Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC stockt kurz nach dem Start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.11.2012, 12:46   #1
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Hallo Zusammen

Mein Computer fängt kurz nach dem Start zu stocken an. Er hängt sich nicht komplet auf. Für mich fühlt es sich eher an wie extreme Slow-Motion. Die Töne kann ich noch erkennen oder erraten zu welchem Programm sie gehören. Ich kann Programme schliessen allerdings ist die Reaktionszeit sehr langsam. Nur Herunterfahren kann ich den Computer nicht mehr. Ich schalte ihn dann über den Einschaltknopf aus.

Ich dachte schon an Überhitzung. Allerdings sind die Lüftungsschlitze Staubfrei und die Kiste ist auch nicht wirklich heiss.

Da ich in diesem Zustand nichts mehr machen kann, habe ich es mit dem Abgesicherten Modus mit Netzwerkunterstützung versucht. Hier tritt das Problem nicht auf. Ich nehme also an das es sich um irgend ein Programm, Virus oder sonst was handelt.

Mein McAfee hat vor ca. 1 Woche einen Trojaner entdeckt und enfernt. (Ich weiss nicht wie ich den Bericht wieder finden kann). Beim nächsten Scan von McAfee wurde dann auch nichts mehr gefunden.
Ich werde den Bericht von Malwarebytes Anti-Malware unten noch einfügen.

Wenn ich den Computer hochfahre, laufen ca. 78 Prozesse. Ich hab schon alle mir bekannten Programme vom Autostart enfernt (Skype, MSN). Da ich aber zu wehnig von den einzelnen Prozessen verstehe, getraute ich mich nicht noch mehr zu entfernen was ich nicht kenne.

Ich hoffe ich habe folgende Schritte richtig gemacht:

1. Defogger
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:27 on 26/11/2012 (David)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
2. OTL

Zitat:
OTL logfile created on: 26.11.2012 12:31:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

8.00 Gb Total Physical Memory | 7.17 Gb Available Physical Memory | 89.69% Memory free
31.19 Gb Paging File | 30.60 Gb Available in Paging File | 98.09% Paging File free
Paging file location(s): c:\pagefile.sys 24000 24000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.46 Gb Total Space | 177.40 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive D: | 458.41 Gb Total Space | 458.30 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.26 12:28:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012.07.17 14:52:28 | 000,177,144 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.07.17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.07.17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012.11.14 16:12:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.31 14:41:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.27 01:30:33 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.08 12:53:25 | 001,695,776 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe -- (Browser Manager)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 01:47:31 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.09.10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.04.13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.10.01 11:43:56 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.09.08 11:11:02 | 000,726,016 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008.09.08 11:09:52 | 000,221,696 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 14:55:40 | 000,069,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.07.17 14:52:38 | 000,335,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.07.17 14:51:16 | 000,106,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.07.17 14:50:36 | 000,752,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.07.17 14:49:36 | 000,513,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.07.17 14:48:54 | 000,300,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.07.17 14:48:34 | 000,169,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2010.04.13 19:10:24 | 000,066,040 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009.12.04 11:33:50 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2009.12.04 11:33:50 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2009.12.04 11:33:50 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2009.12.04 11:33:50 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2009.12.04 11:33:50 | 000,029,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2009.05.04 04:32:16 | 000,035,840 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2008.12.02 13:01:42 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.07.22 04:11:18 | 000,028,192 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV:64bit: - [2008.01.30 10:48:32 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 10:48:16 | 000,016,384 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV - [2008.09.30 09:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pivotstickfigure/{157F90E1-E468-4E86-AA3D-904D1AAE8585}
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=HP_clro&mntrId=440630b7000000000000002268640478
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pivotstickfigure/{157F90E1-E468-4E86-AA3D-904D1AAE8585}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_8&babsrc=SP_clro&mntrId=440630b7000000000000002268640478
IE - HKCU\..\SearchScopes\{51A5A868-ADD7-A89B-8D44-D2809384E318}: "URL" = hxxp://www.hamsterstart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-475-0-0
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deCH346
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/pivotstickfigure/{157F90E1-E468-4E86-AA3D-904D1AAE8585}?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.25 17:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.11.15 22:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.15 23:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 14:41:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.11.17 10:58:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.10.08 12:53:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 14:41:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.02.06 17:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions
[2011.02.06 17:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.23 00:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\7vei0kfd.default\extensions
[2012.11.23 00:07:53 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\7vei0kfd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.08 12:54:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\7vei0kfd.default\extensions\plugin@yontoo.com
[2012.11.23 00:07:53 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\7vei0kfd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.10.08 12:53:49 | 000,006,522 | ---- | M] () -- C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\7vei0kfd.default\searchplugins\bProtect.xml
[2012.11.01 23:15:10 | 000,002,390 | ---- | M] () -- C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\7vei0kfd.default\searchplugins\search.xml
[2012.11.15 23:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.08 12:53:49 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120615074852.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120615074852.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [Kygqga] C:\Users\David\AppData\Roaming\Microsoft\Kygqga.exe File not found
O4 - HKCU..\Run: [xagzygeqiqar] C:\Users\David\xagzygeqiqar.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62EA83AE-DEAB-4219-90ED-1451299EE819}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b06f192f-b749-11de-b111-002268640478}\Shell\AutoRun\command - "" = USBVAU~1\cache.exe
O33 - MountPoints2\{b06f192f-b749-11de-b111-002268640478}\Shell\explore\command - "" = USBVAU~1/cache.exe
O33 - MountPoints2\{b06f192f-b749-11de-b111-002268640478}\Shell\open\command - "" = USBVAU~1/cache.exe
O33 - MountPoints2\{c6f8a8ee-eebb-11df-ad5a-002268640478}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{ca7cd5b0-ca92-11e1-9c88-002268640478}\Shell - "" = AutoRun
O33 - MountPoints2\{ca7cd5b0-ca92-11e1-9c88-002268640478}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.26 12:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.11.26 12:28:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012.11.26 11:29:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2012.11.26 11:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.26 11:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.26 11:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 19:27:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.19 21:13:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.18 17:45:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft Games
[2012.11.18 03:11:15 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.18 03:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.16 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Unity
[2012.11.16 05:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.11.14 01:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.11.01 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Stickfigure Animator
[2012.10.31 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.30 18:27:03 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.10.30 18:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.26 12:28:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012.11.26 12:27:35 | 000,000,000 | ---- | M] () -- C:\Users\David\defogger_reenable
[2012.11.26 12:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 12:18:34 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.26 12:16:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.11.26 12:16:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:16:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:08:52 | 000,050,477 | ---- | M] () -- C:\Users\David\Desktop\Defogger.exe
[2012.11.26 11:29:39 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 11:04:45 | 000,035,272 | ---- | M] () -- C:\Users\David\xagzygeqiqar.exe
[2012.11.25 20:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.24 12:03:46 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.24 12:03:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.24 12:03:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.24 12:03:46 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.24 12:03:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.22 23:40:09 | 000,100,352 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.21 20:31:11 | 000,006,130 | ---- | M] () -- C:\Users\David\Desktop\Technikdienstplan 2013.pdf
[2012.11.20 15:36:13 | 000,001,356 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2012.11.19 21:28:30 | 000,001,676 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.11.19 21:26:22 | 002,936,038 | ---- | M] () -- C:\Users\David\Documents\AutoRuns.arn
[2012.11.18 23:40:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 22:44:16 | 000,080,384 | ---- | M] () -- C:\Users\David\wilegaqqadup.exe
[2012.11.17 10:59:37 | 000,408,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 23:06:55 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.14 21:36:06 | 000,002,047 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2012.11.08 19:10:13 | 000,152,372 | ---- | M] () -- C:\Users\David\Documents\ScorpioLogo (2).xcf
[2012.11.08 19:10:13 | 000,048,607 | ---- | M] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2012.11.01 20:46:44 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2012.10.31 15:10:00 | 000,829,264 | ---- | M] () -- C:\Windows\SysNative\msvcr100.dll
[2012.10.31 15:10:00 | 000,158,536 | ---- | M] () -- C:\Windows\SysNative\atl100.dll
[2012.10.30 18:27:03 | 000,431,104 | ---- | M] () -- C:\Windows\SysNative\wrap_oal.dll
[2012.10.30 18:27:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.10.30 18:27:03 | 000,136,192 | ---- | M] () -- C:\Windows\SysNative\OpenAL32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.26 12:27:35 | 000,000,000 | ---- | C] () -- C:\Users\David\defogger_reenable
[2012.11.26 12:08:52 | 000,050,477 | ---- | C] () -- C:\Users\David\Desktop\Defogger.exe
[2012.11.26 11:29:39 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 11:29:38 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.26 11:05:12 | 000,035,272 | ---- | C] () -- C:\Users\David\xagzygeqiqar.exe
[2012.11.21 20:31:10 | 000,006,130 | ---- | C] () -- C:\Users\David\Desktop\Technikdienstplan 2013.pdf
[2012.11.19 21:28:30 | 000,001,676 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.11.19 21:26:22 | 002,936,038 | ---- | C] () -- C:\Users\David\Documents\AutoRuns.arn
[2012.11.18 22:44:16 | 000,080,384 | ---- | C] () -- C:\Users\David\wilegaqqadup.exe
[2012.11.18 03:12:32 | 000,118,120 | ---- | C] () -- C:\Windows\SysNative\nvmctray.dll
[2012.11.18 03:12:32 | 000,063,336 | ---- | C] () -- C:\Windows\SysNative\nvshext.dll
[2012.11.18 03:11:15 | 000,060,776 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2012.11.17 10:54:51 | 000,196,440 | ---- | C] () -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012.11.17 02:52:02 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2012.11.17 02:51:58 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012.11.17 02:51:55 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2012.11.17 02:51:52 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2012.11.17 02:51:48 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2012.11.17 02:51:48 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2012.11.16 02:03:52 | 000,279,656 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2012.11.14 21:36:06 | 000,002,047 | ---- | C] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2012.11.08 19:10:13 | 000,152,372 | ---- | C] () -- C:\Users\David\Documents\ScorpioLogo (2).xcf
[2012.11.08 19:10:13 | 000,048,607 | ---- | C] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2012.11.01 20:46:44 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Stickfigure Animator.lnk
[2012.11.01 20:46:44 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2012.10.31 15:10:00 | 000,829,264 | ---- | C] () -- C:\Windows\SysNative\msvcr100.dll
[2012.10.31 15:10:00 | 000,158,536 | ---- | C] () -- C:\Windows\SysNative\atl100.dll
[2012.10.30 18:27:03 | 000,431,104 | ---- | C] () -- C:\Windows\SysNative\wrap_oal.dll
[2012.10.30 18:27:03 | 000,136,192 | ---- | C] () -- C:\Windows\SysNative\OpenAL32.dll
[2012.09.20 01:39:30 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2012.09.04 11:12:20 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.06.25 12:33:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\kcap_0paos.pad
[2011.04.25 00:54:50 | 000,000,080 | ---- | C] () -- C:\Users\David\AppData\Local\X-Plane Installer.prf
[2011.04.07 18:11:48 | 000,000,017 | ---- | C] () -- C:\Windows\Missing.ini
[2011.03.24 01:37:39 | 000,000,218 | ---- | C] () -- C:\Windows\wininit.ini
[2011.02.06 17:30:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.23 01:26:01 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.12.06 18:47:42 | 000,108,872 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009.12.27 16:34:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.24 20:04:45 | 000,100,352 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.24 16:26:40 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2009.10.25 15:52:47 | 000,000,000 | -HSD | M] -- C:\Users\David\AppData\Roaming\.#
[2011.04.09 14:09:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.jfwupdate
[2011.03.12 11:02:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.Kanton ZH
[2012.10.30 19:06:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Acer GameZone Console
[2012.10.08 12:53:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Babylon
[2010.01.24 20:18:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2010.08.10 10:47:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\digital publishing
[2012.11.26 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012.10.27 01:33:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoft
[2012.10.08 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.22 23:04:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\eSobi
[2011.06.02 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HamsterSoft
[2012.08.21 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HandBrake
[2012.09.06 14:14:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Information Factory
[2012.07.02 13:43:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient
[2012.06.15 14:32:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient2
[2012.08.21 12:20:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MAGIX
[2012.10.27 01:24:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenCandy
[2010.05.20 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2012.10.21 13:07:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Origin
[2012.08.14 17:39:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Play withSIX
[2012.06.22 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SharePod
[2012.08.14 17:39:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\six-zsync
[2011.05.01 17:57:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Softplicity
[2011.02.06 17:30:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Thunderbird
[2012.07.03 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wargaming.net
[2012.08.21 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\XMedia Recode

