Trojaner-Board - Blockierter PC durch Suisa Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Blockierter PC durch Suisa Trojaner (https://www.trojaner-board.de/116623-blockierter-pc-suisa-trojaner.html)

Blockierter PC durch Suisa Trojaner

Hallo

Vor 2 Tagen hat plötzlich dieser Suisa Trojaner bei mir zugeschlagen und meinen PC blockiert. Zum Glück habe ich über einen zweiten PC diese Website gefunden und mich schlau gemacht (Anleitungen,Regeln, Forum, etc.).

Beim Aufstarten ist mir jeweils noch aufgefallen (bevor der blockierte weisse Bildschim kam mit der Meldung auf die Verbindungsaufnahme zu warten), dass ganz kurz rechts unten ein Fenster von AVIRA aufging mit einer Meldung, dass das Registry blockiert sei....

Ich bin zwar kein PC-Spezialist, konnte aber über den zweiten PC und einen UBS-Stick zumindest 'Malwarebytes' auf dem Problem-PC installieren (abgesicherter Modus mit Eingabe-Aufforderung hat funktioniert).

Der Quick Scan hat dann tatsächlich 3 infizierte Objekte gefunden:

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.05.06
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)

Internet Explorer 9.0.8112.16421

Walter :: WALTER-PC [Administrator]
 

Schutz: Deaktiviert
 

05.06.2012 21:57:35

mbam-log-2012-06-05 (21-57-35).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 223926

Laufzeit: 1 Minute(n), 8 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|C0mDiXEtF1yrWmk (Trojan.Winlock) -> Daten: C:\Users\Walter\AppData\Roaming\TarArchiver.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\Walter\AppData\Roaming\TarArchiver.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Walter\AppData\Local\Temp\cs8v0k.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Nach dieser Aktion konnte ich den PC wieder normal starten, musste auf dem Desktop aber die Symbole wieder aktivieren und ordnen (ist alles wieder da). Auch im Start-Menu und unter "Alle Programm" sieht alles wieder okay aus wie vor dem Trojaner.

Heute habe ich nun noch einen vollständigen Scan durchgeführt (inkl. externe Festplatte) und Malwarebytes hat keine infizierte Objekte mehr gefunden:

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.05.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Walter :: WALTER-PC [Administrator]
 

Schutz: Aktiviert
 

06.06.2012 08:55:58

mbam-log-2012-06-06 (08-55-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 990624

Laufzeit: 1 Stunde(n), 21 Minute(n), 50 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Derzeit habe ich auch sonst keine negativen Auffälligkeiten beim normalen Betrieb des PC bemerkt (natürlich werden vorerst keine kritischen Arbeiten wie Online-Banking o.ä. ausgeführt, bzw. auf den zweiten PC verlegt).

Hier noch die Liste der installierten Programme aus CC-Cleaner, die für eure Analyse jeweils auch nötig ist, wie ich aus dem Forum gesehen habe:

Code:

 7-Zip 9.20 (x64 edition)        Igor Pavlov        30.03.2012        4.53MB        9.20.00.0

A380v2 (FSX)                06.04.2012                

Active Sky Evolution        HiFi Technologies, Inc.        05.12.2011        85.7MB        12.00.0572

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        03.05.2012        6.00MB        11.2.202.235

Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        10.04.2012        121.7MB        10.1.3

Aerosoft's - Aerosoft Launcher        Aerosoft        03.06.2012                1.1.0.1

aerosoft's - Balearic Islands X for FSX        aerosoft        06.12.2011                1.01

aerosoft's - FlightSim Commander 9        aerosoft        02.06.2012                9.2.0.0

Aerosoft's - German Airports 1 - Friedrichshafen X        Aerosoft        03.05.2012                1.01

aerosoft's - German Airports 1 - FS2004                04.12.2011                

aerosoft's - German Airports 1 - Stuttgart X        aerosoft        06.12.2011                1.00

aerosoft's - German Airports 2 X - FSX        aerosoft        31.03.2012                1.00

aerosoft's - German Airports 3 - FS2004                04.12.2011                

aerosoft's - German Airports 3 X - FSX        aerosoft        06.12.2011                1.01

aerosoft's - Holiday Airports FSX        aerosoft        06.12.2011                1.00

aerosoft's - Mega Airport Amsterdam FSX        aerosoft        02.06.2012                1.04

aerosoft's - Mega Airport Barcelona X        aerosoft        03.06.2012                1.02

