16:16:45 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 22:36:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 22:36:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 23:14:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 22:36:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:36:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.29 00:47:08 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 0C C5 24 15 AE CC 01  [binary data]
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deCH460
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Mail = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1000..\Run: [HDDHealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6341E948-7F26-4E47-AEE8-763B1B79556C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 10:07:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2012.06.09 10:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.05 13:51:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes
[2012.06.05 13:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.05 13:51:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.05 13:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.05 13:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 12:16:09 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx
[2012.06.03 12:16:09 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx
[2012.06.03 12:16:09 | 000,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed32.ocx
[2012.06.03 12:16:09 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevImLib.dll
[2012.06.03 12:16:09 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx
[2012.06.03 12:16:09 | 000,115,712 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevClb20.ocx
[2012.06.03 12:16:09 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\SysWow64\SPIN32.OCX
[2012.05.20 22:43:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.20 15:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
[2012.05.20 15:32:30 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.05.19 17:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.19 17:01:34 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.19 17:01:34 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 10:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 10:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 10:07:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2012.06.11 10:07:14 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 10:07:14 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 09:59:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 09:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 09:59:41 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.05 13:51:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.05 00:43:23 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.05 00:43:23 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.05 00:43:23 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.05 00:43:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.05 00:43:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.04 19:18:00 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk
[2012.06.03 12:16:04 | 000,000,507 | ---- | M] () -- C:\Users\Public\Desktop\FSC 9.lnk
[2012.06.01 14:05:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.24 10:16:24 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.20 18:34:06 | 000,312,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.20 15:50:42 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk
[2012.05.20 15:32:30 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.05 13:51:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 12:16:09 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\threed32.oca
[2012.06.03 12:16:09 | 000,093,696 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.oca
[2012.06.03 12:16:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\grid32.oca
[2012.06.03 12:16:09 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP
[2012.06.03 12:16:09 | 000,002,493 | ---- | C] () -- C:\Windows\SysWow64\COMCTL32.DEP
[2012.06.03 12:16:09 | 000,002,405 | ---- | C] () -- C:\Windows\SysWow64\MSINET.DEP
[2012.06.03 12:16:09 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\sevClb20.dep
[2012.06.03 12:16:09 | 000,000,549 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.dep
[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevXPCtl.dep
[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevEin20.dep
[2012.06.03 12:16:04 | 000,000,507 | ---- | C] () -- C:\Users\Public\Desktop\FSC 9.lnk
[2012.05.20 15:33:53 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk
[2012.05.19 17:02:10 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 18:33:39 | 000,001,267 | ---- | C] () -- C:\Users\Walter\Desktop\QW757 Livery Manager.lnk
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.06 13:15:35 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011.12.04 19:40:46 | 000,000,040 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2011.12.04 13:36:54 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.29 16:57:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.06.07 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ChessBase
[2011.12.06 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Flight1
[2011.12.06 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\HiFi
[2012.03.19 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Information Factory
[2012.05.07 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lockheed Martin
[2012.03.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Virtuali
[2012.06.03 21:57:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.29 01:05:29 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Adobe
[2011.12.09 19:53:06 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Apple Computer
[2012.01.05 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Avira
[2012.06.07 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ChessBase
[2011.12.06 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Flight1
[2011.12.07 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Google
[2011.12.06 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\HiFi
[2011.11.28 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Identities
[2012.03.19 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Information Factory
[2011.12.06 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\InstallShield
[2012.05.07 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lockheed Martin
[2011.11.29 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Macromedia
[2012.06.05 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Malwarebytes
[2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Media Center Programs
[2012.03.07 18:11:46 | 000,000,000 | --SD | M] -- C:\Users\Walter\AppData\Roaming\Microsoft
[2011.12.06 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\NVIDIA
[2012.03.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Virtuali
 
< %APPDATA%\*.exe /s >
[2007.02.27 12:51:58 | 015,175,680 | ---- | M] (HiFi Simulation Software) -- C:\Users\Walter\AppData\Roaming\HiFi\ASE\ASv6.exe
[2008.08.17 12:22:08 | 000,111,616 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Lockheed Martin\Prepar3D\tidy.exe
[2011.12.06 13:03:32 | 000,015,086 | R--- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Installer\{3C40DA91-58D8-44F8-BD19-969912D8612E}\ARPPRODUCTICON.exe
[2011.12.06 13:08:01 | 000,015,086 | R--- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Installer\{ABA28CFF-ED95-47A8-95F6-89402D6FFA3D}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A1D5C6AA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:00934A10

< End of report >

--- --- ---
[/CODE]