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\David\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\David\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP6A1EE83
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMPE65571A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >


2,b. OTL Extras

Zitat:
OTL Extras logfile created on: 26.11.2012 12:31:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

8.00 Gb Total Physical Memory | 7.17 Gb Available Physical Memory | 89.69% Memory free
31.19 Gb Paging File | 30.60 Gb Available in Paging File | 98.09% Paging File free
Paging file location(s): c:\pagefile.sys 24000 24000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.46 Gb Total Space | 177.40 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive D: | 458.41 Gb Total Space | 458.30 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1335A55-EFD6-4049-9789-ED61AD30D526}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F44EF2E7-D1E7-4684-A9E7-BF9BE6DDDCB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00115151-A738-4D95-B3E7-F4D8CAFC22F4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{00EC6B00-BEA6-427D-AE6B-26A220FF9E4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{011D0D55-992E-4184-B753-23C7B9A619C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0547A7BC-6A31-4CAA-8086-B7A30DE7E20B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{05A00F7B-809E-49E5-8760-18356D1C2FE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0820234F-E53C-43B6-8EE9-47BC8F543714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{092DE384-969B-4F48-9F00-B22CDE3DA1B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{12819807-E28C-4733-8CD6-12C5B69F04F6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{12BBA802-578E-400B-A016-5A12358120EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{15FD8C47-F265-4F6F-B4F1-BC62BA395DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{19327FED-04D3-49C1-B70F-C7D92ABF654C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BFC3239-281B-4335-B060-F7F2538AF439}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{2AA34061-6C8B-4E2B-996D-A9D8F3CA977F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2F1636CA-3BE0-4B44-9794-30D0A479688A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{338B0F8F-021B-4742-9662-E80B3536EF57}" = dir=in | app=c:\brickforce\brickforce.exe |
"{3CEEA095-BAFC-4F87-B453-87AE8B59B2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E8A3D85-FF93-4C85-97AE-EC611EB83BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{4014AB32-7521-4BDA-979B-90938DD41301}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{46CE6561-D110-4EF0-BDCE-38C861CC7EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{4D10C1DE-FC94-45C6-BCD1-06303144C403}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{54BB9BF1-9FCE-451A-97B7-A034F9C259ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{56B49022-226C-4C81-96A8-4919F8163386}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{59344F6C-3BFE-4BF2-92B0-B6B86D07DF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{5EA5BAAA-67B7-4254-960E-0F40543D5D74}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{6171DAE4-9EB1-483E-96F4-210A520EB157}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{617B50B9-C0E9-403A-BA03-06C3FF6861C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{66C79DAE-542D-4783-9ECA-A0AA7B2C63E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6794B020-C684-42CE-B2F1-9935D608E718}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{68A3E948-5A65-4D98-B3A9-DA5A93BC1CF4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6A27908F-1B0F-4C5D-961B-8728BB00B601}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{6B7CB597-B617-4778-8D01-8ED5E9FBFCE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{6C6C9EA9-52DB-4D21-8594-A35FFE253ED8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{73058E88-A099-412B-BA2A-5EA4967DD300}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{7567EE11-008A-442A-A82F-1E3FB0109C4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{758CB25D-C122-4D72-A33C-C74BC0714D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{75F5B78D-2722-4ECA-A66A-7C968DB19284}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{773EECA2-1591-4754-9C51-9D559AB9C63B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7796C3C7-0CA7-46F4-BBAF-D1F96A49EB64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8387D4F1-2BD4-4EBC-A5F1-CBDF468BD5B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{877F64AF-1408-40B3-A86F-AAAC7CE6A5DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8DAF7DEC-87BC-41F0-8101-1B26D3F710C3}" = dir=in | app=c:\brickforce\bflauncher.exe |
"{922DE54F-91F9-4698-AC0B-43CAE2F0C163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{9298D53D-60BF-4D48-8097-AE7F590B5EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{9419AABC-8F58-4CB5-BC68-B1409C0C807B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{947F1269-00EE-432A-BEC6-7B94C12CC2C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{959B8337-A689-4BC5-97A0-332FA0FC1D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{962C7C92-0AD3-4816-A1EE-356F00D579D1}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{970B8CBA-CB19-4188-A243-DD0B19181E15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{972AF82D-E32B-4FC1-8CF1-D774D5CC56DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{975F35D1-3F68-4BE5-9C2E-304648E5E008}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{9D3CFE39-4758-48A8-8D9E-2296267F577E}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{9E57F1AC-8AFA-4952-AEA5-54A15D1F99E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{A8E146A6-01C9-47B8-807D-3808EBDABEF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B07EA172-1885-4B51-8792-9AB6D4FBEB10}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{B23440E1-7144-48F1-9436-20A64867297E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{B4F785A5-57BD-4070-A588-291D3078B85A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BA69EC8E-FD10-4752-BC41-0F4F01EEE6D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BE0E1CEC-4422-452B-A4B2-C84A9CE77FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{BF4B64DC-54A3-4A89-B126-C562B0C9F1C6}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CEDE03C5-1063-4119-AE91-36571B0E0074}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D163EEC0-79EB-476B-81DC-4C5D017CB0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{D215A29E-D2BC-446A-85E3-D6AFD59182E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D6FEBECA-8E43-4CD9-B2A4-5BF4A3BD3FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{D9922D74-CF2D-4560-BB69-707B2317FD29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E9776814-D13D-4014-A8BF-91575F51568F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EB762C18-464F-454E-AC5B-AF4BB2FD8CFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC5BA6FF-3468-413E-9ECB-EAC65C2982E3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{EC7981B5-0BB0-4420-9CE6-363BD8BC7012}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{F0BEB9FB-87C3-46B9-BE65-F778A070EF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F6155624-B534-4B46-821E-94DC430E14A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{FB0083D6-F296-4A24-AD79-21C6792BC007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{FB96FC1B-3E04-4376-BDD6-219BBDB72F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FD995DE0-D625-417B-8713-5DFD2CAF0D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"TCP Query User{9C150494-6AD2-41A3-BADC-2500092C5C37}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2B365CD9-65ED-4314-BEE3-5A7394BD254B}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R" = Canon MP600R
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11BFB898-71E5-488A-A8FF-0E462667FB72}" = Soldier of Fortune Payback
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AE2890-0B3E-4B1C-BC6C-AE79AD448C84}" = MAGIX Music Maker 17 (Demosongs)
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2F9CB8CE-3269-4498-91EC-F159F085524F}" = MAGIX Music Maker 17 (Einführungsvideos)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3590488B-0095-42D6-9725-A058CAFF9D4A}" = MAGIX Music Maker 17 (Soundpaket)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61873A7A-38DD-4973-90A9-69E4560A1DC6}" = Play withSIX
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91473F13-F4E2-4140-9AD7-F3657C68D1A9}" = MAGIX Video easy HD Download-Version
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0975D89-8D51-445C-BB71-95826A96780C}" = MAGIX Speed burnR (MSI)
"{B1EA3FBB-F43E-4506-BBAC-C5F59D06310C}" = MAGIX Music Maker 17 (Instrumenten-Paket 2)
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{BB565180-FA52-40DA-A65E-651537008C34}" = MAGIX Screenshare
"{C4A59083-599F-43C4-B231-CE64B1CC85C5}" = MAGIX Music Maker 17 (Instrumenten-Paket 1)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04
"{F87CDA94-0CDE-4406-AE19-7A54A4EB3048}" = MAGIX Music Maker 17 (Synthesizer und Effekte)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4095-7861-2728-4611" = Private Tax 2011 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aimersoft M4V Converter_is1" = Aimersoft M4V Converter(Build 1.3.1.0)
"BattlEye for OA" = BattlEye for OA Uninstall
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"EADM" = EA Download Manager
"Fast Audio Converter_is1" = Fast Audio Converter version 1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_mm17" = MAGIX Music Maker 17 Download-Version
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD Download-Version
"MAGIX_MSI_Videodeluxe17" = MAGIX Video deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSC" = McAfee Internet Security
"OpenAL" = OpenAL
"Origin" = Origin
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Prism" = Prism Video File Converter
"PunkBusterSvc" = PunkBuster Services
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 24240" = PAYDAY: The Heist
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 47790" = Medal of Honor(TM) Single Player
"Steam App 47830" = Medal of Honor(TM) Multiplayer
"Total Audio Converter_is1" = TotalAudioConverter
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZionWorx" = ZionWorx

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.11.2012 10:18:33 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung schtasks.exe, Version 6.0.6001.18000, Zeitstempel
0x47918d42, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18538, Zeitstempel
0x4cb733e1, Ausnahmecode 0xc0000142, Fehleroffset 0x0006f1e7, Prozess-ID 0x12f4,
Anwendungsstartzeit 01cdc729ec3131cf.

