Trojaner-Board - Firefox und Internet Explorer sehr langsam trotz guter wLan Verbindung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Firefox und Internet Explorer sehr langsam trotz guter wLan Verbindung (https://www.trojaner-board.de/108835-firefox-internet-explorer-sehr-langsam-trotz-guter-wlan-verbindung.html)

Firefox und Internet Explorer sehr langsam trotz guter wLan Verbindung

Hallo zusammen!

Ich habe folgendes Problem:

Seit einigen Tagen laden meine beiden Browser (FF 10 und IE 8) trotz guter wLan Verbindung jegliche Seiten nur sehr langsam. Meine bisherigen Versuche das Problem zu beheben blieben alle erfolglos.
Habe FF, IE, avast und comodo Firewall jeweils gelöscht und neu installiert, jedoch ohne Erfolg. Zudem habe ich die treiber für meine wLan Karte neu installiert und auch den Router resetet und für mehrere Minuten vom Stromnetz genommen. Außerdem hab ich einen Funkkanalwechsel durchgeführt. Auch dies ohne Erfolg.
Meine Vermutung ist nun, dass ich mir trotz Firewall und Antivirusprogramm irgendeinen Plagegeist eingefangen hab, obwohl ein Quickscann mit avast keine befallenen Dateien angezeigt hat
Ich hoffe ihr könnt mir weiterhelfen.

Hier die OTL Txt-File.

Code:

 OTL logfile created on: 31.01.2012 20:51:48 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\philip\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,41% Memory free

6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218,20 Gb Total Space | 43,43 Gb Free Space | 19,90% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 5,15 Gb Free Space | 35,17% Space Free | Partition Type: NTFS

 

Computer Name: PHILIP-PC | User Name: philip | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.31 20:27:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2010.06.09 10:57:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009.04.17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2012.01.31 18:55:45 | 001,079,048 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\STacSV64.exe -- (STacSV)

SRV:64bit: - [2009.06.25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008.10.13 14:17:42 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.06.09 10:57:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009.04.17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2010.01.21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009.10.25 13:01:43 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009.08.28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009.06.25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2009.06.25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009.06.04 07:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.04.11 07:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.03.12 17:47:46 | 000,172,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009.01.06 00:02:00 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)

DRV:64bit: - [2008.11.26 13:02:18 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)

DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2008.10.13 14:17:36 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)

DRV:64bit: - [2008.10.13 14:17:32 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.01.21 03:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)

DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2011.12.14 02:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.31 18:53:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.31 19:16:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.30 13:43:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.30 14:08:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.01.31 18:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philip\AppData\Roaming\mozilla\Extensions

[2012.01.31 19:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E0ABB9-DF4D-4590-A669-3769D3FFD838}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\philip\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg

O24 - Desktop BackupWallPaper: C:\Users\philip\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.30 23:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{40af8cee-c14b-11de-8d27-0026b90484e1}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe

O33 - MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\Shell - "" = AutoRun

O33 - MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig:64bit - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.31 20:27:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

[2012.01.31 20:08:55 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Roaming\Malwarebytes

[2012.01.31 20:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.31 20:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.31 20:08:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.31 20:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.01.31 18:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2012.01.31 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2012.01.31 18:55:51 | 000,241,688 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2012.01.31 18:55:51 | 000,179,792 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2012.01.31 18:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.01.31 18:50:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.01.31 18:50:03 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.01.31 18:50:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2012.01.31 18:49:59 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.01.31 18:49:59 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.01.31 18:49:58 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.01.31 18:49:14 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.01.31 18:49:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.01.30 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2012.01.30 16:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2012.01.30 16:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless

[2012.01.30 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Roaming\InstallShield

[2012.01.30 14:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.01.30 13:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012.01.29 18:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2012.01.29 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Local\PackageAware

[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\philip\AppData\Local\CDRip.dll

[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\philip\AppData\Local\No23 Recorder.exe

[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\philip\AppData\Local\basscd.dll

[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\philip\AppData\Local\bass.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.31 20:50:42 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.31 20:50:42 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.31 20:50:42 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.31 20:50:42 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.31 20:50:42 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.31 20:43:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.31 20:43:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.31 20:43:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.31 20:43:06 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.31 20:41:45 | 000,000,020 | ---- | M] () -- C:\Users\philip\defogger_reenable

[2012.01.31 20:40:05 | 000,050,477 | ---- | M] () -- C:\Users\philip\Desktop\Defogger.exe

[2012.01.31 20:27:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

[2012.01.31 20:08:38 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 19:16:42 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.31 18:55:47 | 000,241,688 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll

[2012.01.31 18:55:47 | 000,179,792 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll

[2012.01.31 18:53:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.01.31 18:45:50 | 000,000,104 | ---- | M] () -- C:\Users\philip\Desktop\Thunderbird.lnk

[2012.01.31 18:39:26 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.01.30 16:31:39 | 000,772,384 | ---- | M] () -- C:\Windows\SysNative\oem5.inf

[2012.01.30 16:07:29 | 000,319,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.01.29 18:19:32 | 000,136,306 | ---- | M] () -- C:\Users\philip\Documents\cc_20120129_181907.reg

[2012.01.29 16:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012.01.10 21:56:08 | 000,015,887 | ---- | M] () -- C:\Users\philip\Documents\leon.odt

[2012.01.10 18:36:31 | 000,141,681 | ---- | M] () -- C:\Users\philip\Documents\Kepler –Gymnasium Ulm                                                             Leon Vogel.odp

 
 ========== Files Created - No Company Name ==========

 

[2012.01.31 20:41:37 | 000,000,020 | ---- | C] () -- C:\Users\philip\defogger_reenable

[2012.01.31 20:40:05 | 000,050,477 | ---- | C] () -- C:\Users\philip\Desktop\Defogger.exe

[2012.01.31 20:08:38 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 19:16:42 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.31 19:16:42 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.31 18:45:50 | 000,000,104 | ---- | C] () -- C:\Users\philip\Desktop\Thunderbird.lnk

[2012.01.30 16:31:54 | 000,772,384 | ---- | C] () -- C:\Windows\SysNative\oem5.inf

[2012.01.30 14:08:35 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012.01.30 13:43:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.01.29 18:19:16 | 000,136,306 | ---- | C] () -- C:\Users\philip\Documents\cc_20120129_181907.reg

[2012.01.10 18:36:29 | 000,141,681 | ---- | C] () -- C:\Users\philip\Documents\Kepler –Gymnasium Ulm                                                             Leon Vogel.odp

[2012.01.10 18:02:13 | 000,015,887 | ---- | C] () -- C:\Users\philip\Documents\leon.odt

[2011.01.25 15:57:03 | 000,001,539 | ---- | C] () -- C:\Users\philip\AppData\Local\RecConfig.xml

[2010.12.12 18:19:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010.12.12 18:19:16 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010.12.12 18:18:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010.11.26 20:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.11.12 11:16:19 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2010.06.09 10:57:09 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.06.09 10:57:08 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.06.09 10:57:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2009.12.26 01:52:27 | 000,007,160 | ---- | C] () -- C:\Users\philip\AppData\Local\d3d9caps.dat

[2009.10.25 13:47:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2009.10.17 19:11:44 | 000,000,449 | ---- | C] () -- C:\Windows\QIII.INI

[2009.10.17 17:30:06 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2009.10.17 17:30:06 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2009.10.17 17:30:06 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2009.10.05 09:56:29 | 000,143,360 | ---- | C] () -- C:\Users\philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.15 16:45:28 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat

[2009.09.15 15:02:08 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2009.09.15 14:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.04.30 11:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\philip\AppData\Local\lame_enc.dll

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbisenc.dll

[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbisfile.dll

[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbis.dll

[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\philip\AppData\Local\ogg.dll

[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\philip\AppData\Local\no23xwrapper.dll

 
 ========== LOP Check ==========

 