Gruss und Danke
Walter

Hallo Arne

Sorry, habe soeben auf dem Desktop gesehen, dass OLT noch einen zweiten Output generierte ("Extras"), den ich auch poste:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.06.2012 10:12:49 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Walter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.56% Memory free
23.98 Gb Paging File | 21.71 Gb Available in Paging File | 90.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 714.71 Gb Total Space | 656.08 Gb Free Space | 91.80% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 90.83 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
Drive E: | 321.21 Gb Total Space | 316.21 Gb Free Space | 98.44% Space Free | Partition Type: NTFS
Drive F: | 146.49 Gb Total Space | 62.66 Gb Free Space | 42.77% Space Free | Partition Type: NTFS
Drive G: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive H: | 119.14 Gb Total Space | 42.96 Gb Free Space | 36.06% Space Free | Partition Type: NTFS
Drive K: | 931.28 Gb Total Space | 729.19 Gb Free Space | 78.30% Space Free | Partition Type: FAT32
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185240A-FD26-4C23-9516-3FB004E52716}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0862601F-E837-4F47-825D-784AAB642863}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{136DCE60-9F14-4E8B-A562-1E1ADEC3D225}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15CF99D8-1E80-4BB7-975C-333D55277B7C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F58CC6C-282B-4F9A-A0F8-FF120C7BBF78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22E74A03-0FFF-4079-A8C6-4062A6BC8FA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{29C5AFB8-E7FB-4E00-8417-4A2CBA8BC296}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38649FB0-2779-4EA9-A966-0A2D5C76BC13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{505AF513-193B-4655-A4A4-6B37CB6287B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{50FB27D5-9F23-4BD1-BF6C-F469A02224C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6904692C-AF10-40A5-93FD-3A35E57668C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7393BE48-2B38-4FA9-AE1F-A1C233822422}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B9609E3-3FA2-481E-A79A-F4B85CFDB137}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C39D604-5C3B-4C27-8884-728FA6800181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7D4A3D3-C8FF-4388-8EA6-F1B7ABCC5D54}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B17019D1-F2FF-46E8-B0DF-0A8571F4159E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B5E69EE7-4FB4-40E7-9F0D-34E46936480E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B5F75A3A-150B-4131-AC10-E4130328919B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C353ABCE-D2EA-449E-A45A-448D3A514185}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5AC0741-2C8B-4347-BBE6-B6C9F6C0453A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D52DDA8F-9994-42D2-A3B2-76541C6948E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DAC0FBEC-1A6E-4919-B814-D2B5DD5EB8FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FFF4A762-E228-4D12-BDEC-9E684B48695C}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212181D-52A3-4F5F-A173-A0100FC44CF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{093B5583-14EE-45F2-BC1E-66AF254D9A86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{28951861-D5AB-4666-A3A9-5A3F77601367}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{29D24CC1-25C2-4F2D-96CC-62343E693441}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E53E0AC-6905-4A03-8D25-C148BE46AD05}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{316CB239-5A28-44F8-8B6E-3A6F79EB9120}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{3D29B4ED-8C58-4545-9DB5-343444E71078}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EBFF2D5-2708-4FCE-B4BD-C10BB6A2F476}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52D84574-B3DE-4B45-9AF6-313762749CEB}" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{56EC8B79-B3F7-4CAF-AE96-23B96FD75508}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5AED1610-19EB-4FBE-ABA2-FB6825FA4C9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CD2BCF6-AE36-48A3-80E7-E35CD2B78ED4}" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{5D05A81F-A52E-4E60-97AE-16B947D5CBA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60918484-F3B6-4BA4-A22A-731AA03EFFEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{679EF750-C342-4BA3-9AEB-1862802848B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67DC7359-2064-44E7-8A6C-96BF7B0E259D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68C6B78B-3856-494E-91AA-5131F78A662F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B6BEA0D-41D0-4491-A2FA-9F0CEECA26A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{715224ED-F853-4FEA-BEF9-1B980E166DBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{768B265B-1945-4E1E-BD64-0D5009F20407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{817E248E-C542-432B-8C10-7DD886FCC8A3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{94CB4E2A-C66A-47EA-969F-54DFB9D30093}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9A5466A9-CD3D-4511-81D9-E4B111A696F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B48F199E-0189-4581-8BA0-A8B00897A381}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{BE46F955-933A-4AA0-8CE3-FD36DE90655A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E41AF275-E70F-460F-B758-92FEB1ADA55E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7F1D8A0-0CB3-4DD2-A2AD-62759657EA35}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{E8989E0B-1A0E-40E8-A2A4-6995BC310146}" = protocol=6 | dir=out | app=system | 
"{ECBEBE3E-A17E-4669-9EFF-09CAA92374A5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ED86899E-2218-497C-AB53-DE728B6940AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD85C8D1-3334-49D0-A09E-2CBD3B837558}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 X - FSX
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B73EB2-7538-4CC4-BBD6-5463E508B69B}" = aerosoft's - Balearic Islands X for FSX
"{0A297C87-BF52-43FD-AD75-EE72228E4457}" = aerosoft's - Mega Airport Amsterdam FSX
"{0CBA8FE8-3245-4E62-B8BE-951A3C7C7EC3}" = PMDG744X_GE_JL3
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{157C62A5-C5E1-4225-A858-5BD0830FF116}" = PMDG744XF_PW_SQF
"{171E2019-105B-433B-B0E7-CCAE67A9F486}" = Just Flight - 767-200/300 for FSX
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1B19DA07-6870-4E60-9171-5C53AD21A0E0}" = aerosoft's - Mega Airport Munich X
"{1D67FB28-58DA-4425-B426-99E894468197}" = PMDG744X_PW_IB
"{1F0DB6EB-B8D8-45E4-9B04-3DA89B68FEBF}" = PMDG744X_PW_CI
"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{2F76FF6D-B992-4FD9-8686-F09F868B2C58}" = FSNavigator
"{327E8086-4211-4F7D-8731-720FEA0367B4}" = aerosoft's - German Airports 1 - FS2004
"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X
"{3C40DA91-58D8-44F8-BD19-969912D8612E}" = Active Sky Evolution
"{400BAAA2-F9AC-469F-9772-8DF9CF5C1273}" = FlyTampa's - Mega Airport Vienna X - FSX
"{40F75775-0940-4F2D-B43F-2BB37E51F13A}" = PMDG744X_GE_SV
"{411B6A8F-0088-496D-8A0A-1319BB825D7C}" = Aerosoft's - German Airports 1 - Friedrichshafen X
"{463A571A-B793-459B-BEA8-028DC323AAB0}" = Aerosoft's - Mega Airport Zurich 2012 - FSX
"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7EA2A2-221D-437C-8727-B033E6679124}" = PMDG744X_GE_BR2
"{4C7F54EE-DC36-431F-9978-DA678D77C4BA}" = aerosoft's - Tahiti X
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight
"{4D5308D2-6B0A-4BB0-809F-AE1000038101}" = Microsoft Flight
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{56BBD67B-36C0-449E-9AD1-B79F13E71243}" = PMDG744X_PW_MH
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6360C5E9-2842-4213-88B9-47D814FAAD54}" = aerosoft's - German Airports 3 X - FSX
"{6758B364-96C0-4143-ABDF-8160F8A2AA0D}" = PMDG744X_PW_SQ
"{6A9F0C42-3758-42EC-B4DE-F85BC5C175CF}" = PMDG744X_RR_CX
"{6DB56B61-0462-46D7-8E54-7D0782E6113E}" = Mailsoft's - Kleinflugplätze Schweiz Teil 3 X
"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8A265EE0-9527-4807-B946-D79C7364774B}" = Just Flight - World Airports 3 FSX
"{8A3D1E45-8D8C-4FC6-A769-DF1232776190}" = PMDG744X_GE_AC
"{8AB7326C-8A0C-4368-A8CD-58B6AB7B3895}" = Mailsoft's - Kleinflugplätze Schweiz Teil 5 X
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{930945C3-064B-4ACD-A004-436A4783FCD9}" = FlyLogic's - Bern-Belp X
"{96E1C9EE-5109-41FA-B412-E3358626051D}" = PMDG744X_PW_NW3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{A1D97ADB-EFF4-4F31-B286-873F06AC6496}" = PMDG744X_GE_NH
"{A8736347-B854-400E-A060-19321AD85B98}" = aerosoft's - Mega Airport Barcelona X
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{ABD462F9-7436-4086-A65B-AC6360ED45FC}" = PMDG744XF_RR_CXF
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest
"{AD7B435D-C7CB-46A4-9D8B-4F54520C7633}" = FlyLogic's - Lugano X
"{B3B8E0B9-04D0-4449-969C-A23F0C90CB85}" = PMDG744X_GE_VS
"{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X
"{C0E7FAD8-F8AE-4819-AEBF-D92562315EEE}" = Mailsoft's - Switzerland Professional X
"{C820ADA9-1C94-469E-833E-832E100E92A2}" = PMDG744X_PW_AI
"{CB858C75-8537-4B71-9080-2A4F7D51F128}" = Aerosoft's - Mega Airport Brussels X
"{D145DF3E-0DB1-4ABC-90E4-E89BA713B01B}" = Mailsoft's - Sion X
"{D1F56041-DDC6-4508-994D-D70FC4022DB0}" = aerosoft's - Holiday Airports FSX
"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E18578DE-567F-4524-95BE-680A1779D15B}" = PMDG744XF_GE_CVF
"{E4298CF5-9C36-4519-9089-FF7A43EA5C5D}" = aerosoft's - German Airports 1 - Stuttgart X
"{E45EC4EA-CE0C-4F1C-9DA4-908A5860CDBA}" = PMDG744XF_GE_5XF
"{E5326C48-869C-43C0-A78E-B531CCFF066B}" = FlyLogic's - Altenrhein X
"{E94F6096-7F52-4EFD-A703-5A61B72A2F3F}" = Just Flight - World Airports 4 for FSX
"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}" = PMDG744X_RR_QF
"{ECE1939E-3491-409E-87B7-E7DF65E7B909}" = aerosoft's - German Airports 3 - FS2004
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F77ABA68-8AC4-497E-9FFA-9CA4506B78FC}" = PMDG744XF_PW_FXF
"{F86772B6-2F2B-4EA4-B5D6-875BBE41B9FB}" = PMDG744X_GE_TG
"{F941AABE-E868-42D9-9F38-884250F7898A}" = aerosoft's - FlightSim Commander 9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5365-1369-1386-1612" = Steuer 2011 12.0.1
"afx" = AFX
"Airbus Series 1 Deluxe - Evolution Full (FSX)" = Airbus Series 1 Deluxe - Evolution Full (FSX)
"Airbus Series 2 - Evolution Full (FSX)" = Airbus Series 2 - Evolution Full (FSX)
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"FSDreamTeam Geneva FS9_is1" = FSDreamTeam Geneva FS9 1.1
"FSDreamTeam Geneva FSX_is1" = FSDreamTeam Geneva FSX 1.3.2
"FSDreamTeam GSX_is1" = FSDreamTeam GSX 1.4.1
"FSDreamTeam Los Angeles International FSX_is1" = FSDreamTeam Los Angeles International FSX 1.4
"FSDreamTeam OHareX 2.0_is1" = FSDreamTeam OHareX 2.0
"FSDreamTeam ZurichX_is1" = FSDreamTeam ZurichX 2.0.2
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"Google Chrome" = Google Chrome
"HDD Health_is1" = HDD Health v3.3 Beta
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.6
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"Steam App 24010" = Train Simulator 2012
"ViMaCore X" = VistaMare ViMaCore X
"VIRTUALI Addon ManagerX 2.8.0.10_is1" = VIRTUALI Addon ManagerX
"VIRTUALI Addon ManagerX 2.9.0.1_is1" = VIRTUALI Addon ManagerX
"VIRTUALI Addon ManagerX 2.9.0.3_is1" = VIRTUALI Addon ManagerX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A380v2 (FSX)" = A380v2 (FSX)
"QualityWings Ultimate 757 Collection" = QualityWings Ultimate 757 Collection
"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe
"Ultimate Terrain X - USA" = Ultimate Terrain X - USA
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 17:16:55 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2012 17:22:11 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 09.06.2012 04:28:29 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 04:33:43 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 09.06.2012 16:49:11 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 16:54:02 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 10.06.2012 04:42:49 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2012 04:48:07 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 11.06.2012 04:01:33 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2012 04:06:17 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
[ System Events ]
Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 24.03.2012 13:30:55 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 03.04.2012 12:52:01 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 03.04.2012 12:52:02 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >

--- --- ---
[/CODE]

Vielleicht brauchst Du diesen auch.

Gruss
Walter

cosinus · 11.06.2012, 12:28

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
[2012.06.03 12:16:09 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\threed32.oca
[2012.06.03 12:16:09 | 000,093,696 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.oca
[2012.06.03 12:16:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\grid32.oca
[2012.06.03 12:16:09 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP
[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP
[2012.06.03 12:16:09 | 000,002,493 | ---- | C] () -- C:\Windows\SysWow64\COMCTL32.DEP
[2012.06.03 12:16:09 | 000,002,405 | ---- | C] () -- C:\Windows\SysWow64\MSINET.DEP
[2012.06.03 12:16:09 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\sevClb20.dep
[2012.06.03 12:16:09 | 000,000,549 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.dep
[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevXPCtl.dep
[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevEin20.dep
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A1D5C6AA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:00934A10
:Files
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

waltch · 11.06.2012, 14:43

Hallo Arne

Okay, den Fix habe ich wie beschrieben ausgeführt. Nach dem Neustart kam folgendes Resultat:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\SysWOW64\threed32.oca moved successfully.
C:\Windows\SysWOW64\sevCmd3.oca moved successfully.
C:\Windows\SysWOW64\grid32.oca moved successfully.
C:\Windows\SysWOW64\COMCT232.DEP moved successfully.
C:\Windows\SysWOW64\TABCTL32.DEP moved successfully.
C:\Windows\SysWOW64\MSFLXGRD.DEP moved successfully.
C:\Windows\SysWOW64\COMDLG32.DEP moved successfully.
C:\Windows\SysWOW64\COMCTL32.DEP moved successfully.
C:\Windows\SysWOW64\MSINET.DEP moved successfully.
C:\Windows\SysWOW64\sevClb20.dep moved successfully.
C:\Windows\SysWOW64\sevCmd3.dep moved successfully.
C:\Windows\SysWOW64\sevXPCtl.dep moved successfully.
C:\Windows\SysWOW64\sevEin20.dep moved successfully.
ADS C:\ProgramData\TEMP:74603393 deleted successfully.
ADS C:\ProgramData\TEMP:A1D5C6AA deleted successfully.
ADS C:\ProgramData\TEMP:00934A10 deleted successfully.
========== FILES ==========
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Walter
->Temp folder emptied: 1177326 bytes
->Temporary Internet Files folder emptied: 25510247 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 801 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3502 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 567418628 bytes
 
Total Files Cleaned = 567.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: Walter
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06112012_153852

Files\Folders moved on Reboot...
C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Gruss
Walter

cosinus · 11.06.2012, 15:42

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

waltch · 11.06.2012, 21:55

Hallo Arne

Okay, ich habe den gezippten "MovedFiles" wie beschrieben hochgeladen.

Gruss
Walter

cosinus · 11.06.2012, 22:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

waltch · 11.06.2012, 22:43

Hallo Arne

Hier das Log vom TDSSKiller:

Code:

ATTFilter

 23:39:25.0073 1140	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:39:25.0213 1140	============================================================
23:39:25.0213 1140	Current date / time: 2012/06/11 23:39:25.0213
23:39:25.0213 1140	SystemInfo:
23:39:25.0213 1140	
23:39:25.0213 1140	OS Version: 6.1.7601 ServicePack: 1.0
23:39:25.0213 1140	Product type: Workstation
23:39:25.0213 1140	ComputerName: WALTER-PC
23:39:25.0213 1140	UserName: Walter
23:39:25.0213 1140	Windows directory: C:\Windows
23:39:25.0213 1140	System windows directory: C:\Windows
23:39:25.0213 1140	Running under WOW64
23:39:25.0213 1140	Processor architecture: Intel x64
23:39:25.0213 1140	Number of processors: 8
23:39:25.0213 1140	Page size: 0x1000
23:39:25.0213 1140	Boot type: Normal boot
23:39:25.0213 1140	============================================================
23:39:25.0953 1140	Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:39:25.0953 1140	Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:39:25.0953 1140	Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:39:25.0983 1140	============================================================
23:39:25.0983 1140	\Device\Harddisk0\DR0:
23:39:25.0983 1140	MBR partitions:
23:39:25.0983 1140	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:39:25.0983 1140	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE48800
23:39:25.0983 1140	\Device\Harddisk1\DR1:
23:39:25.0983 1140	MBR partitions:
23:39:25.0983 1140	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5956DB35
23:39:25.0983 1140	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5956DB74, BlocksNum 0x124FAAF3
23:39:25.0983 1140	\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x6BA68667, BlocksNum 0xEA60942
23:39:25.0993 1140	\Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x7A4C8FE8, BlocksNum 0xC35314E
23:39:26.0003 1140	\Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x8681C175, BlocksNum 0x2826A5CC
23:39:26.0003 1140	\Device\Harddisk2\DR2:
23:39:26.0003 1140	MBR partitions:
23:39:26.0003 1140	\Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
23:39:26.0003 1140	============================================================
23:39:26.0023 1140	C: <-> \Device\Harddisk1\DR1\Partition0
23:39:26.0053 1140	D: <-> \Device\Harddisk1\DR1\Partition3
23:39:26.0073 1140	E: <-> \Device\Harddisk1\DR1\Partition4
23:39:26.0093 1140	F: <-> \Device\Harddisk1\DR1\Partition1
23:39:26.0103 1140	G: <-> \Device\Harddisk1\DR1\Partition2
23:39:26.0103 1140	H: <-> \Device\Harddisk0\DR0\Partition1
23:39:26.0103 1140	K: <-> \Device\Harddisk2\DR2\Partition0
23:39:26.0103 1140	============================================================
23:39:26.0103 1140	Initialize success
23:39:26.0103 1140	============================================================
23:39:37.0524 2716	============================================================
23:39:37.0524 2716	Scan started
23:39:37.0524 2716	Mode: Manual; SigCheck; TDLFS; 
23:39:37.0524 2716	============================================================
23:39:38.0274 2716	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
23:39:38.0334 2716	1394ohci - ok
23:39:38.0354 2716	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:39:38.0364 2716	ACPI - ok
23:39:38.0364 2716	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:39:38.0414 2716	AcpiPmi - ok
23:39:38.0464 2716	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:39:38.0474 2716	AdobeARMservice - ok
23:39:38.0544 2716	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:39:38.0564 2716	AdobeFlashPlayerUpdateSvc - ok
23:39:38.0594 2716	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:39:38.0624 2716	adp94xx - ok
23:39:38.0644 2716	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:39:38.0654 2716	adpahci - ok
23:39:38.0674 2716	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:39:38.0674 2716	adpu320 - ok
23:39:38.0704 2716	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:39:38.0784 2716	AeLookupSvc - ok
23:39:38.0824 2716	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:39:38.0864 2716	AFD - ok
23:39:38.0874 2716	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:39:38.0884 2716	agp440 - ok
23:39:38.0894 2716	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:39:38.0914 2716	ALG - ok
23:39:38.0924 2716	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:39:38.0934 2716	aliide - ok
23:39:38.0934 2716	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:39:38.0944 2716	amdide - ok
23:39:38.0954 2716	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:39:38.0974 2716	AmdK8 - ok
23:39:38.0974 2716	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:39:38.0984 2716	AmdPPM - ok
23:39:39.0004 2716	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:39:39.0014 2716	amdsata - ok
23:39:39.0034 2716	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:39:39.0044 2716	amdsbs - ok
23:39:39.0054 2716	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:39:39.0064 2716	amdxata - ok
23:39:39.0124 2716	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:39:39.0134 2716	AntiVirSchedulerService - ok
23:39:39.0154 2716	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:39:39.0164 2716	AntiVirService - ok
23:39:39.0164 2716	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:39:39.0214 2716	AppID - ok
23:39:39.0224 2716	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:39:39.0264 2716	AppIDSvc - ok
23:39:39.0264 2716	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:39:39.0294 2716	Appinfo - ok
23:39:39.0334 2716	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:39:39.0344 2716	Apple Mobile Device - ok
23:39:39.0354 2716	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:39:39.0364 2716	arc - ok
23:39:39.0384 2716	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:39:39.0394 2716	arcsas - ok
23:39:39.0444 2716	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:39:39.0454 2716	aspnet_state - ok
23:39:39.0474 2716	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:39:39.0524 2716	AsyncMac - ok
23:39:39.0534 2716	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:39:39.0534 2716	atapi - ok
23:39:39.0564 2716	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:39:39.0614 2716	AudioEndpointBuilder - ok
23:39:39.0614 2716	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:39:39.0644 2716	AudioSrv - ok
23:39:39.0664 2716	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:39:39.0684 2716	avgntflt - ok
23:39:39.0704 2716	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:39:39.0704 2716	avipbb - ok
23:39:39.0714 2716	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:39:39.0724 2716	avkmgr - ok
23:39:39.0754 2716	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:39:39.0784 2716	AxInstSV - ok
23:39:39.0814 2716	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:39:39.0854 2716	b06bdrv - ok
23:39:39.0874 2716	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:39:39.0894 2716	b57nd60a - ok
23:39:39.0954 2716	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:39:40.0054 2716	BDESVC - ok
23:39:40.0074 2716	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:39:40.0104 2716	Beep - ok
23:39:40.0154 2716	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:39:40.0184 2716	BFE - ok
23:39:40.0224 2716	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:39:40.0284 2716	BITS - ok
23:39:40.0304 2716	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:39:40.0324 2716	blbdrive - ok
23:39:40.0374 2716	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:39:40.0394 2716	Bonjour Service - ok
23:39:40.0414 2716	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:39:40.0434 2716	bowser - ok
23:39:40.0434 2716	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:39:40.0444 2716	BrFiltLo - ok
23:39:40.0454 2716	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:39:40.0464 2716	BrFiltUp - ok
23:39:40.0474 2716	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:39:40.0504 2716	Browser - ok
23:39:40.0514 2716	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:39:40.0564 2716	Brserid - ok
23:39:40.0564 2716	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:39:40.0584 2716	BrSerWdm - ok
23:39:40.0584 2716	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:39:40.0594 2716	BrUsbMdm - ok
23:39:40.0594 2716	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:39:40.0604 2716	BrUsbSer - ok
23:39:40.0614 2716	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:39:40.0634 2716	BTHMODEM - ok
23:39:40.0634 2716	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:39:40.0664 2716	bthserv - ok
23:39:40.0664 2716	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:39:40.0684 2716	cdfs - ok
23:39:40.0704 2716	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:39:40.0724 2716	cdrom - ok
23:39:40.0744 2716	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:39:40.0764 2716	CertPropSvc - ok
23:39:40.0764 2716	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:39:40.0774 2716	circlass - ok
23:39:40.0794 2716	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:39:40.0804 2716	CLFS - ok
23:39:40.0834 2716	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:40.0844 2716	clr_optimization_v2.0.50727_32 - ok
23:39:40.0884 2716	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:39:40.0894 2716	clr_optimization_v2.0.50727_64 - ok
23:39:40.0944 2716	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:39:40.0954 2716	clr_optimization_v4.0.30319_32 - ok
23:39:40.0974 2716	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:39:40.0984 2716	clr_optimization_v4.0.30319_64 - ok
23:39:40.0994 2716	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:39:41.0004 2716	CmBatt - ok
23:39:41.0014 2716	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:39:41.0024 2716	cmdide - ok
23:39:41.0044 2716	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:39:41.0074 2716	CNG - ok
23:39:41.0084 2716	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:39:41.0094 2716	Compbatt - ok
23:39:41.0104 2716	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:39:41.0114 2716	CompositeBus - ok
23:39:41.0124 2716	COMSysApp - ok
23:39:41.0124 2716	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:39:41.0134 2716	crcdisk - ok
23:39:41.0164 2716	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:39:41.0214 2716	CryptSvc - ok
23:39:41.0244 2716	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:39:41.0274 2716	DcomLaunch - ok
23:39:41.0294 2716	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:39:41.0324 2716	defragsvc - ok
23:39:41.0334 2716	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:39:41.0364 2716	DfsC - ok
23:39:41.0374 2716	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:39:41.0414 2716	Dhcp - ok
23:39:41.0424 2716	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:39:41.0454 2716	discache - ok
23:39:41.0454 2716	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:39:41.0464 2716	Disk - ok
23:39:41.0484 2716	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:39:41.0514 2716	Dnscache - ok
23:39:41.0524 2716	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:39:41.0554 2716	dot3svc - ok
23:39:41.0584 2716	dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:39:41.0604 2716	dot4 - ok
23:39:41.0614 2716	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:39:41.0624 2716	Dot4Print - ok
23:39:41.0634 2716	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:39:41.0644 2716	dot4usb - ok
23:39:41.0654 2716	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:39:41.0684 2716	DPS - ok