Error - 20.11.2012 10:21:12 | Computer Name = David-PC | Source = EventSystem | ID = 4609
Description =

Error - 20.11.2012 10:21:52 | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.11.2012 10:29:25 | Computer Name = David-PC | Source = System Restore | ID = 8193
Description =

Error - 20.11.2012 10:29:39 | Computer Name = David-PC | Source = System Restore | ID = 8193
Description =

Error - 20.11.2012 10:35:59 | Computer Name = David-PC | Source = System Restore | ID = 8193
Description =

Error - 20.11.2012 18:28:25 | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.11.2012 18:28:32 | Computer Name = David-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20.11.2012 18:30:25 | Computer Name = David-PC | Source = VSS | ID = 8194
Description =

Error - 20.11.2012 18:35:50 | Computer Name = David-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08.10.2010 13:09:02 | Computer Name = David-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.77 für die Netzwerkkarte mit der Netzwerkadresse
002268640478 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 08.10.2010 13:10:20 | Computer Name = David-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.250 für die Netzwerkkarte mit der Netzwerkadresse
002268640478 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 08.10.2010 15:52:52 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =

Error - 23.10.2010 17:18:06 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 23.10.2010 17:19:55 | Computer Name = David-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 23.10.2010 17:31:29 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =

Error - 23.10.2010 17:31:40 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =

Error - 23.10.2010 17:31:47 | Computer Name = David-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 23.10.2010 17:31:47 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23.10.2010 18:14:37 | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Malwarebytes Report

Zitat:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.03

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
David :: DAVID-PC [Administrator]

Schutz: Deaktiviert

26.11.2012 12:41:31
mbam-log-2012-11-26 (13-43-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478951
Laufzeit: 1 Stunde(n), 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\Users\David\AppData\Local\Temp\msl510D.tmp (Backdoor.Pushdo) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\msl79E1.tmp (Malware.Packer) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\mslCCE3.tmp (Backdoor.Pushdo) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Temp\mslD21E.tmp (Malware.Packer) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
Ich hoffe was ich gemacht habe ist richtig und ihr könnt mir irgendwie helfen. Vielen Dank!

Alt 27.11.2012, 11:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Hast du noch weitere Logs von Malwarebytes oder anderen Scannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 27.11.2012, 14:02   #3
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Hallo Cosinus

Zuerst mal Danke das Du dich meinem Problem annimmst.

Also ich habe noch einige Scans durchgeführt. Ich werde alle mit einem Fund dem Datum nach (Ältester zuerst) hier posten und keine weiteren mehr durchführen:


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.03

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
David :: DAVID-PC [Administrator]

Schutz: Deaktiviert

26.11.2012 17:39:21
mbam-log-2012-11-26 (17-39-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P
Durchsuchte Objekte: 226334
Laufzeit: 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.03

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
David :: DAVID-PC [Administrator]

Schutz: Deaktiviert

26.11.2012 17:42:57
mbam-log-2012-11-26 (17-42-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P
Durchsuchte Objekte: 226334
Laufzeit: 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.07

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
David :: DAVID-PC [Administrator]

Schutz: Deaktiviert

26.11.2012 23:34:54
mbam-log-2012-11-26 (23-34-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P
Durchsuchte Objekte: 226500
Laufzeit: 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.27.02

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
David :: DAVID-PC [Administrator]

Schutz: Deaktiviert

27.11.2012 10:47:56
mbam-log-2012-11-27 (10-47-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P
Durchsuchte Objekte: 226487
Laufzeit: 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xagzygeqiqar (Trojan.Crypt) -> Daten: C:\Users\David\xagzygeqiqar.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\David\xagzygeqiqar.exe (Trojan.Crypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Das waren alle Scans mit einem Fund. Ich hatte zwischendurch auch Scans die nichts gefunden haben.
__________________

Alt 27.11.2012, 14:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2012, 17:02   #5
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Also hier wie gewünscht:


aswMBR LOG
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 16:18:34
-----------------------------
16:18:34.660    OS Version: Windows x64 6.0.6001 Service Pack 1
16:18:34.660    Number of processors: 4 586 0x170A
16:18:34.660    ComputerName: DAVID-PC  UserName: David
16:18:36.672    Initialize success
16:20:25.420    AVAST engine defs: 12112700
16:20:56.152    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
16:20:56.167    Disk 0 Vendor: NVIDIA__ 0100 Size: 953869MB BusType: 8
16:20:56.183    Disk 0 MBR read successfully
16:20:56.183    Disk 0 MBR scan
16:20:56.199    Disk 0 unknown MBR code
16:20:56.199    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15000 MB offset 2048
16:20:56.214    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       469458 MB offset 30722048
16:20:56.245    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       469409 MB offset 992172032
16:20:56.277    Disk 0 scanning C:\Windows\system32\drivers
16:21:02.127    Service scanning
16:21:15.808    Modules scanning
16:21:15.808    Disk 0 trace - called modules:
16:21:15.823    ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys acpi.sys storport.sys hal.dll nvstor64.sys 
16:21:15.823    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b2b060]
16:21:15.823    3 CLASSPNP.SYS[fffffa60007d0b3a] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006a4c720]
16:21:15.823    5 nvrd64.sys[fffffa60009b55d0] -> nt!IofCallDriver -> [0xfffffa8006a3b7c0]
16:21:15.823    7 acpi.sys[fffffa60008fcff6] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8006a3b9e0]
16:21:27.227    AVAST engine scan C:\Windows
16:21:30.565    AVAST engine scan C:\Windows\system32
16:24:55.752    AVAST engine scan C:\Windows\system32\drivers
16:25:11.695    AVAST engine scan C:\Users\David
16:29:07.224    File: C:\Users\David\AppData\Local\Temp\msl4BA0.tmp  **INFECTED** Win32:Kryptik-KSL [Trj]
16:29:07.349    File: C:\Users\David\AppData\Local\Temp\msl510D.tmp  **INFECTED** Win32:Zbot-QAH [Trj]
16:29:07.458    File: C:\Users\David\AppData\Local\Temp\msl79E1.tmp  **INFECTED** Win32:Zbot-PZX [Trj]
16:29:07.567    File: C:\Users\David\AppData\Local\Temp\mslCCE3.tmp  **INFECTED** Win32:Kryptik-KSC [Trj]
16:29:07.677    File: C:\Users\David\AppData\Local\Temp\mslD21E.tmp  **INFECTED** Win32:Zbot-PZX [Trj]
16:29:07.786    File: C:\Users\David\AppData\Local\Temp\mslD98D.tmp  **INFECTED** Win32:Kryptik-KSY [Trj]
16:29:07.895    File: C:\Users\David\AppData\Local\Temp\mslFC09.tmp  **INFECTED** Win32:Zbot-PZG [Trj]
17:35:35.723    File: C:\Users\David\wilegaqqadup.exe  **INFECTED** Win32:Dropper-gen [Drp]
17:36:25.690    AVAST engine scan C:\ProgramData
17:48:14.070    Scan finished successfully
17:50:56.045    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
17:50:56.045    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
         