[2011.11.02 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Canon

[2011.11.02 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\CD-LabelPrint

[2009.12.26 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools

[2009.12.26 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Lite

[2009.10.25 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Pro

[2011.01.13 22:29:13 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\OpenOffice.org

[2010.12.30 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\PCDr

[2011.10.18 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\ScummVM

[2011.09.23 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Thunderbird

[2012.01.29 16:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.01.31 20:42:17 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.31 18:39:26 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2009.10.03 11:31:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2009.09.15 14:54:31 | 000,000,000 | ---D | M] -- C:\1033

[2010.12.12 19:01:34 | 000,000,000 | -HSD | M] -- C:\boot

[2009.10.13 18:34:27 | 000,000,000 | ---D | M] -- C:\DELL

[2010.12.23 16:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings

[2009.10.03 11:21:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.06.20 14:30:58 | 000,000,000 | ---D | M] -- C:\Drivers

[2009.07.30 04:39:45 | 000,000,000 | ---D | M] -- C:\EFI

[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.01.30 16:35:05 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.01.31 20:08:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.01.31 20:08:37 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.10.03 11:21:56 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.01.30 13:45:17 | 000,000,000 | ---D | M] -- C:\Spiele

[2009.10.03 11:29:29 | 000,000,000 | -HSD | M] -- C:\System Recovery

[2012.01.31 20:53:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.01.31 18:39:46 | 000,000,000 | R--D | M] -- C:\Users

[2012.01.31 19:02:58 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

[2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\philip\AppData\Local\No23 Recorder.exe

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: AFD.SYS  >

[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys

[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys

[2009.04.11 06:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys

[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys

[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys

[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys

[2008.01.21 03:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

 
 < MD5 for: EXPLORER.EXE  >

[2009.04.30 11:48:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2009.04.30 11:48:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2009.04.30 11:48:37 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2009.04.30 11:48:36 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe

[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2009.04.30 11:48:36 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2009.04.30 11:48:36 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2009.04.30 11:48:35 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2009.04.30 11:48:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe

[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe

[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe

[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >
 

< End of report >

Und hier die extra.txt

Code:

 OTL Extras logfile created on: 31.01.2012 20:29:14 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\philip\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,91% Memory free

6,19 Gb Paging File | 4,59 Gb Available in Paging File | 74,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218,20 Gb Total Space | 43,42 Gb Free Space | 19,90% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 5,15 Gb Free Space | 35,17% Space Free | Partition Type: NTFS

 

Computer Name: PHILIP-PC | User Name: philip | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = B1 9C 62 88 26 9A CB 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F9FA0D8-450E-4617-9198-76FA59F564BF}" = rport=137 | protocol=17 | dir=out | app=system | 

"{114CD34F-9C33-4384-9C63-BE528CA7A871}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{275224E9-4F4F-4AAD-A2BF-0C9E93852454}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{283B32ED-B46A-4D88-B773-7040BA7A7C12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{2FE0681F-098A-4D80-8E2D-AC1BB2897EBA}" = rport=445 | protocol=6 | dir=out | app=system | 

"{36DE61D0-82CE-4F4F-A8B6-AC697BBAB852}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{3E32F9CE-EFFE-438C-B448-AB6B609CE003}" = lport=137 | protocol=17 | dir=in | app=system | 

"{481F0A55-0C8F-488C-826D-6C553B6DE5D6}" = lport=139 | protocol=6 | dir=in | app=system | 

"{48D4EB6D-F4EF-4757-8FE6-0AB994BC7EDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{4A0AE37C-C6F8-4664-9E0E-BBFA104B2D84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{547E3BC8-BEBD-46BB-93DD-22A7E6B944D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5ADECCDA-A35E-4633-A751-73EBF1CB1913}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{69FB35DC-4936-424B-BA4F-C50A79528D86}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{7A7B1E0F-FC58-4AA7-9BB7-B428F8C71CFE}" = rport=138 | protocol=17 | dir=out | app=system | 

"{7E4A7122-BED9-4A75-946D-1DBC910EE1F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{A19F0D55-BFFA-4104-896E-99203ADD8421}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B6263720-F937-4769-8BA2-2D95B8EC4DF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CA04F797-3DBD-4452-AE3B-CD53F54D26BB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CB2CF11F-4D80-417C-AE8A-F868D1E56181}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E98D99F6-95F4-4620-BE11-3C5EB508F07E}" = rport=139 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00C41370-4D14-4C68-988D-483FBAE7EF2D}" = protocol=17 | dir=in | app=c:\program files (x86)\dsl connection manager\dslconmanconfig.exe | 

"{286CCEB5-106A-4FD2-8EC4-13C9420271E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{291F5131-7310-4F14-937F-4FA2360E34FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{2C250821-A36F-4662-93C5-D9B3276BEE0F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 

"{30C38AF0-137E-4B54-B454-0791D1713937}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 

"{3499E0AC-ECF6-4C7B-910B-2B8B0A6777A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3A7C976C-7000-4044-925A-FAFCB016D0C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{3C568C46-2CF6-4CEF-AF94-B0FE135C3963}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 

"{467B9DA0-CEEC-4A75-B7DD-2DBCD4C81121}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6615B266-FDB3-4E12-AE73-3EB5FFD0C915}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{6C7512FB-91A8-4B4D-81B4-370A5AD0E80F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{71CDB5DD-575E-4353-B412-9B6C194950F0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{7E69B1EA-3095-43AC-9014-E92197BA4DCC}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 

"{8FF7C33E-9862-47A6-9533-E3DC28F0664B}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 

"{916EDC44-DF4B-4737-8C6E-4E26683486C7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{94649379-BDEC-4A43-ABDD-AB78C383E1D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{95D778CE-79B0-4BBA-99D8-C8E9F361E359}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 

"{985A1CD0-05C3-4F17-A2CE-48FC17CE9CD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{9C5E6510-9BBD-494C-893C-D8AE7ED135E1}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{9CFE00E5-76C7-4B7F-8496-E600F70B8443}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{AB7ECC11-54CD-4126-B188-053985F0F373}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{B6357A76-C432-489F-9483-0A79A2421FE7}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 

"{C4C34ABB-E9BF-4E46-92AC-482BBE446AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\dsl connection manager\dslconmanconfig.exe | 

"{C5C44845-7D18-4498-935F-3C2909AD745D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 

"{D10321E8-1917-45CD-8B0B-CB1E67956814}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D1231E75-6C17-4712-8F30-490C31E89CAA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{D90D5B9A-0EE1-43E7-AD8F-7E398DD21E26}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{E2ED4195-BCCF-4EF4-B5CC-05D96A69038D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{E9047E3D-5F6B-4FFB-9342-EC29FCD94B3A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 

"{FAD8B69C-CBDA-47BD-9C9B-638C86170344}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 

"TCP Query User{C88149F2-AA2C-4E8C-901A-A8838898B195}C:\spiele\mohpa\mohpa.exe" = protocol=6 | dir=in | app=c:\spiele\mohpa\mohpa.exe | 

"TCP Query User{CB796782-15D4-496F-BB64-7BC673733625}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"TCP Query User{D9F1C29D-4396-40A2-87D8-583050EB0E6F}C:\spiele\left4dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\spiele\left4dead 2\left4dead2.exe | 

"UDP Query User{CA3505F9-6C88-4EF6-8516-A8BC200B460D}C:\spiele\mohpa\mohpa.exe" = protocol=17 | dir=in | app=c:\spiele\mohpa\mohpa.exe | 

"UDP Query User{D2C8DCB4-56C6-4D70-8B4A-D9966A884D3F}C:\spiele\left4dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\spiele\left4dead 2\left4dead2.exe | 

"UDP Query User{DFC2CF8C-2D72-46C5-B49D-B3ACFF2B961B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes

"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64

"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte

"CCleaner" = CCleaner

"COMODO Internet Security" = COMODO Internet Security

"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)  