23:39:41.0704 2716	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:39:41.0734 2716	drmkaud - ok
23:39:41.0774 2716	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:39:41.0804 2716	DXGKrnl - ok
23:39:41.0824 2716	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:39:41.0844 2716	EapHost - ok
23:39:41.0954 2716	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:39:42.0024 2716	ebdrv - ok
23:39:42.0094 2716	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:39:42.0114 2716	EFS - ok
23:39:42.0164 2716	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:39:42.0214 2716	ehRecvr - ok
23:39:42.0234 2716	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:39:42.0254 2716	ehSched - ok
23:39:42.0284 2716	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:39:42.0314 2716	elxstor - ok
23:39:42.0324 2716	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:39:42.0334 2716	ErrDev - ok
23:39:42.0354 2716	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:39:42.0384 2716	EventSystem - ok
23:39:42.0394 2716	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:39:42.0414 2716	exfat - ok
23:39:42.0424 2716	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:39:42.0454 2716	fastfat - ok
23:39:42.0494 2716	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:39:42.0524 2716	Fax - ok
23:39:42.0524 2716	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:39:42.0534 2716	fdc - ok
23:39:42.0544 2716	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:39:42.0574 2716	fdPHost - ok
23:39:42.0574 2716	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:39:42.0614 2716	FDResPub - ok
23:39:42.0624 2716	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:39:42.0624 2716	FileInfo - ok
23:39:42.0644 2716	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:39:42.0674 2716	Filetrace - ok
23:39:42.0674 2716	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:39:42.0684 2716	flpydisk - ok
23:39:42.0694 2716	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:39:42.0704 2716	FltMgr - ok
23:39:42.0754 2716	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:39:42.0794 2716	FontCache - ok
23:39:42.0824 2716	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:39:42.0834 2716	FontCache3.0.0.0 - ok
23:39:42.0854 2716	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:39:42.0864 2716	FsDepends - ok
23:39:42.0874 2716	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:39:42.0894 2716	Fs_Rec - ok
23:39:42.0904 2716	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:39:42.0924 2716	fvevol - ok
23:39:42.0944 2716	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:39:42.0954 2716	gagp30kx - ok
23:39:42.0974 2716	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:39:42.0984 2716	GEARAspiWDM - ok
23:39:43.0014 2716	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:39:43.0054 2716	gpsvc - ok
23:39:43.0094 2716	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:39:43.0104 2716	gupdate - ok
23:39:43.0124 2716	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:39:43.0134 2716	gupdatem - ok
23:39:43.0164 2716	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:39:43.0184 2716	gusvc - ok
23:39:43.0184 2716	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:39:43.0204 2716	hcw85cir - ok
23:39:43.0234 2716	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:39:43.0254 2716	HdAudAddService - ok
23:39:43.0274 2716	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:39:43.0294 2716	HDAudBus - ok
23:39:43.0294 2716	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:39:43.0314 2716	HidBatt - ok
23:39:43.0314 2716	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:39:43.0334 2716	HidBth - ok
23:39:43.0354 2716	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:39:43.0364 2716	HidIr - ok
23:39:43.0374 2716	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:39:43.0404 2716	hidserv - ok
23:39:43.0424 2716	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:39:43.0434 2716	HidUsb - ok
23:39:43.0444 2716	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:39:43.0478 2716	hkmsvc - ok
23:39:43.0488 2716	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:39:43.0508 2716	HomeGroupListener - ok
23:39:43.0528 2716	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:39:43.0548 2716	HomeGroupProvider - ok
23:39:43.0558 2716	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:39:43.0568 2716	HpSAMD - ok
23:39:43.0608 2716	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:39:43.0648 2716	HTTP - ok
23:39:43.0658 2716	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:39:43.0658 2716	hwpolicy - ok
23:39:43.0668 2716	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:39:43.0678 2716	i8042prt - ok
23:39:43.0698 2716	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:39:43.0708 2716	iaStorV - ok
23:39:43.0798 2716	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:39:43.0808 2716	IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:39:43.0808 2716	IDriverT - detected UnsignedFile.Multi.Generic (1)
23:39:43.0878 2716	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:39:43.0908 2716	idsvc - ok
23:39:43.0958 2716	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:39:43.0968 2716	iirsp - ok
23:39:44.0008 2716	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:39:44.0058 2716	IKEEXT - ok
23:39:44.0068 2716	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:39:44.0068 2716	intelide - ok
23:39:44.0098 2716	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:39:44.0108 2716	intelppm - ok
23:39:44.0118 2716	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:39:44.0148 2716	IPBusEnum - ok
23:39:44.0148 2716	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:39:44.0178 2716	IpFilterDriver - ok
23:39:44.0208 2716	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:39:44.0238 2716	iphlpsvc - ok
23:39:44.0238 2716	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:39:44.0248 2716	IPMIDRV - ok
23:39:44.0278 2716	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:39:44.0318 2716	IPNAT - ok
23:39:44.0388 2716	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:39:44.0418 2716	iPod Service - ok
23:39:44.0428 2716	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:39:44.0448 2716	IRENUM - ok
23:39:44.0458 2716	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:39:44.0458 2716	isapnp - ok
23:39:44.0478 2716	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:39:44.0498 2716	iScsiPrt - ok
23:39:44.0518 2716	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:39:44.0518 2716	kbdclass - ok
23:39:44.0528 2716	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:39:44.0538 2716	kbdhid - ok
23:39:44.0558 2716	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:39:44.0568 2716	KeyIso - ok
23:39:44.0568 2716	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:39:44.0578 2716	KSecDD - ok
23:39:44.0598 2716	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:39:44.0608 2716	KSecPkg - ok
23:39:44.0618 2716	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:39:44.0648 2716	ksthunk - ok
23:39:44.0678 2716	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:39:44.0698 2716	KtmRm - ok
23:39:44.0718 2716	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:39:44.0738 2716	LanmanServer - ok
23:39:44.0768 2716	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:39:44.0788 2716	LanmanWorkstation - ok
23:39:44.0808 2716	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:39:44.0838 2716	lltdio - ok
23:39:44.0858 2716	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:39:44.0888 2716	lltdsvc - ok
23:39:44.0898 2716	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:39:44.0928 2716	lmhosts - ok
23:39:44.0948 2716	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:39:44.0958 2716	LSI_FC - ok
23:39:44.0978 2716	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:39:44.0978 2716	LSI_SAS - ok
23:39:44.0988 2716	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:39:44.0998 2716	LSI_SAS2 - ok
23:39:45.0008 2716	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:39:45.0018 2716	LSI_SCSI - ok
23:39:45.0038 2716	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:39:45.0068 2716	luafv - ok
23:39:45.0128 2716	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:39:45.0148 2716	MBAMProtector - ok
23:39:45.0198 2716	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:39:45.0218 2716	MBAMService - ok
23:39:45.0278 2716	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:39:45.0288 2716	McComponentHostService - ok
23:39:45.0298 2716	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:39:45.0313 2716	Mcx2Svc - ok
23:39:45.0313 2716	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:39:45.0329 2716	megasas - ok
23:39:45.0344 2716	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:39:45.0360 2716	MegaSR - ok
23:39:45.0376 2716	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:39:45.0422 2716	MMCSS - ok
23:39:45.0422 2716	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:39:45.0469 2716	Modem - ok
23:39:45.0469 2716	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:39:45.0485 2716	monitor - ok
23:39:45.0485 2716	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:39:45.0500 2716	mouclass - ok
23:39:45.0516 2716	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:39:45.0532 2716	mouhid - ok
23:39:45.0532 2716	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:39:45.0547 2716	mountmgr - ok
23:39:45.0557 2716	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:39:45.0567 2716	mpio - ok
23:39:45.0577 2716	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:39:45.0597 2716	mpsdrv - ok
23:39:45.0637 2716	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:39:45.0667 2716	MpsSvc - ok
23:39:45.0667 2716	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:39:45.0687 2716	MRxDAV - ok
23:39:45.0707 2716	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:45.0717 2716	mrxsmb - ok
23:39:45.0737 2716	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:45.0757 2716	mrxsmb10 - ok
23:39:45.0767 2716	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:45.0777 2716	mrxsmb20 - ok
23:39:45.0787 2716	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:39:45.0797 2716	msahci - ok
23:39:45.0807 2716	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:39:45.0817 2716	msdsm - ok
23:39:45.0827 2716	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:39:45.0847 2716	MSDTC - ok
23:39:45.0857 2716	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:39:45.0877 2716	Msfs - ok
23:39:45.0887 2716	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:39:45.0917 2716	mshidkmdf - ok
23:39:45.0917 2716	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:39:45.0927 2716	msisadrv - ok
23:39:45.0957 2716	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:39:45.0987 2716	MSiSCSI - ok
23:39:45.0987 2716	msiserver - ok
23:39:46.0007 2716	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:39:46.0027 2716	MSKSSRV - ok
23:39:46.0037 2716	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:46.0067 2716	MSPCLOCK - ok
23:39:46.0067 2716	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:39:46.0087 2716	MSPQM - ok
23:39:46.0107 2716	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:39:46.0117 2716	MsRPC - ok
23:39:46.0127 2716	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:39:46.0137 2716	mssmbios - ok
23:39:46.0147 2716	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:39:46.0167 2716	MSTEE - ok
23:39:46.0167 2716	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:39:46.0177 2716	MTConfig - ok
23:39:46.0197 2716	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