TDSS Killer Report
Code:
ATTFilter
17:56:20.0725 1828  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:56:21.0645 1828  ============================================================
17:56:21.0645 1828  Current date / time: 2012/11/27 17:56:21.0645
17:56:21.0645 1828  SystemInfo:
17:56:21.0645 1828  
17:56:21.0645 1828  OS Version: 6.0.6001 ServicePack: 1.0
17:56:21.0645 1828  Product type: Workstation
17:56:21.0645 1828  ComputerName: DAVID-PC
17:56:21.0645 1828  UserName: David
17:56:21.0645 1828  Windows directory: C:\Windows
17:56:21.0645 1828  System windows directory: C:\Windows
17:56:21.0645 1828  Running under WOW64
17:56:21.0645 1828  Processor architecture: Intel x64
17:56:21.0645 1828  Number of processors: 4
17:56:21.0645 1828  Page size: 0x1000
17:56:21.0645 1828  Boot type: Safe boot with network
17:56:21.0645 1828  ============================================================
17:56:22.0098 1828  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:56:22.0129 1828  ============================================================
17:56:22.0129 1828  \Device\Harddisk0\DR0:
17:56:22.0129 1828  MBR partitions:
17:56:22.0129 1828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x394E9000
17:56:22.0129 1828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B235800, BlocksNum 0x394D0800
17:56:22.0129 1828  ============================================================
17:56:22.0176 1828  C: <-> \Device\Harddisk0\DR0\Partition1
17:56:22.0254 1828  D: <-> \Device\Harddisk0\DR0\Partition2
17:56:22.0254 1828  ============================================================
17:56:22.0254 1828  Initialize success
17:56:22.0254 1828  ============================================================
17:57:10.0973 1440  ============================================================
17:57:10.0973 1440  Scan started
17:57:10.0973 1440  Mode: Manual; SigCheck; TDLFS; 
17:57:10.0973 1440  ============================================================
17:57:11.0924 1440  ================ Scan system memory ========================
17:57:11.0924 1440  System memory - ok
17:57:11.0924 1440  ================ Scan services =============================
17:57:12.0049 1440  [ 8C99ED256A889D647935A97C543B7B85 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:57:12.0236 1440  ACPI - ok
17:57:12.0314 1440  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:57:12.0330 1440  AdobeFlashPlayerUpdateSvc - ok
17:57:12.0361 1440  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:57:12.0377 1440  adp94xx - ok
17:57:12.0377 1440  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:57:12.0392 1440  adpahci - ok
17:57:12.0408 1440  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:57:12.0408 1440  adpu160m - ok
17:57:12.0423 1440  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:57:12.0439 1440  adpu320 - ok
17:57:12.0486 1440  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:57:12.0533 1440  AeLookupSvc - ok
17:57:12.0548 1440  [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD             C:\Windows\system32\drivers\afd.sys
17:57:12.0595 1440  AFD - ok
17:57:12.0611 1440  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:57:12.0626 1440  agp440 - ok
17:57:12.0673 1440  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:57:12.0673 1440  aic78xx - ok
17:57:12.0704 1440  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
17:57:12.0735 1440  ALG - ok
17:57:12.0735 1440  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:57:12.0751 1440  aliide - ok
17:57:12.0751 1440  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
17:57:12.0767 1440  amdide - ok
17:57:12.0767 1440  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:57:12.0829 1440  AmdK8 - ok
17:57:12.0845 1440  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
17:57:12.0876 1440  Appinfo - ok
17:57:12.0969 1440  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:57:12.0985 1440  Apple Mobile Device - ok
17:57:12.0985 1440  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
17:57:13.0001 1440  arc - ok
17:57:13.0001 1440  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:57:13.0016 1440  arcsas - ok
17:57:13.0079 1440  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:57:13.0110 1440  AsyncMac - ok
17:57:13.0125 1440  [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi           C:\Windows\system32\drivers\atapi.sys
17:57:13.0125 1440  atapi - ok
17:57:13.0157 1440  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:57:13.0188 1440  AudioEndpointBuilder - ok
17:57:13.0203 1440  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:57:13.0235 1440  AudioSrv - ok
17:57:13.0250 1440  [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE             C:\Windows\System32\bfe.dll
17:57:13.0297 1440  BFE - ok
17:57:13.0344 1440  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\System32\qmgr.dll
17:57:13.0406 1440  BITS - ok
17:57:13.0422 1440  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:57:13.0453 1440  blbdrive - ok
17:57:13.0484 1440  [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:57:13.0515 1440  bowser - ok
17:57:13.0531 1440  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:57:13.0547 1440  BrFiltLo - ok
17:57:13.0547 1440  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:57:13.0578 1440  BrFiltUp - ok
17:57:13.0593 1440  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
17:57:13.0640 1440  Browser - ok
17:57:13.0734 1440  [ 50AC27F78536BE8F3C70F0B05FDA2B12 ] Browser Manager C:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe
17:57:13.0796 1440  Browser Manager - ok
17:57:13.0796 1440  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:57:13.0952 1440  Brserid - ok
17:57:13.0968 1440  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:57:14.0030 1440  BrSerWdm - ok
17:57:14.0046 1440  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:57:14.0108 1440  BrUsbMdm - ok
17:57:14.0124 1440  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:57:14.0186 1440  BrUsbSer - ok
17:57:14.0186 1440  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:57:14.0249 1440  BTHMODEM - ok
17:57:14.0280 1440  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:57:14.0358 1440  BVRPMPR5a64 - ok
17:57:14.0373 1440  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:57:14.0405 1440  cdfs - ok
17:57:14.0420 1440  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:57:14.0467 1440  cdrom - ok
17:57:14.0483 1440  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:57:14.0514 1440  CertPropSvc - ok
17:57:14.0545 1440  [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
17:57:14.0545 1440  cfwids - ok
17:57:14.0545 1440  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:57:14.0576 1440  circlass - ok
17:57:14.0607 1440  [ CAEDA2572B7042B11062F327F099251D ] CLFS            C:\Windows\system32\CLFS.sys
17:57:14.0623 1440  CLFS - ok
17:57:14.0654 1440  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:57:14.0670 1440  clr_optimization_v2.0.50727_32 - ok
17:57:14.0732 1440  [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:57:14.0763 1440  clr_optimization_v2.0.50727_64 - ok
17:57:14.0795 1440  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:57:14.0826 1440  clr_optimization_v4.0.30319_32 - ok
17:57:14.0841 1440  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:57:14.0857 1440  clr_optimization_v4.0.30319_64 - ok
17:57:14.0857 1440  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:57:14.0857 1440  cmdide - ok
17:57:14.0888 1440  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:57:14.0888 1440  Compbatt - ok
17:57:14.0888 1440  COMSysApp - ok
17:57:14.0904 1440  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:57:14.0919 1440  crcdisk - ok
17:57:14.0951 1440  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:57:14.0997 1440  CryptSvc - ok
17:57:15.0044 1440  [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:57:15.0107 1440  DcomLaunch - ok
17:57:15.0107 1440  [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:57:15.0153 1440  DfsC - ok
17:57:15.0231 1440  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
17:57:15.0372 1440  DFSR - ok
17:57:15.0387 1440  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:57:15.0434 1440  Dhcp - ok
17:57:15.0434 1440  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
17:57:15.0450 1440  disk - ok
17:57:15.0465 1440  [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:57:15.0497 1440  Dnscache - ok
17:57:15.0528 1440  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:57:15.0575 1440  dot3svc - ok
17:57:15.0575 1440  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
17:57:15.0621 1440  DPS - ok
17:57:15.0637 1440  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:57:15.0668 1440  drmkaud - ok
17:57:15.0684 1440  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:57:15.0746 1440  DXGKrnl - ok
17:57:15.0777 1440  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
17:57:15.0824 1440  E1G60 - ok
17:57:15.0840 1440  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
17:57:15.0871 1440  EapHost - ok
17:57:15.0887 1440  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:57:15.0887 1440  Ecache - ok
17:57:15.0902 1440  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:57:15.0933 1440  ehRecvr - ok
17:57:15.0965 1440  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
17:57:15.0980 1440  ehSched - ok
17:57:15.0996 1440  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
17:57:16.0027 1440  ehstart - ok
17:57:16.0058 1440  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:57:16.0074 1440  elxstor - ok
17:57:16.0089 1440  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:57:16.0136 1440  EMDMgmt - ok
17:57:16.0152 1440  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:57:16.0199 1440  ErrDev - ok
17:57:16.0245 1440  [ 6CE3BFE7B289DF112CFA6285D16B56C5 ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:57:16.0245 1440  ETService ( UnsignedFile.Multi.Generic ) - warning
17:57:16.0245 1440  ETService - detected UnsignedFile.Multi.Generic (1)
17:57:16.0261 1440  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
17:57:16.0308 1440  EventSystem - ok
17:57:16.0323 1440  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:57:16.0370 1440  exfat - ok
17:57:16.0433 1440  Fabs - ok
17:57:16.0448 1440  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:57:16.0479 1440  fastfat - ok
17:57:16.0495 1440  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:57:16.0526 1440  fdc - ok
17:57:16.0542 1440  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
17:57:16.0573 1440  fdPHost - ok
17:57:16.0589 1440  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:57:16.0651 1440  FDResPub - ok
17:57:16.0667 1440  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:57:16.0667 1440  FileInfo - ok
17:57:16.0682 1440  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:57:16.0713 1440  Filetrace - ok
17:57:16.0776 1440  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:57:16.0869 1440  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:57:16.0869 1440  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:57:16.0885 1440  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:57:16.0916 1440  flpydisk - ok
17:57:16.0916 1440  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:57:16.0932 1440  FltMgr - ok
17:57:16.0979 1440  [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:57:16.0994 1440  FontCache3.0.0.0 - ok
17:57:17.0041 1440  [ EDFE4EE6513E9D9B33799C6838DA7B5F ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:57:17.0072 1440  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
17:57:17.0072 1440  ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
17:57:17.0088 1440  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:57:17.0119 1440  Fs_Rec - ok
17:57:17.0150 1440  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:57:17.0150 1440  gagp30kx - ok
17:57:17.0181 1440  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:57:17.0197 1440  GEARAspiWDM - ok
17:57:17.0213 1440  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
17:57:17.0259 1440  gpsvc - ok
17:57:17.0306 1440  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca6df5c8a879e0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:57:17.0322 1440  gupdate1ca6df5c8a879e0 - ok
17:57:17.0322 1440  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:57:17.0337 1440  gupdatem - ok
17:57:17.0384 1440  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:57:17.0400 1440  gusvc - ok
17:57:17.0431 1440  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:57:17.0493 1440  HdAudAddService - ok
17:57:17.0509 1440  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:57:17.0540 1440  HDAudBus - ok
17:57:17.0556 1440  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:57:17.0603 1440  HidBth - ok
17:57:17.0603 1440  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:57:17.0649 1440  HidIr - ok
17:57:17.0665 1440  [ 0AA154538544E988429DA2D5AA803A6C ] hidserv         C:\Windows\system32\hidserv.dll
17:57:17.0696 1440  hidserv - ok
17:57:17.0727 1440  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:57:17.0759 1440  HidUsb - ok
17:57:17.0805 1440  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
17:57:17.0821 1440  HipShieldK - ok
17:57:17.0837 1440  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:57:17.0868 1440  hkmsvc - ok
17:57:17.0883 1440  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:57:17.0883 1440  HpCISSs - ok
17:57:17.0930 1440  [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:57:17.0961 1440  HTTP - ok
17:57:17.0961 1440  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:57:17.0977 1440  i2omp - ok
17:57:18.0008 1440  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:57:18.0024 1440  i8042prt - ok
17:57:18.0039 1440  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:57:18.0055 1440  iaStorV - ok
17:57:18.0086 1440  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:57:18.0086 1440  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:57:18.0086 1440  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:57:18.0149 1440  [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:57:18.0180 1440  idsvc - ok
17:57:18.0180 1440  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:57:18.0195 1440  iirsp - ok
17:57:18.0227 1440  [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:57:18.0289 1440  IKEEXT - ok
17:57:18.0383 1440  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
17:57:18.0398 1440  int15 - ok
17:57:18.0429 1440  [ 6FDF709500C20362FFC5057F0D1E0C8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:57:18.0476 1440  IntcAzAudAddService - ok
17:57:18.0492 1440  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
17:57:18.0492 1440  intelide - ok
17:57:18.0523 1440  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:57:18.0554 1440  intelppm - ok
17:57:18.0570 1440  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:57:18.0617 1440  IPBusEnum - ok
17:57:18.0648 1440  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:57:18.0679 1440  IpFilterDriver - ok
17:57:18.0695 1440  [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:57:18.0726 1440  iphlpsvc - ok
17:57:18.0726 1440  IpInIp - ok
17:57:18.0726 1440  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:57:18.0757 1440  IPMIDRV - ok
17:57:18.0773 1440  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:57:18.0819 1440  IPNAT - ok
17:57:18.0866 1440  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:57:18.0897 1440  iPod Service - ok
17:57:18.0913 1440  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:57:18.0960 1440  IRENUM - ok
17:57:18.0991 1440  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:57:18.0991 1440  isapnp - ok
17:57:19.0007 1440  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:57:19.0022 1440  iScsiPrt - ok