"Dell Support Center" = Dell Support Center

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"SynTPDeinstKey" = Dell Touchpad

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean

"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean

"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian

"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish

"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light

"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional

"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian

"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New

"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20

"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00

"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All

"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common

"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese

"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins

"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch

"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese

"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation

"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New

"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar

"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish

"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing

"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch

"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish

"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation

"{66545400-DEF6-11D3-A09A-00E02919016C}" = Close Combat Invasion Normandy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie

"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish

"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian

"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista

"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module

"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional

"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese

"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese

"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English

"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish

"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing

"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static

"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese

"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger

"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync

"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese

"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch

"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional

"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian

"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common

"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish

"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish

"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy

"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian

"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian

"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light

"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch

"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish

"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard

"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard

"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins

"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"avast" = avast! Free Antivirus

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Dell Video Chat" = Dell Video Chat

"Dell Webcam Central" = Dell Webcam Central

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch

"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch

"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)

"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"PokerStars" = PokerStars

"PunkBusterSvc" = PunkBuster Services

"Quake III Arena" = Quake III Arena

"VLC media player" = VLC media player 1.0.2

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 27.01.2012 07:45:44 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:45:45 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:45:45 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:46:33 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:46:35 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:46:36 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:46:37 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 07:47:14 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 27.01.2012 10:09:51 | Computer Name = philip-PC | Source = EventSystem | ID = 4621

Description = 

 

Error - 27.01.2012 10:11:53 | Computer Name = philip-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

[ Broadcom Wireless LAN Events ]

Error - 27.01.2012 15:52:25 | Computer Name = philip-PC | Source = WLAN-Tray | ID = 0

Description = 20:48:30, Fri, Jan 27, 12 Error - Unable to gain access to user store
 

 

Error - 31.01.2012 14:42:52 | Computer Name = philip-PC | Source = WLAN-Tray | ID = 0

Description = 19:42:52, Tue, Jan 31, 12 Error - Unable to decrypt string 

 

[ System Events ]

Error - 31.01.2012 13:40:28 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 13:40:31 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 13:44:51 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 13:45:00 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 14:02:34 | Computer Name = philip-PC | Source = VDS Dynamic Provider | ID = 16908298

Description = 

 

Error - 31.01.2012 14:03:15 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 14:03:25 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 14:41:11 | Computer Name = philip-PC | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse

 0C60763E670B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 31.01.2012 14:42:30 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 31.01.2012 14:42:35 | Computer Name = philip-PC | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

Defogger hab ich auch laufen lassen.
Mir ist gerade noch aufgefallen, dass Windows ständig eine Netzwerkidentifikation ausführt, dann kurz meine Netzwerk annimmt, nur um dann wieder von vorne zu beginnen.

Vielen Dank im Vorraus.

Zitat:

und comodo Firewall jeweils gelöscht und neu installiert,

Comodo PFW kannst du komplett deinstallieren, so ein Teil ist grober Unfug => Personal Firewalls: Sinnvoll oder sinnfrei ?

Eine zusätzliche bzw. andere Software-Firewall und v.a. sowas wie SecuritySuites sind Quatsch mit Sauce, in vielen Fällen kontraproduktiv und Ursache für die "lustigsten" Fehler.
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat.

Anschließend routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Arne.

Danke, dass du mir hilfst.
Also, ich hab Malware und ESET laufen lassen. Hier die log Dateien.

Malware log

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.01.03
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

philip :: PHILIP-PC [Administrator]
 

01.02.2012 13:11:57

mbam-log-2012-02-01 (13-11-57).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 352559

Laufzeit: 1 Stunde(n), 3 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Und hier das ESET log:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=415e37c2ad5ddc4a9a6de821a3fa8112

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-01 02:47:19

# local_time=2012-02-01 03:47:19 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776573 100 56 73294 165626415 0 0

# compatibility_mode=8192 67108863 100 0 3775 3775 0 0

# scanned=183378

# found=8

# cleaned=0

# scan_time=5130

C:\ProgramData\TorrentEasy\extensions.exe        Win32/Adware.GoodMedia.C application (unable to clean)        00000000000000000000000000000000        I

C:\Users\All Users\TorrentEasy\extensions.exe        Win32/Adware.GoodMedia.C application (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6769c280-5fd6b791        Java/TrojanDownloader.OpenStream.NBX trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7e88f14d-2643be90        a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\406a74df-22a6f877        a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\48d13e22-32c7dd05        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1d9ecaaf-74e0f084        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\11213f33-43b172ad        Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

Grüße, Philip

Hast du Comodo deinstalliert?

Guten Morgen.

Ja, Comodo ist deinstalliert.
Was nun?

Grüße

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne.

So, nach zwei Anläufen hats mit dem Scan geklappt.

OTL Logfile:

Code:

OTL logfile created on: 03.02.2012 11:45:27 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\philip\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,76% Memory free

6,21 Gb Paging File | 4,94 Gb Available in Paging File | 79,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218,20 Gb Total Space | 44,40 Gb Free Space | 20,35% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 5,15 Gb Free Space | 35,17% Space Free | Partition Type: NTFS

 

Computer Name: PHILIP-PC | User Name: philip | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.31 20:27:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2010.06.09 10:57:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009.04.17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\STacSV64.exe -- (STacSV)

SRV:64bit: - [2009.06.25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008.10.13 14:17:42 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.06.09 10:57:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009.04.17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2010.01.21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009.10.25 13:01:43 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009.08.28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009.06.25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2009.06.25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009.06.04 07:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.04.11 07:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.03.12 17:47:46 | 000,172,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009.01.06 00:02:00 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)

DRV:64bit: - [2008.11.26 13:02:18 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)

DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2008.10.13 14:17:36 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)

DRV:64bit: - [2008.10.13 14:17:32 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.01.21 03:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)

DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2011.12.14 02:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.31 18:53:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.31 19:16:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.30 13:43:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.30 14:08:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.01.31 18:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philip\AppData\Roaming\mozilla\Extensions

[2012.02.02 14:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philip\AppData\Roaming\mozilla\Firefox\Profiles\kmrvtpdt.default\extensions

[2012.01.31 19:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\PHILIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMRVTPDT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.11.18 18:24:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E0ABB9-DF4D-4590-A669-3769D3FFD838}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\philip\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg

O24 - Desktop BackupWallPaper: C:\Users\philip\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.30 23:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{40af8cee-c14b-11de-8d27-0026b90484e1}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe

O33 - MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\Shell - "" = AutoRun

O33 - MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig:64bit - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: mcmscsvc - Service

SafeBootMin:64bit: MCODS - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: mcmscsvc - Service

SafeBootNet:64bit: MCODS - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MpfService - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.01 14:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.02.01 14:18:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\philip\Desktop\esetsmartinstaller_enu.exe

[2012.01.31 20:27:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

[2012.01.31 20:08:55 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Roaming\Malwarebytes

[2012.01.31 20:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.31 20:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.31 20:08:36 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.31 20:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.01.31 18:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.01.31 18:50:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.01.31 18:50:03 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.01.31 18:50:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2012.01.31 18:49:59 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.01.31 18:49:59 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.01.31 18:49:58 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.01.31 18:49:14 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.01.31 18:49:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.01.30 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2012.01.30 16:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2012.01.30 16:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless

[2012.01.30 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Roaming\InstallShield

[2012.01.30 14:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.01.30 13:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012.01.29 18:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2012.01.29 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\philip\AppData\Local\PackageAware

[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\philip\AppData\Local\CDRip.dll

[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\philip\AppData\Local\No23 Recorder.exe

[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\philip\AppData\Local\basscd.dll