23:39:46.0217 2716	MTsensor - ok
23:39:46.0227 2716	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:39:46.0237 2716	Mup - ok
23:39:46.0257 2716	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:39:46.0297 2716	napagent - ok
23:39:46.0317 2716	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:39:46.0337 2716	NativeWifiP - ok
23:39:46.0377 2716	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:39:46.0407 2716	NDIS - ok
23:39:46.0417 2716	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:39:46.0437 2716	NdisCap - ok
23:39:46.0447 2716	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:46.0467 2716	NdisTapi - ok
23:39:46.0467 2716	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:46.0487 2716	Ndisuio - ok
23:39:46.0507 2716	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:46.0537 2716	NdisWan - ok
23:39:46.0547 2716	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:39:46.0567 2716	NDProxy - ok
23:39:46.0577 2716	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:39:46.0607 2716	NetBIOS - ok
23:39:46.0617 2716	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:39:46.0647 2716	NetBT - ok
23:39:46.0667 2716	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:39:46.0677 2716	Netlogon - ok
23:39:46.0707 2716	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:39:46.0767 2716	Netman - ok
23:39:46.0817 2716	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:46.0837 2716	NetMsmqActivator - ok
23:39:46.0837 2716	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:46.0847 2716	NetPipeActivator - ok
23:39:46.0867 2716	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:39:46.0907 2716	netprofm - ok
23:39:46.0907 2716	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:46.0917 2716	NetTcpActivator - ok
23:39:46.0917 2716	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:46.0927 2716	NetTcpPortSharing - ok
23:39:46.0957 2716	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:39:46.0967 2716	nfrd960 - ok
23:39:46.0977 2716	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:39:47.0007 2716	NlaSvc - ok
23:39:47.0017 2716	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:39:47.0037 2716	Npfs - ok
23:39:47.0047 2716	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:39:47.0067 2716	nsi - ok
23:39:47.0077 2716	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:39:47.0097 2716	nsiproxy - ok
23:39:47.0157 2716	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:39:47.0217 2716	Ntfs - ok
23:39:47.0257 2716	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:39:47.0307 2716	Null - ok
23:39:47.0327 2716	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
23:39:47.0337 2716	NVHDA - ok
23:39:47.0718 2716	nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:39:47.0856 2716	nvlddmkm - ok
23:39:47.0906 2716	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:39:47.0916 2716	nvraid - ok
23:39:47.0926 2716	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:39:47.0936 2716	nvstor - ok
23:39:47.0986 2716	nvsvc           (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
23:39:47.0996 2716	nvsvc - ok
23:39:48.0106 2716	nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:39:48.0156 2716	nvUpdatusService - ok
23:39:48.0186 2716	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:39:48.0196 2716	nv_agp - ok
23:39:48.0196 2716	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:39:48.0216 2716	ohci1394 - ok
23:39:48.0236 2716	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:48.0246 2716	ose - ok
23:39:48.0286 2716	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:39:48.0306 2716	p2pimsvc - ok
23:39:48.0326 2716	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:39:48.0336 2716	p2psvc - ok
23:39:48.0346 2716	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:39:48.0366 2716	Parport - ok
23:39:48.0386 2716	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:39:48.0396 2716	partmgr - ok
23:39:48.0416 2716	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:39:48.0436 2716	PcaSvc - ok
23:39:48.0446 2716	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:39:48.0456 2716	pci - ok
23:39:48.0456 2716	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:39:48.0466 2716	pciide - ok
23:39:48.0476 2716	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:39:48.0486 2716	pcmcia - ok
23:39:48.0506 2716	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:39:48.0516 2716	pcw - ok
23:39:48.0536 2716	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:39:48.0576 2716	PEAUTH - ok
23:39:48.0626 2716	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:39:48.0636 2716	PerfHost - ok
23:39:48.0696 2716	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:39:48.0756 2716	pla - ok
23:39:48.0786 2716	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:39:48.0806 2716	PlugPlay - ok
23:39:48.0816 2716	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:39:48.0826 2716	PNRPAutoReg - ok
23:39:48.0846 2716	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:39:48.0856 2716	PNRPsvc - ok
23:39:48.0886 2716	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:39:48.0946 2716	PolicyAgent - ok
23:39:48.0966 2716	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:39:48.0996 2716	Power - ok
23:39:49.0036 2716	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:39:49.0076 2716	PptpMiniport - ok
23:39:49.0086 2716	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:39:49.0096 2716	Processor - ok
23:39:49.0126 2716	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:39:49.0156 2716	ProfSvc - ok
23:39:49.0176 2716	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:39:49.0186 2716	ProtectedStorage - ok
23:39:49.0196 2716	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:39:49.0226 2716	Psched - ok
23:39:49.0286 2716	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:39:49.0326 2716	ql2300 - ok
23:39:49.0386 2716	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:39:49.0406 2716	ql40xx - ok
23:39:49.0426 2716	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:39:49.0446 2716	QWAVE - ok
23:39:49.0466 2716	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:39:49.0486 2716	QWAVEdrv - ok
23:39:49.0496 2716	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:39:49.0516 2716	RasAcd - ok
23:39:49.0526 2716	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:39:49.0556 2716	RasAgileVpn - ok
23:39:49.0566 2716	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:39:49.0586 2716	RasAuto - ok
23:39:49.0606 2716	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:49.0626 2716	Rasl2tp - ok
23:39:49.0646 2716	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:39:49.0676 2716	RasMan - ok
23:39:49.0676 2716	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:49.0706 2716	RasPppoe - ok
23:39:49.0716 2716	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:39:49.0736 2716	RasSstp - ok
23:39:49.0766 2716	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:39:49.0786 2716	rdbss - ok
23:39:49.0786 2716	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:39:49.0806 2716	rdpbus - ok
23:39:49.0806 2716	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:49.0826 2716	RDPCDD - ok
23:39:49.0841 2716	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:39:49.0857 2716	RDPENCDD - ok
23:39:49.0872 2716	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:39:49.0904 2716	RDPREFMP - ok
23:39:49.0919 2716	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:39:49.0935 2716	RDPWD - ok
23:39:49.0950 2716	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:39:49.0966 2716	rdyboost - ok
23:39:49.0982 2716	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:39:50.0013 2716	RemoteAccess - ok
23:39:50.0028 2716	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:39:50.0054 2716	RemoteRegistry - ok
23:39:50.0064 2716	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:39:50.0094 2716	RpcEptMapper - ok
23:39:50.0104 2716	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:39:50.0124 2716	RpcLocator - ok
23:39:50.0144 2716	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:39:50.0174 2716	RpcSs - ok
23:39:50.0184 2716	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:39:50.0204 2716	rspndr - ok
23:39:50.0224 2716	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:39:50.0234 2716	SamSs - ok
23:39:50.0244 2716	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:39:50.0254 2716	sbp2port - ok
23:39:50.0264 2716	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:39:50.0294 2716	SCardSvr - ok
23:39:50.0294 2716	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:39:50.0324 2716	scfilter - ok
23:39:50.0364 2716	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:39:50.0404 2716	Schedule - ok
23:39:50.0414 2716	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:39:50.0434 2716	SCPolicySvc - ok
23:39:50.0444 2716	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:39:50.0474 2716	SDRSVC - ok
23:39:50.0494 2716	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:39:50.0544 2716	secdrv - ok
23:39:50.0554 2716	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:39:50.0574 2716	seclogon - ok
23:39:50.0584 2716	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:39:50.0604 2716	SENS - ok
23:39:50.0624 2716	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:39:50.0644 2716	SensrSvc - ok
23:39:50.0644 2716	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:39:50.0664 2716	Serenum - ok
23:39:50.0674 2716	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:39:50.0684 2716	Serial - ok
23:39:50.0684 2716	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:39:50.0704 2716	sermouse - ok
23:39:50.0714 2716	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:39:50.0754 2716	SessionEnv - ok
23:39:50.0754 2716	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:39:50.0764 2716	sffdisk - ok
23:39:50.0764 2716	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:39:50.0774 2716	sffp_mmc - ok
23:39:50.0774 2716	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:39:50.0794 2716	sffp_sd - ok
23:39:50.0794 2716	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:39:50.0804 2716	sfloppy - ok
23:39:50.0824 2716	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:39:50.0864 2716	SharedAccess - ok
23:39:50.0884 2716	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:39:50.0904 2716	ShellHWDetection - ok
23:39:50.0934 2716	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:39:50.0934 2716	SiSRaid2 - ok
23:39:50.0944 2716	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:39:50.0954 2716	SiSRaid4 - ok
23:39:50.0974 2716	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:39:50.0994 2716	Smb - ok
23:39:51.0004 2716	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:39:51.0024 2716	SNMPTRAP - ok
23:39:51.0024 2716	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:39:51.0034 2716	spldr - ok
23:39:51.0054 2716	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:39:51.0084 2716	Spooler - ok
23:39:51.0204 2716	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:39:51.0254 2716	sppsvc - ok
23:39:51.0314 2716	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:39:51.0354 2716	sppuinotify - ok
23:39:51.0394 2716	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:39:51.0424 2716	srv - ok
23:39:51.0444 2716	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:39:51.0464 2716	srv2 - ok
23:39:51.0484 2716	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:39:51.0494 2716	srvnet - ok
23:39:51.0514 2716	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:39:51.0534 2716	SSDPSRV - ok