17:57:19.0022 1440  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:57:19.0038 1440  iteatapi - ok
17:57:19.0038 1440  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:57:19.0053 1440  iteraid - ok
17:57:19.0053 1440  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:57:19.0069 1440  kbdclass - ok
17:57:19.0069 1440  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:57:19.0100 1440  kbdhid - ok
17:57:19.0116 1440  [ 80F4593E92FF960E4763380D3168E498 ] KeyIso          C:\Windows\system32\lsass.exe
17:57:19.0147 1440  KeyIso - ok
17:57:19.0178 1440  [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:57:19.0194 1440  KSecDD - ok
17:57:19.0225 1440  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:57:19.0272 1440  ksthunk - ok
17:57:19.0303 1440  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:57:19.0350 1440  KtmRm - ok
17:57:19.0381 1440  [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:57:19.0412 1440  LanmanServer - ok
17:57:19.0428 1440  [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:57:19.0443 1440  LanmanWorkstation - ok
17:57:19.0475 1440  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:57:19.0506 1440  lltdio - ok
17:57:19.0537 1440  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:57:19.0584 1440  lltdsvc - ok
17:57:19.0584 1440  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:57:19.0615 1440  lmhosts - ok
17:57:19.0646 1440  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:57:19.0646 1440  LSI_FC - ok
17:57:19.0662 1440  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:57:19.0662 1440  LSI_SAS - ok
17:57:19.0677 1440  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:57:19.0677 1440  LSI_SCSI - ok
17:57:19.0693 1440  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:57:19.0724 1440  luafv - ok
17:57:19.0755 1440  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:57:19.0755 1440  MBAMProtector - ok
17:57:19.0787 1440  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:57:19.0802 1440  MBAMScheduler - ok
17:57:19.0818 1440  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:57:19.0849 1440  MBAMService - ok
17:57:19.0896 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:19.0911 1440  McAfee SiteAdvisor Service - ok
17:57:19.0958 1440  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
17:57:19.0974 1440  McComponentHostService - ok
17:57:19.0989 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:19.0989 1440  McMPFSvc - ok
17:57:20.0005 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:20.0005 1440  mcmscsvc - ok
17:57:20.0036 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:20.0036 1440  McNaiAnn - ok
17:57:20.0052 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:20.0067 1440  McNASvc - ok
17:57:20.0083 1440  [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
17:57:20.0099 1440  McODS - ok
17:57:20.0114 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:20.0114 1440  McProxy - ok
17:57:20.0145 1440  [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:57:20.0145 1440  McShield - ok
17:57:20.0161 1440  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:57:20.0192 1440  Mcx2Svc - ok
17:57:20.0208 1440  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
17:57:20.0208 1440  megasas - ok
17:57:20.0223 1440  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:57:20.0255 1440  MegaSR - ok
17:57:20.0270 1440  [ C73B93FED17829F11273459DA05E1976 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
17:57:20.0270 1440  mfeapfk - ok
17:57:20.0286 1440  [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
17:57:20.0301 1440  mfeavfk - ok
17:57:20.0317 1440  [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:57:20.0333 1440  mfefire - ok
17:57:20.0348 1440  [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
17:57:20.0364 1440  mfefirek - ok
17:57:20.0395 1440  [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
17:57:20.0411 1440  mfehidk - ok
17:57:20.0457 1440  [ 1B08579938FD72626D92F3C2219903EA ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
17:57:20.0473 1440  mferkdet - ok
17:57:20.0489 1440  [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp          C:\Windows\system32\mfevtps.exe
17:57:20.0489 1440  mfevtp - ok
17:57:20.0520 1440  [ 6251BE428073704FF1002231520C8F16 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
17:57:20.0535 1440  mfewfpk - ok
17:57:20.0551 1440  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
17:57:20.0582 1440  MMCSS - ok
17:57:20.0629 1440  [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
17:57:20.0629 1440  MOBKbackup - ok
17:57:20.0645 1440  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter      C:\Windows\system32\DRIVERS\MOBK.sys
17:57:20.0645 1440  MOBKFilter - ok
17:57:20.0660 1440  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
17:57:20.0691 1440  Modem - ok
17:57:20.0707 1440  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:57:20.0754 1440  monitor - ok
17:57:20.0754 1440  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:57:20.0769 1440  mouclass - ok
17:57:20.0785 1440  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:57:20.0816 1440  mouhid - ok
17:57:20.0816 1440  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:57:20.0832 1440  MountMgr - ok
17:57:20.0879 1440  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:57:20.0894 1440  MozillaMaintenance - ok
17:57:20.0894 1440  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:57:20.0910 1440  mpio - ok
17:57:20.0925 1440  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:57:20.0957 1440  mpsdrv - ok
17:57:20.0972 1440  [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:57:21.0019 1440  MpsSvc - ok
17:57:21.0019 1440  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:57:21.0035 1440  Mraid35x - ok
17:57:21.0050 1440  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:57:21.0081 1440  MRxDAV - ok
17:57:21.0113 1440  [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:57:21.0144 1440  mrxsmb - ok
17:57:21.0175 1440  [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:57:21.0206 1440  mrxsmb10 - ok
17:57:21.0222 1440  [ F9425D610712533107A264E2D5B2154B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:57:21.0222 1440  mrxsmb20 - ok
17:57:21.0269 1440  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
17:57:21.0269 1440  msahci - ok
17:57:21.0284 1440  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:57:21.0284 1440  msdsm - ok
17:57:21.0300 1440  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
17:57:21.0331 1440  MSDTC - ok
17:57:21.0347 1440  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:57:21.0393 1440  Msfs - ok
17:57:21.0393 1440  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:57:21.0409 1440  msisadrv - ok
17:57:21.0425 1440  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:57:21.0456 1440  MSiSCSI - ok
17:57:21.0456 1440  msiserver - ok
17:57:21.0471 1440  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:57:21.0487 1440  MSK80Service - ok
17:57:21.0487 1440  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:57:21.0534 1440  MSKSSRV - ok
17:57:21.0549 1440  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:57:21.0596 1440  MSPCLOCK - ok
17:57:21.0612 1440  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:57:21.0659 1440  MSPQM - ok
17:57:21.0674 1440  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:57:21.0690 1440  MsRPC - ok
17:57:21.0705 1440  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:57:21.0705 1440  mssmbios - ok
17:57:21.0721 1440  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:57:21.0768 1440  MSTEE - ok
17:57:21.0783 1440  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:57:21.0799 1440  Mup - ok
17:57:21.0815 1440  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
17:57:21.0861 1440  napagent - ok
17:57:21.0877 1440  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:57:21.0893 1440  NativeWifiP - ok
17:57:21.0924 1440  [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:57:21.0955 1440  NDIS - ok
17:57:21.0971 1440  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:57:22.0002 1440  NdisTapi - ok
17:57:22.0017 1440  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:57:22.0033 1440  Ndisuio - ok
17:57:22.0049 1440  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:57:22.0095 1440  NdisWan - ok
17:57:22.0095 1440  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:57:22.0127 1440  NDProxy - ok
17:57:22.0142 1440  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:57:22.0173 1440  NetBIOS - ok
17:57:22.0189 1440  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:57:22.0236 1440  netbt - ok
17:57:22.0236 1440  [ 80F4593E92FF960E4763380D3168E498 ] Netlogon        C:\Windows\system32\lsass.exe
17:57:22.0251 1440  Netlogon - ok
17:57:22.0283 1440  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
17:57:22.0314 1440  Netman - ok
17:57:22.0329 1440  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
17:57:22.0376 1440  netprofm - ok
17:57:22.0392 1440  [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:57:22.0407 1440  NetTcpPortSharing - ok
17:57:22.0423 1440  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:57:22.0439 1440  nfrd960 - ok
17:57:22.0454 1440  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:57:22.0485 1440  NlaSvc - ok
17:57:22.0501 1440  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:57:22.0532 1440  Npfs - ok
17:57:22.0548 1440  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
17:57:22.0579 1440  nsi - ok
17:57:22.0579 1440  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:57:22.0610 1440  nsiproxy - ok
17:57:22.0641 1440  [ 0304AC408043C6CB9E88FA6C813CF841 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:57:22.0641 1440  nSvcIp ( UnsignedFile.Multi.Generic ) - warning
17:57:22.0641 1440  nSvcIp - detected UnsignedFile.Multi.Generic (1)
17:57:22.0688 1440  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:57:22.0735 1440  Ntfs - ok
17:57:22.0782 1440  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:57:22.0797 1440  NTIBackupSvc - ok
17:57:22.0813 1440  [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr         C:\Windows\system32\Drivers\NTIDrvr.sys
17:57:22.0829 1440  NTIDrvr - ok
17:57:22.0829 1440  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:57:22.0844 1440  NTISchedulerSvc - ok
17:57:22.0844 1440  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
17:57:22.0891 1440  Null - ok
17:57:22.0922 1440  [ 2B0885148F27B49365D3AD489F7D7B70 ] nvamacpi        C:\Windows\system32\DRIVERS\NVAMACPI.sys
17:57:22.0922 1440  nvamacpi - ok
17:57:22.0953 1440  [ 1ABC4C478A48B3E294727CA515A94B69 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:57:23.0016 1440  NVENETFD - ok
17:57:23.0281 1440  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:57:23.0702 1440  nvlddmkm - ok
17:57:23.0718 1440  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:57:23.0733 1440  nvraid - ok
17:57:23.0733 1440  [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
17:57:23.0749 1440  nvrd64 - ok
17:57:23.0765 1440  [ A3AC469AD99AC3FD63AFCCFC29A90FA9 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
17:57:23.0765 1440  nvsmu - ok
17:57:23.0780 1440  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:57:23.0796 1440  nvstor - ok
17:57:23.0796 1440  [ 39D974FD0937DB87B10E78AE90951FB1 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
17:57:23.0811 1440  nvstor64 - ok
17:57:23.0827 1440  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:57:23.0858 1440  nvsvc - ok
17:57:23.0921 1440  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:57:23.0967 1440  nvUpdatusService - ok
17:57:23.0983 1440  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:57:23.0999 1440  nv_agp - ok
17:57:23.0999 1440  NwlnkFlt - ok
17:57:24.0014 1440  NwlnkFwd - ok
17:57:24.0092 1440  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:57:24.0108 1440  odserv - ok
17:57:24.0139 1440  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:57:24.0170 1440  ohci1394 - ok
17:57:24.0201 1440  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:57:24.0201 1440  ose - ok
17:57:24.0248 1440  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:57:24.0311 1440  p2pimsvc - ok
17:57:24.0326 1440  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
17:57:24.0342 1440  p2psvc - ok
17:57:24.0342 1440  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
17:57:24.0435 1440  Parport - ok
17:57:24.0451 1440  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:57:24.0467 1440  partmgr - ok
17:57:24.0467 1440  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:57:24.0482 1440  PcaSvc - ok
17:57:24.0498 1440  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
17:57:24.0513 1440  pci - ok
17:57:24.0513 1440  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:57:24.0529 1440  pciide - ok
17:57:24.0545 1440  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:57:24.0545 1440  pcmcia - ok
17:57:24.0576 1440  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:57:24.0638 1440  PEAUTH - ok
17:57:24.0716 1440  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:57:24.0810 1440  PerfHost - ok
17:57:24.0841 1440  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
17:57:24.0919 1440  pla - ok
17:57:24.0950 1440  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:57:24.0997 1440  PlugPlay - ok
17:57:25.0013 1440  PnkBstrA - ok
17:57:25.0028 1440  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:57:25.0044 1440  PNRPAutoReg - ok
17:57:25.0059 1440  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:57:25.0091 1440  PNRPsvc - ok
17:57:25.0122 1440  [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:57:25.0169 1440  PolicyAgent - ok
17:57:25.0200 1440  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:57:25.0231 1440  PptpMiniport - ok
17:57:25.0278 1440  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
17:57:25.0309 1440  Processor - ok
17:57:25.0325 1440  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:57:25.0356 1440  ProfSvc - ok
17:57:25.0371 1440  [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:57:25.0387 1440  ProtectedStorage - ok
17:57:25.0403 1440  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:57:25.0418 1440  PSched - ok
17:57:25.0449 1440  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:57:25.0496 1440  ql2300 - ok
17:57:25.0496 1440  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:57:25.0512 1440  ql40xx - ok
17:57:25.0512 1440  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
17:57:25.0527 1440  QWAVE - ok
17:57:25.0543 1440  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:57:25.0543 1440  QWAVEdrv - ok
17:57:25.0574 1440  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:57:25.0605 1440  RasAcd - ok
17:57:25.0621 1440  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
17:57:25.0652 1440  RasAuto - ok
17:57:25.0652 1440  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:57:25.0683 1440  Rasl2tp - ok
17:57:25.0699 1440  [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan          C:\Windows\System32\rasmans.dll
17:57:25.0730 1440  RasMan - ok
17:57:25.0746 1440  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:57:25.0777 1440  RasPppoe - ok
17:57:25.0777 1440  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:57:25.0808 1440  RasSstp - ok
17:57:25.0824 1440  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:57:25.0871 1440  rdbss - ok
17:57:25.0871 1440  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:57:25.0902 1440  RDPCDD - ok
17:57:25.0917 1440  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:57:25.0949 1440  rdpdr - ok
17:57:25.0949 1440  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:57:25.0980 1440  RDPENCDD - ok
17:57:26.0011 1440  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:57:26.0042 1440  RDPWD - ok