[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\philip\AppData\Local\bass.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.03 11:27:37 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.03 11:27:37 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.03 11:27:37 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.03 11:27:37 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.03 11:27:37 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.03 11:21:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.03 11:21:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.03 11:21:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.03 11:21:28 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.03 10:43:55 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.02.01 14:18:05 | 002,322,184 | ---- | M] (ESET) -- C:\Users\philip\Desktop\esetsmartinstaller_enu.exe

[2012.01.31 20:41:45 | 000,000,020 | ---- | M] () -- C:\Users\philip\defogger_reenable

[2012.01.31 20:40:05 | 000,050,477 | ---- | M] () -- C:\Users\philip\Desktop\Defogger.exe

[2012.01.31 20:27:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\philip\Desktop\OTL.exe

[2012.01.31 20:08:38 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 19:16:42 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.31 18:53:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.01.31 18:45:50 | 000,000,104 | ---- | M] () -- C:\Users\philip\Desktop\Thunderbird.lnk

[2012.01.30 16:31:39 | 000,772,384 | ---- | M] () -- C:\Windows\SysNative\oem5.inf

[2012.01.30 16:07:29 | 000,319,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.01.29 18:19:32 | 000,136,306 | ---- | M] () -- C:\Users\philip\Documents\cc_20120129_181907.reg

[2012.01.29 16:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012.01.10 21:56:08 | 000,015,887 | ---- | M] () -- C:\Users\philip\Documents\leon.odt

[2012.01.10 18:36:31 | 000,141,681 | ---- | M] () -- C:\Users\philip\Documents\Kepler –Gymnasium Ulm                                                             Leon Vogel.odp

 
 ========== Files Created - No Company Name ==========

 

[2012.01.31 20:41:37 | 000,000,020 | ---- | C] () -- C:\Users\philip\defogger_reenable

[2012.01.31 20:40:05 | 000,050,477 | ---- | C] () -- C:\Users\philip\Desktop\Defogger.exe

[2012.01.31 20:08:38 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.31 19:16:42 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.01.31 19:16:42 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.01.31 18:45:50 | 000,000,104 | ---- | C] () -- C:\Users\philip\Desktop\Thunderbird.lnk

[2012.01.30 16:31:54 | 000,772,384 | ---- | C] () -- C:\Windows\SysNative\oem5.inf

[2012.01.30 14:08:35 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012.01.30 13:43:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.01.29 18:19:16 | 000,136,306 | ---- | C] () -- C:\Users\philip\Documents\cc_20120129_181907.reg

[2012.01.10 18:36:29 | 000,141,681 | ---- | C] () -- C:\Users\philip\Documents\Kepler –Gymnasium Ulm                                                             Leon Vogel.odp

[2012.01.10 18:02:13 | 000,015,887 | ---- | C] () -- C:\Users\philip\Documents\leon.odt

[2011.01.25 15:57:03 | 000,001,539 | ---- | C] () -- C:\Users\philip\AppData\Local\RecConfig.xml

[2010.12.12 18:19:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010.12.12 18:19:16 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010.12.12 18:18:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010.11.26 20:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.11.12 11:16:19 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2010.06.09 10:57:09 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.06.09 10:57:08 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.06.09 10:57:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2009.12.26 01:52:27 | 000,007,160 | ---- | C] () -- C:\Users\philip\AppData\Local\d3d9caps.dat

[2009.10.25 13:47:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2009.10.17 19:11:44 | 000,000,449 | ---- | C] () -- C:\Windows\QIII.INI

[2009.10.17 17:30:06 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2009.10.17 17:30:06 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2009.10.17 17:30:06 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2009.10.05 09:56:29 | 000,143,360 | ---- | C] () -- C:\Users\philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.15 16:45:28 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat

[2009.09.15 15:02:08 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2009.09.15 14:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.04.30 11:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\philip\AppData\Local\lame_enc.dll

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbisenc.dll

[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbisfile.dll

[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\philip\AppData\Local\vorbis.dll

[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\philip\AppData\Local\ogg.dll

[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\philip\AppData\Local\no23xwrapper.dll

 
 ========== LOP Check ==========

 

[2011.11.02 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Canon

[2011.11.02 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\CD-LabelPrint

[2009.12.26 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools

[2009.12.26 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Lite

[2009.10.25 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Pro

[2011.01.13 22:29:13 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\OpenOffice.org

[2010.12.30 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\PCDr

[2011.10.18 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\ScummVM

[2011.09.23 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Thunderbird

[2012.01.29 16:54:26 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.02.03 11:19:19 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.02.03 10:43:55 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.08.14 13:15:26 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Adobe

[2010.06.15 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Apple Computer

[2009.10.03 11:32:14 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\ATI

[2011.11.02 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Canon

[2011.11.02 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\CD-LabelPrint

[2009.12.23 05:01:52 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\CyberLink

[2009.12.26 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools

[2009.12.26 15:53:10 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Lite

[2009.10.25 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\DAEMON Tools Pro

[2011.05.25 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Dell

[2010.07.27 11:55:54 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\dvdcss

[2009.10.03 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Identities

[2012.01.30 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\InstallShield

[2009.10.13 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Macromedia

[2012.01.31 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Malwarebytes

[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Media Center Programs

[2011.08.14 13:15:26 | 000,000,000 | --SD | M] -- C:\Users\philip\AppData\Roaming\Microsoft

[2012.01.31 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Mozilla

[2011.01.13 22:29:13 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\OpenOffice.org

[2010.12.30 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\PCDr

[2011.10.18 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\ScummVM

[2012.01.30 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Skype

[2011.01.21 20:16:53 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\skypePM

[2011.09.23 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\Thunderbird

[2011.12.13 14:44:55 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\vlc

[2009.10.25 14:37:22 | 000,000,000 | ---D | M] -- C:\Users\philip\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.01.25 15:26:09 | 000,003,262 | R--- | M] () -- C:\Users\philip\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe

[2011.01.25 15:26:09 | 000,010,134 | R--- | M] () -- C:\Users\philip\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe

[2011.01.13 12:54:04 | 000,010,134 | R--- | M] () -- C:\Users\philip\AppData\Roaming\Microsoft\Installer\{86C527CC-4AF2-903C-7BFF-5975272CC645}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Was ist eigentlich mit den Trojanern die ESET gefunden hat?
Grade hat mir Windows gemeldet das die Telefonie und der Kryptographiedienst nicht mehr funktionieren. Hab dann auf Problem online lösen gedrückt und danach liefs Internet wieder ganz normal. allerdings war nach einem Neustart die ganze Pracht wieder dahin. Vielleicht hilft die Info ja weiter.
Muss ich evtl. eine Neuinstallation von Windows in Betracht ziehen?

Grüße, Philip

Immer mit der Ruhe, die entfernen wir schon :)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.30 23:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{40af8cee-c14b-11de-8d27-0026b90484e1}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe

O33 - MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\Shell - "" = AutoRun

:Files

C:\ProgramData\TorrentEasy\extensions.exe

C:\Users\All Users\TorrentEasy\extensions.exe

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So, hab die nächste log Datei.

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

D:\AUTORUN.INF moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40af8cee-c14b-11de-8d27-0026b90484e1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40af8cee-c14b-11de-8d27-0026b90484e1}\ not found.

File F:\Seagate\Installer\InstallSeagateManager.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d20a3c81-c848-11de-9c06-0026b90484e1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d20a3c81-c848-11de-9c06-0026b90484e1}\ not found.

========== FILES ==========

C:\ProgramData\TorrentEasy\extensions.exe moved successfully.