23:39:51.0544 2716	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:39:51.0564 2716	SstpSvc - ok
23:39:51.0614 2716	Steam Client Service - ok
23:39:51.0684 2716	Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:39:51.0694 2716	Stereo Service - ok
23:39:51.0714 2716	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:39:51.0724 2716	stexstor - ok
23:39:51.0754 2716	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:39:51.0774 2716	stisvc - ok
23:39:51.0804 2716	SWDUMon         (9a62d478ab1b83a9fa1af5254b786d0f) C:\Windows\system32\DRIVERS\SWDUMon.sys
23:39:51.0814 2716	SWDUMon - ok
23:39:51.0814 2716	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:39:51.0824 2716	swenum - ok
23:39:51.0854 2716	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:39:51.0884 2716	swprv - ok
23:39:51.0944 2716	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:39:51.0984 2716	SysMain - ok
23:39:52.0024 2716	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:39:52.0034 2716	TabletInputService - ok
23:39:52.0054 2716	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:39:52.0094 2716	TapiSrv - ok
23:39:52.0104 2716	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:39:52.0124 2716	TBS - ok
23:39:52.0204 2716	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:39:52.0264 2716	Tcpip - ok
23:39:52.0374 2716	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:39:52.0404 2716	TCPIP6 - ok
23:39:52.0434 2716	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:39:52.0474 2716	tcpipreg - ok
23:39:52.0484 2716	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:39:52.0494 2716	TDPIPE - ok
23:39:52.0514 2716	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:39:52.0524 2716	TDTCP - ok
23:39:52.0544 2716	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:39:52.0574 2716	tdx - ok
23:39:52.0584 2716	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:39:52.0594 2716	TermDD - ok
23:39:52.0624 2716	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:39:52.0664 2716	TermService - ok
23:39:52.0684 2716	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:39:52.0694 2716	Themes - ok
23:39:52.0714 2716	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:39:52.0734 2716	THREADORDER - ok
23:39:52.0744 2716	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:39:52.0774 2716	TrkWks - ok
23:39:52.0794 2716	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:39:52.0824 2716	TrustedInstaller - ok
23:39:52.0834 2716	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:52.0854 2716	tssecsrv - ok
23:39:52.0864 2716	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:39:52.0874 2716	TsUsbFlt - ok
23:39:52.0884 2716	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:39:52.0884 2716	TsUsbGD - ok
23:39:52.0914 2716	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:39:52.0944 2716	tunnel - ok
23:39:52.0944 2716	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:39:52.0954 2716	uagp35 - ok
23:39:52.0974 2716	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:39:53.0014 2716	udfs - ok
23:39:53.0024 2716	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:39:53.0034 2716	UI0Detect - ok
23:39:53.0054 2716	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:39:53.0054 2716	uliagpkx - ok
23:39:53.0074 2716	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:39:53.0084 2716	umbus - ok
23:39:53.0084 2716	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:39:53.0104 2716	UmPass - ok
23:39:53.0114 2716	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:39:53.0144 2716	upnphost - ok
23:39:53.0164 2716	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:53.0174 2716	usbccgp - ok
23:39:53.0184 2716	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:39:53.0194 2716	usbcir - ok
23:39:53.0214 2716	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:39:53.0224 2716	usbehci - ok
23:39:53.0254 2716	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:39:53.0264 2716	usbhub - ok
23:39:53.0274 2716	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:39:53.0294 2716	usbohci - ok
23:39:53.0304 2716	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:39:53.0314 2716	usbprint - ok
23:39:53.0324 2716	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:53.0344 2716	USBSTOR - ok
23:39:53.0354 2716	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:39:53.0374 2716	usbuhci - ok
23:39:53.0384 2716	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:39:53.0404 2716	UxSms - ok
23:39:53.0424 2716	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:39:53.0434 2716	VaultSvc - ok
23:39:53.0444 2716	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:39:53.0444 2716	vdrvroot - ok
23:39:53.0474 2716	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:39:53.0514 2716	vds - ok
23:39:53.0524 2716	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:53.0534 2716	vga - ok
23:39:53.0534 2716	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:39:53.0554 2716	VgaSave - ok
23:39:53.0564 2716	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:39:53.0574 2716	vhdmp - ok
23:39:53.0584 2716	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:39:53.0594 2716	viaide - ok
23:39:53.0604 2716	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:39:53.0614 2716	volmgr - ok
23:39:53.0634 2716	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:39:53.0644 2716	volmgrx - ok
23:39:53.0674 2716	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:39:53.0684 2716	volsnap - ok
23:39:53.0704 2716	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:39:53.0714 2716	vsmraid - ok
23:39:53.0774 2716	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:39:53.0844 2716	VSS - ok
23:39:53.0904 2716	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:39:53.0934 2716	vwifibus - ok
23:39:53.0954 2716	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:39:53.0994 2716	W32Time - ok
23:39:54.0004 2716	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:39:54.0014 2716	WacomPen - ok
23:39:54.0024 2716	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:54.0054 2716	WANARP - ok
23:39:54.0054 2716	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:54.0074 2716	Wanarpv6 - ok
23:39:54.0134 2716	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:39:54.0174 2716	WatAdminSvc - ok
23:39:54.0224 2716	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:39:54.0274 2716	wbengine - ok
23:39:54.0304 2716	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:39:54.0324 2716	WbioSrvc - ok
23:39:54.0344 2716	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:39:54.0374 2716	wcncsvc - ok
23:39:54.0374 2716	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:39:54.0404 2716	WcsPlugInService - ok
23:39:54.0424 2716	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:39:54.0434 2716	Wd - ok
23:39:54.0454 2716	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:39:54.0484 2716	Wdf01000 - ok
23:39:54.0494 2716	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:39:54.0545 2716	WdiServiceHost - ok
23:39:54.0545 2716	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:39:54.0565 2716	WdiSystemHost - ok
23:39:54.0585 2716	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:39:54.0605 2716	WebClient - ok
23:39:54.0625 2716	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:39:54.0655 2716	Wecsvc - ok
23:39:54.0665 2716	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:39:54.0695 2716	wercplsupport - ok
23:39:54.0715 2716	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:39:54.0735 2716	WerSvc - ok
23:39:54.0745 2716	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:39:54.0765 2716	WfpLwf - ok
23:39:54.0765 2716	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:39:54.0775 2716	WIMMount - ok
23:39:54.0785 2716	WinDefend - ok
23:39:54.0795 2716	WinHttpAutoProxySvc - ok
23:39:54.0825 2716	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:39:54.0845 2716	Winmgmt - ok
23:39:54.0925 2716	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:39:54.0985 2716	WinRM - ok
23:39:55.0045 2716	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:39:55.0085 2716	Wlansvc - ok
23:39:55.0255 2716	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:55.0295 2716	wlidsvc - ok
23:39:55.0335 2716	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:39:55.0345 2716	WmiAcpi - ok
23:39:55.0365 2716	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:39:55.0375 2716	wmiApSrv - ok
23:39:55.0395 2716	WMPNetworkSvc - ok
23:39:55.0405 2716	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:39:55.0415 2716	WPCSvc - ok
23:39:55.0435 2716	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:39:55.0445 2716	WPDBusEnum - ok
23:39:55.0455 2716	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:39:55.0475 2716	ws2ifsl - ok
23:39:55.0495 2716	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:39:55.0515 2716	wscsvc - ok
23:39:55.0515 2716	WSearch - ok
23:39:55.0595 2716	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:39:55.0685 2716	wuauserv - ok
23:39:55.0715 2716	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:39:55.0735 2716	WudfPf - ok
23:39:55.0765 2716	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:55.0795 2716	WUDFRd - ok
23:39:55.0795 2716	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:39:55.0815 2716	wudfsvc - ok
23:39:55.0835 2716	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:39:55.0855 2716	WwanSvc - ok
23:39:55.0885 2716	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:39:55.0905 2716	yukonw7 - ok
23:39:55.0905 2716	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:39:55.0995 2716	\Device\Harddisk0\DR0 - ok
23:39:56.0005 2716	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:39:56.0115 2716	\Device\Harddisk1\DR1 - ok
23:39:56.0115 2716	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
23:39:56.0225 2716	\Device\Harddisk2\DR2 - ok
23:39:56.0225 2716	Boot (0x1200)   (a9245ae223eef996fa0e11d795b374df) \Device\Harddisk0\DR0\Partition0
23:39:56.0225 2716	\Device\Harddisk0\DR0\Partition0 - ok
23:39:56.0235 2716	Boot (0x1200)   (8e4be96111ea748e5b13536568885b17) \Device\Harddisk0\DR0\Partition1
23:39:56.0235 2716	\Device\Harddisk0\DR0\Partition1 - ok
23:39:56.0235 2716	Boot (0x1200)   (12bf13435492e227ddc212ae825c1c8b) \Device\Harddisk1\DR1\Partition0
23:39:56.0235 2716	\Device\Harddisk1\DR1\Partition0 - ok
23:39:56.0245 2716	Boot (0x1200)   (a489ca602fc9f95ac9e6035dfa73691c) \Device\Harddisk1\DR1\Partition1
23:39:56.0255 2716	\Device\Harddisk1\DR1\Partition1 - ok
23:39:56.0265 2716	Boot (0x1200)   (b7720d02a614e47d9a53f4bb7bdbe138) \Device\Harddisk1\DR1\Partition2
23:39:56.0265 2716	\Device\Harddisk1\DR1\Partition2 - ok
23:39:56.0265 2716	Boot (0x1200)   (f5a72c2d803cdbe4985fce14eebbf0ab) \Device\Harddisk1\DR1\Partition3
23:39:56.0265 2716	\Device\Harddisk1\DR1\Partition3 - ok
23:39:56.0275 2716	Boot (0x1200)   (a58c028e9626fe1073d9a9a42670f630) \Device\Harddisk1\DR1\Partition4
23:39:56.0275 2716	\Device\Harddisk1\DR1\Partition4 - ok
23:39:56.0285 2716	Boot (0x1200)   (f1dc55a37b5b1c5eddd85bcf0990a6a1) \Device\Harddisk2\DR2\Partition0
23:39:56.0285 2716	\Device\Harddisk2\DR2\Partition0 - ok
23:39:56.0285 2716	============================================================
23:39:56.0285 2716	Scan finished
23:39:56.0285 2716	============================================================
23:39:56.0285 4036	Detected object count: 1
23:39:56.0285 4036	Actual detected object count: 1
23:40:13.0826 4036	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:40:13.0826 4036	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruss
Walter