17:57:26.0058 1440  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:57:26.0089 1440  RemoteAccess - ok
17:57:26.0105 1440  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:57:26.0151 1440  RemoteRegistry - ok
17:57:26.0151 1440  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
17:57:26.0183 1440  RpcLocator - ok
17:57:26.0214 1440  [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs           C:\Windows\system32\rpcss.dll
17:57:26.0245 1440  RpcSs - ok
17:57:26.0261 1440  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:57:26.0292 1440  rspndr - ok
17:57:26.0323 1440  [ BA9306C027A92A7ED685F7C6E2D2B00B ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
17:57:26.0354 1440  RTSTOR - ok
17:57:26.0370 1440  [ 80F4593E92FF960E4763380D3168E498 ] SamSs           C:\Windows\system32\lsass.exe
17:57:26.0385 1440  SamSs - ok
17:57:26.0401 1440  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:57:26.0401 1440  sbp2port - ok
17:57:26.0432 1440  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:57:26.0463 1440  SCardSvr - ok
17:57:26.0479 1440  [ CE75D26E0A1106129F4D156851E298ED ] Schedule        C:\Windows\system32\schedsvc.dll
17:57:26.0541 1440  Schedule - ok
17:57:26.0588 1440  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:57:26.0619 1440  SCPolicySvc - ok
17:57:26.0619 1440  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:57:26.0651 1440  SDRSVC - ok
17:57:26.0666 1440  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
17:57:26.0697 1440  seclogon - ok
17:57:26.0713 1440  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
17:57:26.0744 1440  SENS - ok
17:57:26.0760 1440  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:57:26.0791 1440  Serenum - ok
17:57:26.0807 1440  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:57:26.0838 1440  Serial - ok
17:57:26.0838 1440  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:57:26.0869 1440  sermouse - ok
17:57:26.0885 1440  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:57:26.0916 1440  SessionEnv - ok
17:57:26.0931 1440  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:57:26.0963 1440  sffdisk - ok
17:57:26.0978 1440  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:57:27.0009 1440  sffp_mmc - ok
17:57:27.0025 1440  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:57:27.0056 1440  sffp_sd - ok
17:57:27.0072 1440  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:57:27.0119 1440  sfloppy - ok
17:57:27.0134 1440  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:57:27.0165 1440  SharedAccess - ok
17:57:27.0228 1440  [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:57:27.0259 1440  ShellHWDetection - ok
17:57:27.0259 1440  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:57:27.0275 1440  SiSRaid2 - ok
17:57:27.0275 1440  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:57:27.0290 1440  SiSRaid4 - ok
17:57:27.0321 1440  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:57:27.0337 1440  SkypeUpdate - ok
17:57:27.0368 1440  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
17:57:27.0446 1440  slsvc - ok
17:57:27.0446 1440  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:57:27.0509 1440  SLUINotify - ok
17:57:27.0524 1440  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:57:27.0555 1440  Smb - ok
17:57:27.0571 1440  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:57:27.0602 1440  SNMPTRAP - ok
17:57:27.0618 1440  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:57:27.0618 1440  spldr - ok
17:57:27.0633 1440  [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler         C:\Windows\System32\spoolsv.exe
17:57:27.0665 1440  Spooler - ok
17:57:27.0696 1440  [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:57:27.0727 1440  srv - ok
17:57:27.0743 1440  [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:57:27.0774 1440  srv2 - ok
17:57:27.0789 1440  [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:57:27.0821 1440  srvnet - ok
17:57:27.0821 1440  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:57:27.0867 1440  SSDPSRV - ok
17:57:27.0883 1440  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:57:27.0914 1440  SstpSvc - ok
17:57:27.0945 1440  Steam Client Service - ok
17:57:27.0977 1440  [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:57:27.0992 1440  StillCam - ok
17:57:28.0039 1440  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
17:57:28.0055 1440  stisvc - ok
17:57:28.0070 1440  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:57:28.0086 1440  swenum - ok
17:57:28.0117 1440  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
17:57:28.0148 1440  swprv - ok
17:57:28.0179 1440  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:57:28.0179 1440  Symc8xx - ok
17:57:28.0195 1440  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:57:28.0195 1440  Sym_hi - ok
17:57:28.0195 1440  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:57:28.0211 1440  Sym_u3 - ok
17:57:28.0226 1440  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
17:57:28.0273 1440  SysMain - ok
17:57:28.0273 1440  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:57:28.0320 1440  TabletInputService - ok
17:57:28.0335 1440  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:57:28.0382 1440  TapiSrv - ok
17:57:28.0382 1440  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
17:57:28.0413 1440  TBS - ok
17:57:28.0460 1440  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:57:28.0491 1440  Tcpip - ok
17:57:28.0554 1440  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:57:28.0585 1440  Tcpip6 - ok
17:57:28.0616 1440  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:57:28.0647 1440  tcpipreg - ok
17:57:28.0663 1440  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:57:28.0710 1440  TDPIPE - ok
17:57:28.0725 1440  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:57:28.0757 1440  TDTCP - ok
17:57:28.0757 1440  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:57:28.0788 1440  tdx - ok
17:57:28.0819 1440  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:57:28.0835 1440  TermDD - ok
17:57:28.0835 1440  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
17:57:28.0881 1440  TermService - ok
17:57:28.0913 1440  [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes          C:\Windows\system32\shsvcs.dll
17:57:28.0928 1440  Themes - ok
17:57:28.0944 1440  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:57:28.0975 1440  THREADORDER - ok
17:57:28.0991 1440  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
17:57:29.0022 1440  TrkWks - ok
17:57:29.0053 1440  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:57:29.0084 1440  TrustedInstaller - ok
17:57:29.0100 1440  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:57:29.0147 1440  tssecsrv - ok
17:57:29.0162 1440  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:57:29.0193 1440  tunmp - ok
17:57:29.0209 1440  [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:57:29.0225 1440  tunnel - ok
17:57:29.0240 1440  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:57:29.0256 1440  uagp35 - ok
17:57:29.0287 1440  [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:57:29.0287 1440  UBHelper - ok
17:57:29.0303 1440  [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:57:29.0349 1440  udfs - ok
17:57:29.0349 1440  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:57:29.0381 1440  UI0Detect - ok
17:57:29.0396 1440  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:57:29.0412 1440  uliagpkx - ok
17:57:29.0412 1440  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:57:29.0427 1440  uliahci - ok
17:57:29.0427 1440  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:57:29.0443 1440  UlSata - ok
17:57:29.0443 1440  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:57:29.0459 1440  ulsata2 - ok
17:57:29.0474 1440  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:57:29.0505 1440  umbus - ok
17:57:29.0521 1440  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
17:57:29.0568 1440  upnphost - ok
17:57:29.0630 1440  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:57:29.0646 1440  USBAAPL64 - ok
17:57:29.0677 1440  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:57:29.0693 1440  usbccgp - ok
17:57:29.0708 1440  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:57:29.0755 1440  usbcir - ok
17:57:29.0755 1440  [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:57:29.0786 1440  usbehci - ok
17:57:29.0802 1440  [ 99045369AE3216216573D0775FD7ED56 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:57:29.0849 1440  usbhub - ok
17:57:29.0849 1440  [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:57:29.0880 1440  usbohci - ok
17:57:29.0880 1440  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:57:29.0927 1440  usbprint - ok
17:57:29.0958 1440  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:57:29.0989 1440  USBSTOR - ok
17:57:29.0989 1440  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:57:30.0005 1440  usbuhci - ok
17:57:30.0020 1440  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
17:57:30.0051 1440  UxSms - ok
17:57:30.0067 1440  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
17:57:30.0114 1440  vds - ok
17:57:30.0114 1440  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:57:30.0145 1440  vga - ok
17:57:30.0161 1440  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:57:30.0192 1440  VgaSave - ok
17:57:30.0207 1440  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
17:57:30.0207 1440  viaide - ok
17:57:30.0223 1440  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:57:30.0239 1440  volmgr - ok
17:57:30.0254 1440  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:57:30.0270 1440  volmgrx - ok
17:57:30.0285 1440  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:57:30.0301 1440  volsnap - ok
17:57:30.0301 1440  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:57:30.0317 1440  vsmraid - ok
17:57:30.0348 1440  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
17:57:30.0441 1440  VSS - ok
17:57:30.0441 1440  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
17:57:30.0488 1440  W32Time - ok
17:57:30.0488 1440  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:57:30.0535 1440  WacomPen - ok
17:57:30.0566 1440  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:57:30.0597 1440  Wanarp - ok
17:57:30.0597 1440  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:57:30.0629 1440  Wanarpv6 - ok
17:57:30.0644 1440  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:57:30.0675 1440  wcncsvc - ok
17:57:30.0675 1440  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:57:30.0707 1440  WcsPlugInService - ok
17:57:30.0722 1440  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
17:57:30.0738 1440  Wd - ok
17:57:30.0753 1440  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:57:30.0785 1440  Wdf01000 - ok
17:57:30.0800 1440  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:57:30.0831 1440  WdiServiceHost - ok
17:57:30.0831 1440  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:57:30.0878 1440  WdiSystemHost - ok
17:57:30.0878 1440  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
17:57:30.0909 1440  WebClient - ok
17:57:30.0925 1440  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:57:30.0956 1440  Wecsvc - ok
17:57:30.0972 1440  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:57:31.0003 1440  wercplsupport - ok
17:57:31.0003 1440  [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:57:31.0034 1440  WerSvc - ok
17:57:31.0034 1440  WinDefend - ok
17:57:31.0034 1440  WinHttpAutoProxySvc - ok
17:57:31.0065 1440  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:57:31.0097 1440  Winmgmt - ok
17:57:31.0159 1440  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:57:31.0237 1440  WinRM - ok
17:57:31.0284 1440  [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:57:31.0315 1440  Wlansvc - ok
17:57:31.0346 1440  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:57:31.0362 1440  WmiAcpi - ok
17:57:31.0377 1440  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:57:31.0409 1440  wmiApSrv - ok
17:57:31.0424 1440  WMPNetworkSvc - ok
17:57:31.0440 1440  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:57:31.0487 1440  WPCSvc - ok
17:57:31.0487 1440  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:57:31.0518 1440  WPDBusEnum - ok
17:57:31.0549 1440  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:57:31.0565 1440  WpdUsb - ok
17:57:31.0643 1440  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:57:31.0689 1440  WPFFontCache_v0400 - ok
17:57:31.0721 1440  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:57:31.0752 1440  ws2ifsl - ok
17:57:31.0767 1440  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
17:57:31.0783 1440  WsAudio_DeviceS(1) - ok
17:57:31.0783 1440  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
17:57:31.0799 1440  WsAudio_DeviceS(2) - ok
17:57:31.0799 1440  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
17:57:31.0799 1440  WsAudio_DeviceS(3) - ok
17:57:31.0814 1440  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
17:57:31.0814 1440  WsAudio_DeviceS(4) - ok
17:57:31.0830 1440  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
17:57:31.0830 1440  WsAudio_DeviceS(5) - ok
17:57:31.0830 1440  [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:57:31.0861 1440  wscsvc - ok
17:57:31.0861 1440  WSearch - ok
17:57:31.0923 1440  [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv        C:\Windows\system32\wuaueng.dll
17:57:32.0001 1440  wuauserv - ok
17:57:32.0048 1440  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:57:32.0095 1440  WUDFRd - ok
17:57:32.0095 1440  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:57:32.0126 1440  wudfsvc - ok
17:57:32.0189 1440  X6va008 - ok
17:57:32.0189 1440  ================ Scan global ===============================
17:57:32.0220 1440  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:57:32.0235 1440  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
17:57:32.0251 1440  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
17:57:32.0282 1440  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
17:57:32.0282 1440  [Global] - ok
17:57:32.0282 1440  ================ Scan MBR ==================================
17:57:32.0298 1440  [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
17:57:34.0575 1440  \Device\Harddisk0\DR0 - ok
17:57:34.0575 1440  ================ Scan VBR ==================================
17:57:34.0575 1440  [ 54A5C2889D9D266D36A5E6A41AE5E9C0 ] \Device\Harddisk0\DR0\Partition1
17:57:34.0591 1440  \Device\Harddisk0\DR0\Partition1 - ok
17:57:34.0607 1440  [ 9A644F0E88120D219BA2F3953BF27C29 ] \Device\Harddisk0\DR0\Partition2
17:57:34.0607 1440  \Device\Harddisk0\DR0\Partition2 - ok
17:57:34.0607 1440  ============================================================
17:57:34.0607 1440  Scan finished
17:57:34.0607 1440  ============================================================
17:57:34.0622 0404  Detected object count: 5
17:57:34.0622 0404  Actual detected object count: 5
17:58:27.0600 0404  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:27.0600 0404  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:27.0600 0404  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:27.0600 0404  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:27.0600 0404  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:27.0600 0404  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:27.0600 0404  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:27.0600 0404  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:27.0600 0404  nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:27.0600 0404  nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 27.11.2012, 18:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Jau, da ist ein schöner zbot aktiv