File\Folder C:\Users\All Users\TorrentEasy\extensions.exe not found.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-7e0de9e0-n folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: philip

->Temp folder emptied: 55513837 bytes

->Temporary Internet Files folder emptied: 736917 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 44476176 bytes

->Flash cache emptied: 1457 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 39250 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 96,00 mb

 

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_135803
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Grüße

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Also gut, hab den tdsskiller laufen lassen.
Hier nun das log

Code:

 15:04:44.0671 0356        TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49

15:04:44.0936 0356        ============================================================

15:04:44.0936 0356        Current date / time: 2012/02/03 15:04:44.0936

15:04:44.0936 0356        SystemInfo:

15:04:44.0936 0356        

15:04:44.0936 0356        OS Version: 6.0.6002 ServicePack: 2.0

15:04:44.0936 0356        Product type: Workstation

15:04:44.0936 0356        ComputerName: PHILIP-PC

15:04:44.0936 0356        UserName: philip

15:04:44.0936 0356        Windows directory: C:\Windows

15:04:44.0936 0356        System windows directory: C:\Windows

15:04:44.0936 0356        Running under WOW64

15:04:44.0936 0356        Processor architecture: Intel x64

15:04:44.0936 0356        Number of processors: 2

15:04:44.0936 0356        Page size: 0x1000

15:04:44.0936 0356        Boot type: Normal boot

15:04:44.0936 0356        ============================================================

15:04:46.0028 0356        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:04:46.0028 0356        \Device\Harddisk0\DR0:

15:04:46.0028 0356        MBR used

15:04:46.0028 0356        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

15:04:46.0028 0356        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB

15:04:46.0091 0356        Initialize success

15:04:46.0091 0356        ============================================================

15:05:56.0478 1628        ============================================================

15:05:56.0478 1628        Scan started

15:05:56.0478 1628        Mode: Manual; SigCheck; TDLFS; 

15:05:56.0478 1628        ============================================================

15:05:57.0133 1628        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

15:05:57.0258 1628        ACPI - ok

15:05:57.0429 1628        adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

15:05:57.0460 1628        adp94xx - ok

15:05:57.0648 1628        adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

15:05:57.0663 1628        adpahci - ok

15:05:57.0804 1628        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

15:05:57.0819 1628        adpu160m - ok

15:05:58.0006 1628        adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

15:05:58.0022 1628        adpu320 - ok

15:05:58.0334 1628        AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

15:05:58.0396 1628        AFD - ok

15:05:58.0521 1628        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

15:05:58.0537 1628        agp440 - ok

15:05:58.0802 1628        aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

15:05:58.0833 1628        aic78xx - ok

15:05:58.0989 1628        aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

15:05:59.0005 1628        aliide - ok

15:05:59.0176 1628        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

15:05:59.0192 1628        amdide - ok

15:05:59.0332 1628        AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

15:05:59.0410 1628        AmdK8 - ok

15:05:59.0582 1628        arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

15:05:59.0598 1628        arc - ok

15:05:59.0707 1628        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

15:05:59.0722 1628        arcsas - ok

15:05:59.0925 1628        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys

15:05:59.0956 1628        aswFsBlk - ok

15:06:00.0050 1628        aswMonFlt       (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys

15:06:00.0066 1628        aswMonFlt - ok

15:06:00.0331 1628        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys

15:06:00.0346 1628        aswRdr - ok

15:06:00.0487 1628        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys

15:06:00.0518 1628        aswSnx - ok

15:06:00.0643 1628        aswSP           (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys

15:06:00.0658 1628        aswSP - ok

15:06:00.0752 1628        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys

15:06:00.0768 1628        aswTdi - ok

15:06:00.0892 1628        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

15:06:00.0939 1628        AsyncMac - ok

15:06:01.0048 1628        atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

15:06:01.0064 1628        atapi - ok

15:06:01.0189 1628        AtiHdmiService  (6309d37a01e04eb01a6c15ac87ec8294) C:\Windows\system32\drivers\AtiHdmi.sys

15:06:01.0204 1628        AtiHdmiService - ok

15:06:01.0423 1628        atikmdag        (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys

15:06:01.0672 1628        atikmdag - ok

15:06:01.0782 1628        BCM42RLY        (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys

15:06:01.0797 1628        BCM42RLY - ok

15:06:01.0922 1628        BCM43XX         (95b09e93ce0cdf990abee88a4324fc1b) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:06:01.0984 1628        BCM43XX - ok

15:06:02.0125 1628        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

15:06:02.0172 1628        blbdrive - ok

15:06:02.0281 1628        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

15:06:02.0328 1628        bowser - ok

15:06:02.0437 1628        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

15:06:02.0484 1628        BrFiltLo - ok

15:06:02.0593 1628        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

15:06:02.0655 1628        BrFiltUp - ok

15:06:02.0749 1628        Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

15:06:02.0842 1628        Brserid - ok

15:06:02.0920 1628        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

15:06:02.0998 1628        BrSerWdm - ok

15:06:03.0092 1628        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

15:06:03.0186 1628        BrUsbMdm - ok

15:06:03.0279 1628        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

15:06:03.0342 1628        BrUsbSer - ok

15:06:03.0451 1628        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

15:06:03.0529 1628        BTHMODEM - ok

15:06:03.0622 1628        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

15:06:03.0685 1628        cdfs - ok

15:06:03.0794 1628        cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

15:06:03.0856 1628        cdrom - ok

15:06:03.0966 1628        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

15:06:04.0012 1628        circlass - ok

15:06:04.0122 1628        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

15:06:04.0137 1628        CLFS - ok

15:06:04.0246 1628        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

15:06:04.0309 1628        CmBatt - ok

15:06:04.0387 1628        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

15:06:04.0387 1628        cmdide - ok

15:06:04.0496 1628        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

15:06:04.0512 1628        Compbatt - ok

15:06:04.0605 1628        crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

15:06:04.0605 1628        crcdisk - ok

15:06:04.0730 1628        CtClsFlt        (0d260d60fc1302e482850bb8f432d8d5) C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:06:04.0761 1628        CtClsFlt - ok

15:06:04.0855 1628        d3dsbs - ok

15:06:04.0980 1628        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

15:06:05.0026 1628        DfsC - ok

15:06:05.0182 1628        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

15:06:05.0198 1628        disk - ok

15:06:05.0385 1628        drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

15:06:05.0448 1628        drmkaud - ok

15:06:05.0635 1628        DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

15:06:05.0682 1628        DXGKrnl - ok

15:06:05.0838 1628        e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

15:06:05.0916 1628        e1express - ok

15:06:06.0134 1628        E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

15:06:06.0212 1628        E1G60 - ok

15:06:06.0430 1628        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

15:06:06.0446 1628        Ecache - ok

15:06:06.0633 1628        elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

15:06:06.0649 1628        elxstor - ok

15:06:06.0805 1628        ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys

15:06:06.0836 1628        ErrDev - ok

15:06:06.0976 1628        exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

15:06:07.0023 1628        exfat - ok

15:06:07.0273 1628        fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

15:06:07.0320 1628        fastfat - ok

15:06:07.0429 1628        fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

15:06:07.0460 1628        fdc - ok

15:06:07.0569 1628        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

15:06:07.0585 1628        FileInfo - ok

15:06:07.0710 1628        Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

15:06:07.0788 1628        Filetrace - ok

15:06:07.0990 1628        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:06:08.0022 1628        flpydisk - ok

15:06:08.0271 1628        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

15:06:08.0287 1628        FltMgr - ok

15:06:08.0427 1628        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

15:06:08.0505 1628        Fs_Rec - ok

15:06:08.0708 1628        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

15:06:08.0724 1628        gagp30kx - ok

15:06:08.0895 1628        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:06:08.0911 1628        GEARAspiWDM - ok

15:06:09.0020 1628        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

15:06:09.0067 1628        HdAudAddService - ok

15:06:09.0379 1628        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:06:09.0472 1628        HDAudBus - ok