cosinus · 12.06.2012, 10:53

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

waltch · 12.06.2012, 16:37

Hallo Arne

Okay, habe ComboFix ausgeführt wie beschrieben. PC wurde vor dem Generieren des Logs einmal neu gestartet. Dannach konnte ich wie erwähnt Programme nicht starten aber nach einem manuellen Neustart durch mich, geht's wieder.

Hier der Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-12.01 - Walter 12.06.2012  17:13:44.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.12279.10138 [GMT 2:00]
ausgeführt von:: c:\users\Walter\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
K:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 15:17 . 2012-06-12 15:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-12 07:46 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0CD46C2-EB7F-4B4B-AEB2-EE21C8BC822D}\mpengine.dll
2012-06-11 13:38 . 2012-06-11 20:50	--------	d-----w-	C:\_OTL
2012-06-09 08:37 . 2012-06-09 08:37	--------	d-----w-	c:\program files (x86)\ESET
2012-06-05 21:35 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-06-05 21:35 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-06-05 21:35 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-06-05 11:51 . 2012-06-05 11:51	--------	d-----w-	c:\users\Walter\AppData\Roaming\Malwarebytes
2012-06-05 11:51 . 2012-06-05 11:51	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-05 11:51 . 2012-06-05 11:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-05 11:51 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-20 13:32 . 2012-05-20 13:32	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-19 15:03 . 2012-05-19 15:03	--------	d-----w-	c:\users\UpdatusUser
2012-05-19 15:02 . 2012-02-29 20:59	2515790	----a-w-	c:\windows\system32\nvcoproc.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 20:36 . 2012-01-05 10:35	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:36 . 2012-01-05 10:35	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 21:14 . 2012-04-03 11:43	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:14 . 2011-11-29 17:47	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:14 . 2012-04-14 21:14	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 12:49 . 2012-04-08 12:49	199	----a-w-	c:\users\Walter\QualityWings_Ultimate 757 Collection.reg
2012-03-31 06:05 . 2012-05-10 09:28	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 09:28	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 09:28	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 09:28	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 09:28	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-24 15:41 . 2012-03-24 15:41	191	----a-w-	c:\users\Walter\FSDreamTeam_Los Angeles V2.reg
2012-03-24 15:40 . 2012-03-24 15:40	190	----a-w-	c:\users\Walter\FSDreamTeam_Chicago Ohare.reg
2012-03-24 15:26 . 2012-03-24 15:26	179	----a-w-	c:\users\Walter\FSDreamTeam_GSX.reg
2012-03-17 07:58 . 2012-05-10 09:28	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-29 39408]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2011-12-04 1242448]
"HDDHealth"="c:\program files (x86)\HDD Health\hddhealth.exe" [2008-06-15 1692672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:14]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 23:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 23:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bluewin.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-afx - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  17:20:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 15:20
.
Vor Suchlauf: 11 Verzeichnis(se), 703'724'363'776 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 703'295'815'680 Bytes frei
.
- - End Of File - - DCB4618D5EE654F07C7BC6E9AC937FDF

--- --- ---

Hoffe nur, dass nach all diesen Tätigkeiten mein System dann wieder okay ist. Deine Hilfe und ausführlichen Anleitungen sind jedenfalls super.

Gruss
Walter

10.06.2012, 00:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Blockierter PC durch Suisa Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Blockierter PC durch Suisa Trojaner

Plagegeister aller Art und deren Bekämpfung: Blockierter PC durch Suisa Trojaner