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> PC stockt kurz nach dem Start

Alt 27.11.2012, 19:16   #7
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Hi

Ich habe CF runtergeladen und gestartet. Zuvor habe ich alle Programme geschlossen. CF zeigt mir jetzt an das McAfee Anti-Virus und Anti Spyware noch aktiv sind. Wie kann ich die schliessen? Ich schreibe von meinem Laptop aus. Ach und ja, was ist ein zbot und wie vermeidet man die?
Danke fürs Helfen.

Alt 27.11.2012, 19:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Ein zbot ist eine bestimmte Schädlingsfamilie, die vermeidet man wie alle anderen Schädlinge auch indem man alles richtig macht und nicht nur eine Sache aber mehr dazu später

McAfee Echtzeitschutz ist deaktiviert? Wenn ja, kann CF werkeln
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2012, 19:59   #9
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Also kurz bevor CF fertig war hat sich mein Computer selbst herunter und wieder hoch gefahren (im normalen Modus). CF hat ein Fenster geöffnet mit der Meldung, dass das Logfile bereitgestellt wird und ich keine anderen Programme öffnen soll. Das Logfiel hat sich geöffnet aber keiner meiner Browser funktionierte mehr. LAN-Verbindung wird angezeigt aber komm nicht rein. Ich habe den Computer nochmals neu gestartet im normalen sowie jetzt den abgesicherten Modus. Internet geht nicht.

W-Lan scheint normal zu funktionieren ebenso funktioniert das LAN Kabel bei meinem Laptop (habe w-Lan extra ausgeschalten). Das Logfiel von CF habe ich gefunden. Ich könnte es auf einen Stick laden und dan über den Laptop hochladen?

Geändert von pluess1990 (27.11.2012 um 20:07 Uhr)

Alt 27.11.2012, 20:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Windows bitte nochmal neustarten, ausprobieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2012, 20:44   #11
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Nichts weder im normalen, noch im abgesicherten Modus.