15:06:09.0722 1628        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

15:06:09.0800 1628        HidBth - ok

15:06:09.0972 1628        HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

15:06:10.0050 1628        HidIr - ok

15:06:10.0237 1628        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

15:06:10.0284 1628        HidUsb - ok

15:06:10.0377 1628        HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

15:06:10.0393 1628        HpCISSs - ok

15:06:10.0564 1628        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

15:06:10.0627 1628        HTTP - ok

15:06:10.0876 1628        i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

15:06:10.0892 1628        i2omp - ok

15:06:11.0110 1628        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

15:06:11.0188 1628        i8042prt - ok

15:06:11.0329 1628        iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

15:06:11.0344 1628        iaStorV - ok

15:06:11.0469 1628        iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

15:06:11.0485 1628        iirsp - ok

15:06:11.0578 1628        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

15:06:11.0594 1628        intelide - ok

15:06:11.0859 1628        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

15:06:11.0922 1628        intelppm - ok

15:06:12.0046 1628        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:06:12.0093 1628        IpFilterDriver - ok

15:06:12.0156 1628        IpInIp - ok

15:06:12.0202 1628        IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

15:06:12.0249 1628        IPMIDRV - ok

15:06:12.0358 1628        IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

15:06:12.0390 1628        IPNAT - ok

15:06:12.0546 1628        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

15:06:12.0608 1628        IRENUM - ok

15:06:12.0748 1628        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

15:06:12.0764 1628        isapnp - ok

15:06:12.0904 1628        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

15:06:12.0920 1628        iScsiPrt - ok

15:06:13.0092 1628        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

15:06:13.0107 1628        iteatapi - ok

15:06:13.0248 1628        iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

15:06:13.0263 1628        iteraid - ok

15:06:13.0528 1628        k57nd60a        (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys

15:06:13.0544 1628        k57nd60a - ok

15:06:13.0716 1628        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

15:06:13.0731 1628        kbdclass - ok

15:06:13.0887 1628        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

15:06:13.0965 1628        kbdhid - ok

15:06:14.0230 1628        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

15:06:14.0246 1628        KSecDD - ok

15:06:14.0402 1628        ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

15:06:14.0464 1628        ksthunk - ok

15:06:14.0605 1628        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

15:06:14.0667 1628        lltdio - ok

15:06:14.0823 1628        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

15:06:14.0839 1628        LSI_FC - ok

15:06:14.0995 1628        LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

15:06:15.0010 1628        LSI_SAS - ok

15:06:15.0260 1628        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

15:06:15.0276 1628        LSI_SCSI - ok

15:06:15.0369 1628        luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

15:06:15.0432 1628        luafv - ok

15:06:15.0603 1628        megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

15:06:15.0603 1628        megasas - ok

15:06:15.0900 1628        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

15:06:15.0915 1628        MegaSR - ok

15:06:16.0118 1628        Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

15:06:16.0196 1628        Modem - ok

15:06:16.0305 1628        monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

15:06:16.0383 1628        monitor - ok

15:06:16.0539 1628        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

15:06:16.0555 1628        mouclass - ok

15:06:16.0664 1628        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

15:06:16.0726 1628        mouhid - ok

15:06:16.0836 1628        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

15:06:16.0851 1628        MountMgr - ok

15:06:16.0960 1628        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

15:06:16.0976 1628        mpio - ok

15:06:17.0148 1628        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

15:06:17.0210 1628        mpsdrv - ok

15:06:17.0382 1628        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

15:06:17.0397 1628        Mraid35x - ok

15:06:17.0553 1628        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

15:06:17.0600 1628        MRxDAV - ok

15:06:17.0803 1628        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:06:17.0850 1628        mrxsmb - ok

15:06:17.0959 1628        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:06:18.0006 1628        mrxsmb10 - ok

15:06:18.0208 1628        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:06:18.0255 1628        mrxsmb20 - ok

15:06:18.0458 1628        msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

15:06:18.0458 1628        msahci - ok

15:06:18.0661 1628        msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

15:06:18.0676 1628        msdsm - ok

15:06:18.0786 1628        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

15:06:18.0848 1628        Msfs - ok

15:06:18.0988 1628        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

15:06:19.0004 1628        msisadrv - ok

15:06:19.0144 1628        MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

15:06:19.0207 1628        MSKSSRV - ok

15:06:19.0332 1628        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

15:06:19.0410 1628        MSPCLOCK - ok

15:06:19.0503 1628        MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

15:06:19.0581 1628        MSPQM - ok

15:06:19.0800 1628        MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

15:06:19.0831 1628        MsRPC - ok

15:06:19.0956 1628        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

15:06:19.0971 1628        mssmbios - ok

15:06:20.0049 1628        MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

15:06:20.0127 1628        MSTEE - ok

15:06:20.0268 1628        Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

15:06:20.0283 1628        Mup - ok

15:06:20.0455 1628        NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

15:06:20.0502 1628        NativeWifiP - ok

15:06:20.0642 1628        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

15:06:20.0673 1628        NDIS - ok

15:06:20.0751 1628        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

15:06:20.0814 1628        NdisTapi - ok

15:06:20.0938 1628        Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

15:06:20.0985 1628        Ndisuio - ok

15:06:21.0204 1628        NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

15:06:21.0250 1628        NdisWan - ok

15:06:21.0438 1628        NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

15:06:21.0484 1628        NDProxy - ok

15:06:21.0609 1628        NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

15:06:21.0687 1628        NetBIOS - ok

15:06:21.0874 1628        netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

15:06:21.0906 1628        netbt - ok

15:06:22.0093 1628        nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

15:06:22.0108 1628        nfrd960 - ok

15:06:22.0249 1628        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

15:06:22.0327 1628        Npfs - ok

15:06:22.0561 1628        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

15:06:22.0623 1628        nsiproxy - ok

15:06:23.0060 1628        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

15:06:23.0154 1628        Ntfs - ok

15:06:23.0544 1628        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

15:06:23.0606 1628        Null - ok

15:06:23.0887 1628        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

15:06:23.0902 1628        nvraid - ok

15:06:24.0058 1628        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

15:06:24.0074 1628        nvstor - ok

15:06:24.0214 1628        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

15:06:24.0230 1628        nv_agp - ok

15:06:24.0402 1628        NwlnkFlt - ok

15:06:24.0682 1628        NwlnkFwd - ok

15:06:24.0963 1628        OA008Ufd        (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys

15:06:25.0010 1628        OA008Ufd - ok

15:06:25.0135 1628        OA008Vid        (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys

15:06:25.0166 1628        OA008Vid - ok

15:06:25.0400 1628        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

15:06:25.0416 1628        ohci1394 - ok

15:06:25.0556 1628        Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

15:06:25.0634 1628        Parport - ok

15:06:25.0743 1628        partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

15:06:25.0759 1628        partmgr - ok

15:06:25.0837 1628        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

15:06:25.0852 1628        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

15:06:25.0962 1628        pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

15:06:25.0977 1628        pci - ok

15:06:26.0071 1628        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

15:06:26.0071 1628        pciide - ok

15:06:26.0180 1628        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

15:06:26.0196 1628        pcmcia - ok

15:06:26.0289 1628        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

15:06:26.0398 1628        PEAUTH - ok

15:06:26.0554 1628        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

15:06:26.0601 1628        PptpMiniport - ok

15:06:26.0695 1628        Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

15:06:26.0742 1628        Processor - ok

15:06:26.0851 1628        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

15:06:26.0882 1628        PSched - ok

15:06:26.0991 1628        PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

15:06:26.0991 1628        PxHlpa64 - ok

15:06:27.0132 1628        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

15:06:27.0178 1628        ql2300 - ok

15:06:27.0272 1628        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

15:06:27.0288 1628        ql40xx - ok

15:06:27.0381 1628        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

15:06:27.0428 1628        QWAVEdrv - ok

15:06:27.0662 1628        R300            (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys

15:06:27.0787 1628        R300 - ok

15:06:27.0880 1628        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

15:06:27.0927 1628        RasAcd - ok

15:06:28.0021 1628        Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:06:28.0052 1628        Rasl2tp - ok

15:06:28.0146 1628        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

15:06:28.0192 1628        RasPppoe - ok

15:06:28.0302 1628        RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

15:06:28.0333 1628        RasSstp - ok

15:06:28.0442 1628        rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

15:06:28.0473 1628        rdbss - ok

15:06:28.0551 1628        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:06:28.0598 1628        RDPCDD - ok

15:06:28.0692 1628        rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

15:06:28.0754 1628        rdpdr - ok

15:06:28.0848 1628        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

15:06:28.0910 1628        RDPENCDD - ok

15:06:29.0019 1628        RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

15:06:29.0082 1628        RDPWD - ok

15:06:29.0222 1628        rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

15:06:29.0238 1628        rimmptsk - ok

15:06:29.0331 1628        rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys

15:06:29.0347 1628        rimsptsk - ok

15:06:29.0456 1628        rismxdp         (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys

15:06:29.0487 1628        rismxdp - ok

15:06:29.0596 1628        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

15:06:29.0659 1628        rspndr - ok

15:06:29.0768 1628        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

15:06:29.0784 1628        sbp2port - ok

15:06:29.0893 1628        sdbus           (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys

15:06:29.0924 1628        sdbus - ok

15:06:30.0002 1628        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:06:30.0080 1628        secdrv - ok

15:06:30.0189 1628        Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

15:06:30.0267 1628        Serenum - ok

15:06:30.0361 1628        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

15:06:30.0439 1628        Serial - ok

15:06:30.0548 1628        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

15:06:30.0610 1628        sermouse - ok

15:06:30.0704 1628        sffdisk         (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys

15:06:30.0766 1628        sffdisk - ok

15:06:30.0876 1628        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

15:06:30.0922 1628        sffp_mmc - ok

15:06:31.0016 1628        sffp_sd         (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:06:31.0063 1628        sffp_sd - ok

15:06:31.0172 1628        sfloppy         (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys

15:06:31.0219 1628        sfloppy - ok

15:06:31.0328 1628        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

15:06:31.0344 1628        SiSRaid2 - ok

15:06:31.0422 1628        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

15:06:31.0437 1628        SiSRaid4 - ok

15:06:31.0546 1628        Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

15:06:31.0578 1628        Smb - ok

15:06:31.0702 1628        spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

15:06:31.0718 1628        spldr - ok

15:06:31.0858 1628        sptd            (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\System32\Drivers\sptd.sys

15:06:31.0890 1628        sptd - ok

15:06:32.0014 1628        srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

15:06:32.0077 1628        srv - ok

15:06:32.0186 1628        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

15:06:32.0233 1628        srv2 - ok

15:06:32.0342 1628        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

15:06:32.0389 1628        srvnet - ok

15:06:32.0514 1628        STHDA           (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys

15:06:32.0560 1628        STHDA - ok

15:06:32.0670 1628        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

15:06:32.0670 1628        swenum - ok

15:06:32.0748 1628        Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

15:06:32.0763 1628        Symc8xx - ok

15:06:32.0779 1628        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

15:06:32.0794 1628        Sym_hi - ok

15:06:32.0872 1628        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

15:06:32.0888 1628        Sym_u3 - ok

15:06:32.0997 1628        SynTP           (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys

15:06:33.0013 1628        SynTP - ok

15:06:33.0169 1628        Tcpip           (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys

15:06:33.0216 1628        Tcpip - ok

15:06:33.0372 1628        Tcpip6          (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys

15:06:33.0450 1628        Tcpip6 - ok

15:06:33.0559 1628        tcpipreg        (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys

15:06:33.0574 1628        tcpipreg - ok

15:06:33.0637 1628        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

15:06:33.0684 1628        TDPIPE - ok

15:06:33.0762 1628        TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

15:06:33.0808 1628        TDTCP - ok

15:06:33.0855 1628        tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

15:06:33.0902 1628        tdx - ok

15:06:34.0011 1628        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

15:06:34.0027 1628        TermDD - ok

15:06:34.0074 1628        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:06:34.0136 1628        tssecsrv - ok

15:06:34.0230 1628        tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

15:06:34.0292 1628        tunmp - ok

15:06:34.0370 1628        tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

15:06:34.0432 1628        tunnel - ok

15:06:34.0526 1628        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

15:06:34.0542 1628        uagp35 - ok

15:06:34.0635 1628        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

15:06:34.0666 1628        udfs - ok

15:06:34.0776 1628        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

15:06:34.0791 1628        uliagpkx - ok

15:06:34.0885 1628        uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

15:06:34.0900 1628        uliahci - ok

15:06:34.0994 1628        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

15:06:35.0010 1628        UlSata - ok

15:06:35.0103 1628        ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

15:06:35.0119 1628        ulsata2 - ok

15:06:35.0212 1628        umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

15:06:35.0244 1628        umbus - ok

15:06:35.0337 1628        USBAAPL64       (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys

15:06:35.0368 1628        USBAAPL64 - ok

15:06:35.0478 1628        usbccgp         (fa552037600586365cf77b4a90270bf9) C:\Windows\system32\DRIVERS\usbccgp.sys

15:06:35.0493 1628        usbccgp - ok

15:06:35.0587 1628        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

15:06:35.0649 1628        usbcir - ok

15:06:35.0758 1628        usbehci         (70b687ba1468c0e5d01b22ccf46dd3df) C:\Windows\system32\DRIVERS\usbehci.sys

15:06:35.0790 1628        usbehci - ok

15:06:35.0899 1628        usbhub          (0f6da5bc652ce9ac75602f7a703f0585) C:\Windows\system32\DRIVERS\usbhub.sys

15:06:35.0930 1628        usbhub - ok

15:06:36.0024 1628        usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

15:06:36.0102 1628        usbohci - ok

15:06:36.0195 1628        usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

15:06:36.0258 1628        usbprint - ok

15:06:36.0382 1628        USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:06:36.0414 1628        USBSTOR - ok

15:06:36.0523 1628        usbuhci         (3bcb145ed72bde88e91add2fda62ef69) C:\Windows\system32\DRIVERS\usbuhci.sys

15:06:36.0570 1628        usbuhci - ok

15:06:36.0679 1628        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

15:06:36.0710 1628        usbvideo - ok

15:06:36.0819 1628        vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

15:06:36.0866 1628        vga - ok

15:06:36.0944 1628        VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

15:06:37.0006 1628        VgaSave - ok

15:06:37.0084 1628        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

15:06:37.0100 1628        viaide - ok

15:06:37.0209 1628        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

15:06:37.0225 1628        volmgr - ok

15:06:37.0334 1628        volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

15:06:37.0350 1628        volmgrx - ok

15:06:37.0474 1628        volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

15:06:37.0490 1628        volsnap - ok

15:06:37.0599 1628        vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

15:06:37.0615 1628        vsmraid - ok

15:06:37.0708 1628        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

15:06:37.0755 1628        WacomPen - ok

15:06:37.0864 1628        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

15:06:37.0896 1628        Wanarp - ok

15:06:37.0911 1628        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

15:06:37.0942 1628        Wanarpv6 - ok

15:06:38.0036 1628        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

15:06:38.0036 1628        Wd - ok

15:06:38.0145 1628        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

15:06:38.0176 1628        Wdf01000 - ok

15:06:38.0332 1628        WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:06:38.0364 1628        WmiAcpi - ok

15:06:38.0488 1628        WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

15:06:38.0520 1628        WpdUsb - ok

15:06:38.0566 1628        ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

15:06:38.0613 1628        ws2ifsl - ok

15:06:38.0754 1628        WSDPrintDevice  (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:06:38.0769 1628        WSDPrintDevice - ok

15:06:38.0894 1628        WSDScan         (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys

15:06:38.0925 1628        WSDScan - ok

15:06:39.0034 1628        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:06:39.0081 1628        WUDFRd - ok

15:06:39.0128 1628        MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

15:06:40.0033 1628        \Device\Harddisk0\DR0 - ok

15:06:40.0064 1628        Boot (0x1200)   (0c077572f3499894870d654aa26b1a61) \Device\Harddisk0\DR0\Partition0

15:06:40.0064 1628        \Device\Harddisk0\DR0\Partition0 - ok

15:06:40.0080 1628        Boot (0x1200)   (4a9fe151a2cab4673a1d2f5f195702ba) \Device\Harddisk0\DR0\Partition1

15:06:40.0080 1628        \Device\Harddisk0\DR0\Partition1 - ok

15:06:40.0080 1628        ============================================================

15:06:40.0080 1628        Scan finished

15:06:40.0080 1628        ============================================================

15:06:40.0095 3144        Detected object count: 0

15:06:40.0095 3144        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi Arne.
Combofix ist nun auch gelaufen. Hier das log.