Alt 27.11.2012, 21:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Dan brauch ich das Log, dass du irgendwie übertragen musst, sonst weiß ich nicht was CF gemacht hat
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2012, 21:26   #13
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Combofix Logfile:

Code:
ATTFilter
ComboFix 12-11-27.01 - David 27.11.2012  20:22:20.1.4 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.41.1031.18.8190.6506 [GMT 1:00]
ausgeführt von:: c:\users\David\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kcap_0paos.pad
c:\users\David\AppData\Roaming\.#
c:\users\David\wilegaqqadup.exe
c:\windows\WindowsUpdate.log
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-27 bis 2012-11-27  ))))))))))))))))))))))))))))))
.
.
2012-11-27 09:52 . 2012-11-27 09:52	--------	d-----w-	c:\users\TEMP
2012-11-26 10:29 . 2012-11-26 10:29	--------	d-----w-	c:\users\David\AppData\Roaming\Malwarebytes
2012-11-26 10:29 . 2012-11-26 10:29	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-26 10:29 . 2012-11-26 10:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-26 10:29 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 16:45 . 2012-11-18 16:45	--------	d-----w-	c:\users\David\AppData\Roaming\Microsoft Games
2012-11-18 02:13 . 2012-11-19 18:29	--------	d-----w-	c:\users\UpdatusUser
2012-11-18 02:12 . 2012-10-02 19:50	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-11-18 02:12 . 2012-10-02 19:50	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-11-18 02:11 . 2012-10-10 20:24	52584	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-11-18 02:11 . 2012-10-10 20:23	60776	----a-w-	c:\windows\system32\OpenCL.dll
2012-11-18 02:10 . 2012-11-18 02:10	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-11-17 09:54 . 2012-04-20 15:40	196440	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2012-11-17 01:55 . 2012-10-17 00:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{13AAF645-5A3B-4351-A9E0-F460B151F824}\mpengine.dll
2012-11-17 01:52 . 2011-04-12 15:14	1208832	----a-w-	c:\windows\system32\kernel32.dll
2012-11-17 01:51 . 2011-06-02 13:22	2762240	----a-w-	c:\windows\system32\win32k.sys
2012-11-17 01:51 . 2011-07-06 15:18	274432	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2012-11-17 01:51 . 2011-04-29 15:25	344576	----a-w-	c:\windows\system32\schannel.dll
2012-11-17 01:51 . 2011-04-29 14:54	276992	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-17 01:51 . 2011-04-20 15:16	450048	----a-w-	c:\windows\system32\winsrv.dll
2012-11-17 01:51 . 2011-04-20 15:11	85504	----a-w-	c:\windows\system32\csrsrv.dll
2012-11-16 13:15 . 2012-11-16 13:15	--------	d-----w-	c:\users\David\AppData\Local\Unity
2012-11-16 04:05 . 2012-11-16 04:05	--------	d-----w-	c:\programdata\WindowsSearch
2012-11-16 01:03 . 2012-05-31 11:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-11-15 22:06 . 2012-10-24 17:50	261600	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-14 00:44 . 2012-11-14 00:44	--------	d-----w-	c:\programdata\Yahoo! Companion
2012-11-01 19:46 . 2012-11-01 19:46	--------	d-----w-	c:\program files (x86)\Pivot Stickfigure Animator
2012-10-31 14:10 . 2012-10-31 14:10	829264	----a-w-	c:\windows\system32\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10	773968	----a-w-	c:\windows\SysWow64\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10	421200	----a-w-	c:\windows\SysWow64\msvcp100.dll
2012-10-31 14:10 . 2012-10-31 14:10	158536	----a-w-	c:\windows\system32\atl100.dll
2012-10-31 14:10 . 2012-10-31 14:10	138056	----a-w-	c:\windows\SysWow64\atl100.dll
2012-10-31 13:41 . 2012-11-03 21:47	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-10-30 17:27 . 2012-10-30 17:27	431104	----a-w-	c:\windows\system32\wrap_oal.dll
2012-10-30 17:27 . 2012-10-30 17:27	409600	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-10-30 17:27 . 2012-10-30 17:27	136192	----a-w-	c:\windows\system32\OpenAL32.dll
2012-10-30 17:27 . 2012-10-30 17:27	114688	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-10-30 17:27 . 2012-10-30 17:27	--------	d-----w-	c:\program files (x86)\OpenAL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 15:12 . 2012-06-14 20:45	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 15:12 . 2011-06-20 11:22	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-29 20:04 . 2006-11-02 12:35	66395536	----a-w-	c:\windows\system32\mrt.exe
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2009-09-25 01:04	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2009-09-25 01:04	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2009-09-25 01:04	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-09 14:40 . 2012-10-09 13:40	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-02 19:51 . 2009-09-25 01:04	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2009-09-25 01:04	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2009-09-25 01:04	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2009-09-25 01:04	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-09-20 00:47 . 2009-09-24 19:19	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-09-20 00:47 . 2012-09-20 00:40	281312	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-20 00:47 . 2009-09-24 19:19	281312	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-19 17:30 . 2012-09-20 00:39	2601752	----a-w-	c:\windows\SysWow64\pbsvc_moh.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26	3908192	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2009-9-24 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2009-9-24 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BROWSE~1\22587~1.187\{61D8B~1\brwmngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 15:12]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 17:35]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 17:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{157F90E1-E468-4E86-AA3D-904D1AAE8585}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{157F90E1-E468-4E86-AA3D-904D1AAE8585}
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0807&s=1&o=vp64&d=0909&m=aspire_m7711
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Free YouTube Download - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\7vei0kfd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-10-08 13:53; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
FF - ExtSQL: 2012-10-08 13:54; plugin@yontoo.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\7vei0kfd.default\extensions\plugin@yontoo.com
FF - user.js: extensions.claro.id - 440630b7000000000000002268640478
FF - user.js: extensions.claro.instlDay - 15621
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.113:53
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extentions.y2layers.installId - 5a179eae-48d6-4de4-8626-3fbd5de6cdc8
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Wow6432Node-HKCU-Run-Kygqga - c:\users\David\AppData\Roaming\Microsoft\Kygqga.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3399940004-1634756809-3909021214-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d3,ee,ed,8c,5b,69,47,21,76,2a,0d,ef,8b,66,72,e1,a5,63,58,db,d1,21,1a,
   5b,5b,70,9e,7d,51,8b,88,42,95,d7,72,91,c2,38,ea,44,fa,30,cf,f8,76,e8,3c,77,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-3399940004-1634756809-3909021214-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,cf,34,12,6f,86,d2,9c,02,a1,34,d2,34,c4,cb,b5,23,f0,ce,cf,b5,
   86,8f,62,b1,4d,36,90,2c,f4,b5,76,16,74,d2,7a,12,7d,99,a7,6b,5d,a6,6f,30,e0,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\programdata\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe
c\windows\SysWOW64\schtasks.exe
c:\programdata\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-27  20:37:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-27 19:37
.
Vor Suchlauf: Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Nach Suchlauf: Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
.Ü
- - End Of File - - C113D5E841A174071FE447803A396C08
         
Da das File von CF.

Ich weiss nicht ob dir das was nützt Beim Status der Lan-Verbindung steht:

Verbindung
IPV4-Konnektivität: Internet
IPV6-Konnektivität: Lokal
Medienstatus: Aktiviert
Dauer: 00:29:29
übertragungsrate: 100,0MBits/s

Aktivität
Gesendet: 9494
Empfangen: 29 047

Alt 27.11.2012, 21:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • SecurityCenter / ActionCenter
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.11.2012, 21:48   #15
pluess1990
 
PC stockt kurz nach dem Start - Standard

PC stockt kurz nach dem Start



Hier der Scan

Code:
ATTFilter
Farbar Service Scanner Version: 09-11-2012
Ran by David (administrator) on 27-11-2012 at 22:44:44
Running from "C:\Users\David\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Antwort

Themen zu PC stockt kurz nach dem Start
backdoor.pushdo, bho, black, bonjour, browser, browser manager, computer, converter, entfernen, error, firefox, flash player, home, ibupdaterservice, install.exe, malware.packer, nvidia update, office 2007, problem, programm, pup.installbrain, realtek, security, senden, siteadvisor, software, svchost.exe, trojan.agent, trojan.crypt, trojaner, usb 2.0, virus



Ähnliche Themen: PC stockt kurz nach dem Start


  1. Windows 7: Rechner blockiert kurz nach dem Start
    Log-Analyse und Auswertung - 23.11.2014 (9)
  2. Computer stürzt kurz nach Windows Start ab - abgesicherter Modus funktioniert
    Log-Analyse und Auswertung - 11.08.2014 (11)
  3. kurz nach google chrome start funktioniert Internetverbindung teilweise nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (6)
  4. Internet stockt, häbgt usw nach download
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (2)
  5. weißer bildschrim nach start, webseite kann nicht angezeigt werden, taskmanager zeigt sich nur kurz
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  6. Vista friert kurz nach Start bei einem Benutzer ein
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  7. CMD Fenster öffnet sich nach pc start ganz kurz. Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (18)
  8. System ruckelt kurz nach Start
    Log-Analyse und Auswertung - 18.01.2012 (5)
  9. Firefox sowie Opera reagieren nicht kurz nach dem Start
    Alles rund um Windows - 21.11.2011 (1)
  10. Trojaner!!! Antivir meldet: TR/Jorik.Gbot.qyp - kurz nach Start- Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (33)
  11. XAMPP Apache geht kurz nach Start wieder aus
    Alles rund um Windows - 21.01.2011 (1)
  12. Pc stockt im Sound bei Musik und Videos sowie auch schon beim Start von Windows.
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (5)
  13. Kurz nach PC start schon 10 Trojanermeldungen, nicht löschbar.
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (37)
  14. Beim Start kommt ganz ganz kurz ein Bluescreen und dann ist vorbei! :-(
    Log-Analyse und Auswertung - 18.01.2010 (49)
  15. Eingabefenster erscheint kurz nach winXP Start und verschwindet wieder
    Log-Analyse und Auswertung - 15.08.2009 (9)
  16. PC läuft viel langsamer und Bildschirm wird beim Start kurz schwarz!
    Mülltonne - 05.10.2008 (1)
  17. Windows hängt sich kurz nach dem start auf...
    Alles rund um Windows - 29.09.2006 (3)

Zum Thema PC stockt kurz nach dem Start - Hallo Zusammen Mein Computer fängt kurz nach dem Start zu stocken an. Er hängt sich nicht komplet auf. Für mich fühlt es sich eher an wie extreme Slow-Motion. Die Töne - PC stockt kurz nach dem Start...
Archiv
Du betrachtest: PC stockt kurz nach dem Start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.