Combofix Logfile:

Code:

ComboFix 12-02-03.02 - philip 03.02.2012  15:53:50.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1443 [GMT 1:00]

ausgeführt von:: c:\users\philip\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\PCDr\5907\Downloads\b9ce760f-6209-48f2-a4a3-695324591c45.dll

c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll

c:\users\philip\AppData\Local\lame_enc.dll

c:\users\philip\AppData\Local\no23xwrapper.dll

c:\users\philip\AppData\Local\ogg.dll

c:\users\philip\AppData\Local\vorbis.dll

c:\users\philip\AppData\Local\vorbisenc.dll

c:\users\philip\AppData\Local\vorbisfile.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\WanPacket.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-03 bis 2012-02-03  ))))))))))))))))))))))))))))))

.

.

2012-02-03 12:58 . 2012-02-03 12:58        --------        d-----w-        C:\_OTL

2012-02-01 18:10 . 2012-01-17 03:39        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E17069D-D0E2-4E6D-B598-95FC0F877816}\mpengine.dll

2012-02-01 18:09 . 2011-11-16 16:42        347136        ----a-w-        c:\windows\system32\schannel.dll

2012-02-01 18:09 . 2011-11-17 06:53        515968        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-02-01 18:09 . 2011-11-16 16:43        442368        ----a-w-        c:\windows\system32\winhttp.dll

2012-02-01 18:09 . 2011-11-16 16:42        94720        ----a-w-        c:\windows\system32\secur32.dll

2012-02-01 18:09 . 2011-11-16 16:41        1689600        ----a-w-        c:\windows\system32\lsasrv.dll

2012-02-01 18:09 . 2011-11-16 16:24        77312        ----a-w-        c:\windows\SysWow64\secur32.dll

2012-02-01 18:09 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\SysWow64\winhttp.dll

2012-02-01 18:09 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\SysWow64\schannel.dll

2012-02-01 18:09 . 2011-11-16 14:34        11264        ----a-w-        c:\windows\system32\lsass.exe

2012-02-01 13:18 . 2012-02-01 13:18        --------        d-----w-        c:\program files (x86)\ESET

2012-01-31 19:08 . 2012-01-31 19:08        --------        d-----w-        c:\users\philip\AppData\Roaming\Malwarebytes

2012-01-31 19:08 . 2012-01-31 19:08        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-31 19:08 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-31 19:08 . 2012-01-31 19:08        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-31 17:55 . 2012-01-31 17:55        84104        ----a-w-        c:\windows\system32\drivers\inspect.sys

2012-01-31 17:50 . 2011-11-28 17:51        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2012-01-31 17:50 . 2011-11-28 17:53        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2012-01-31 17:50 . 2011-11-28 17:52        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2012-01-31 17:49 . 2011-11-28 17:54        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2012-01-31 17:49 . 2011-11-28 17:52        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2012-01-31 17:49 . 2011-11-28 17:52        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2012-01-31 17:49 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr

2012-01-31 17:49 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2012-01-30 15:35 . 2012-01-30 15:35        --------        d-----w-        c:\program files\Broadcom

2012-01-30 15:32 . 2012-01-30 15:32        --------        d-----w-        c:\program files (x86)\Cisco

2012-01-30 15:28 . 2012-01-30 15:28        --------        d-----w-        c:\users\philip\AppData\Roaming\InstallShield

2012-01-30 14:47 . 2011-10-25 16:13        1570816        ----a-w-        c:\windows\system32\quartz.dll

2012-01-30 14:44 . 2011-11-18 18:07        76800        ----a-w-        c:\windows\system32\packager.dll

2012-01-30 14:44 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\SysWow64\packager.dll

2012-01-30 13:08 . 2012-01-30 13:08        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

2012-01-30 12:41 . 2012-01-30 12:42        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2012-01-29 17:18 . 2012-01-29 17:18        --------        d-----w-        c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-01-29 17:06 . 2012-01-29 17:06        --------        d-----w-        c:\users\philip\AppData\Local\PackageAware

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-02 13:40 . 2011-09-19 10:01        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-07 09:39 . 2009-10-24 12:59        279096        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-28 18:01 . 2011-10-22 10:47        256960        ----a-w-        c:\windows\system32\aswBoot.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2012-02-03 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-13 3863040]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-01 3217056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

TCP: DhcpNameServer = 192.168.178.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\philip\AppData\Roaming\Mozilla\Firefox\Profiles\kmrvtpdt.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Quake III Arena - c:\spiele\Quake 3 Arena\QIII.isu

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-03  16:07:36 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-03 15:07

.

Vor Suchlauf: 13 Verzeichnis(se), 48.374.865.920 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 48.268.312.576 Bytes frei

.

- - End Of File - - FE611AF64F8BD975DAE611C37F2B31FC

--- --- ---

Wie gehts weiter? Hat sich nämlich leider immer noch nichts zum besseren gewendet.
Kann das überhaupt an den Trojanern liegen, dass mein Rechner so lahm ist oder liegt das Problem woanders?

Grüße, Philip

Zitat:

Kann das überhaupt an den Trojanern liegen, dass mein Rechner so lahm ist oder liegt das Problem woanders?

Das versuch ich ja gerade herauszufinden :pfeiff:
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hallo Arne.
Hier die aswMBR.txt

Code:

 aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software

Run date: 2012-02-04 13:55:28

-----------------------------

13:55:28.978    OS Version: Windows x64 6.0.6002 Service Pack 2

13:55:28.978    Number of processors: 2 586 0x170A

13:55:28.978    ComputerName: PHILIP-PC  UserName: philip

13:55:30.335    Initialize success

13:55:30.912    AVAST engine defs: 12020400

13:56:44.248    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:56:44.248    Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3

13:56:44.279    Disk 0 MBR read successfully

13:56:44.279    Disk 0 MBR scan

13:56:44.279    Disk 0 Windows VISTA default MBR code

13:56:44.279    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63

13:56:44.295    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 80325

13:56:44.310    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       223434 MB offset 30800325

13:56:44.310    Service scanning

13:56:46.058    Modules scanning

13:56:46.058    Disk 0 trace - called modules:

13:56:46.089    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

13:56:46.104    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80036c4790]

13:56:46.604    3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80033834b0]

13:56:47.306    AVAST engine scan C:\Windows

13:56:49.958    AVAST engine scan C:\Windows\system32

13:59:18.064    AVAST engine scan C:\Windows\system32\drivers

13:59:28.313    AVAST engine scan C:\Users\philip

14:20:18.170    AVAST engine scan C:\ProgramData

14:23:46.944    Scan finished successfully

14:26:01.489    Disk 0 MBR has been saved successfully to "C:\Users\philip\Desktop\MBR.dat"

14:26:01.504    The log file has been saved successfully to "C:\Users\philip\Desktop\aswMBR.txt"

Außerdem hat das Tool noch eine mbr.dat auf dem Desktop gespeichert. Was soll ich mit der machen?

Grüße, Philip