Aerosoft's - Mega Airport Brussels X        Aerosoft        06.12.2011                1.01

Aerosoft's - Mega Airport Budapest        Aerosoft        03.06.2012                2.00

aerosoft's - Mega Airport Frankfurt X        aerosoft        06.12.2011                1.04

aerosoft's - Mega Airport London Heathrow X        aerosoft        03.06.2012                1.10

aerosoft's - Mega Airport Madrid Barajas        aerosoft        03.06.2012                1.02

aerosoft's - Mega Airport Munich X        aerosoft        06.12.2011                1.01

aerosoft's - Mega Airport Paris CDG X        aerosoft        03.06.2012                1.00

aerosoft's - Mega Airport Stockholm Arlanda X        aerosoft        03.06.2012                1.01

Aerosoft's - Mega Airport Zurich 2012 - FSX        Aerosoft        05.12.2011                1.01

aerosoft's - Nice Cote dAzur X        aerosoft        06.12.2011                1.10

aerosoft's - Tahiti X        aerosoft        07.12.2011                1.10

AFX                05.12.2011                

Airbus Series 1 Deluxe - Evolution Full (FSX)                05.04.2012                

Airbus Series 2 - Evolution Full (FSX)                06.04.2012                

Apple Application Support        Apple Inc.        07.03.2012        61.0MB        2.1.7

Apple Mobile Device Support        Apple Inc.        07.03.2012        24.9MB        5.1.1.4

Apple Software Update        Apple Inc.        28.11.2011        2.38MB        2.1.3.127

Avira Free Antivirus        Avira        07.05.2012        108.9MB        12.0.0.1125

Bonjour        Apple Inc.        28.11.2011        1.86MB        3.0.0.10

CCleaner        Piriform        22.05.2012                3.19

Compatibility Pack für 2007 Office System        Microsoft Corporation        09.05.2012        113.7MB        12.0.6612.1000

EditVoicepack X        Bevelstone Production        05.12.2011        32.1MB        4.0.7

FlyLogic's - Altenrhein X        FlyLogic        05.12.2011                1.00

FlyLogic's - Bern-Belp X        FlyLogic        05.12.2011                1.00

FlyLogic's - Lugano X        FlyLogic        10.05.2012                1.00

FlyTampa's - Mega Airport Vienna X - FSX        FlyTampa        06.12.2011                1.00

Fritz11        ChessBase        28.11.2011                11

FSDreamTeam Geneva FS9 1.1                04.12.2011                

FSDreamTeam Geneva FSX 1.3.2                05.12.2011        314MB        

FSDreamTeam GSX 1.4.1                06.05.2012        213MB        

FSDreamTeam Los Angeles International FSX 1.4                23.03.2012        430MB        

FSDreamTeam OHareX 2.0                23.03.2012        216MB        

FSDreamTeam ZurichX 2.0.2                05.12.2011        278MB        

FSNavigator        FSNavigator team        03.12.2011                4.7

Google Chrome        Google Inc.        28.11.2011                19.0.1084.52

Google Earth        Google        28.11.2011        92.7MB        6.1.0.5001

Google Toolbar for Internet Explorer        Google Inc.        19.03.2012                7.3.2710.138

HDD Health v3.3 Beta                10.01.2012                

iTunes        Apple Inc.        29.03.2012        156.9MB        10.6.1.7

Java(TM) 6 Update 30        Oracle        03.01.2012        95.2MB        6.0.300

Just Flight - 767-200/300 for FSX        Just Flight        04.04.2012                1.00.000

Just Flight - World Airports 3 FSX        Just Flight        07.12.2011                1.00.000

Just Flight - World Airports 4 for FSX        Just Flight        07.12.2011                1.00.000

Mailsoft's - Kleinflugplätze Schweiz Teil 3 X        Mailsoft        06.12.2011                1.00

Mailsoft's - Kleinflugplätze Schweiz Teil 5 X        Mailsoft        06.12.2011                1.00

Mailsoft's - Sion X        Mailsoft        05.12.2011                1.00

Mailsoft's - Switzerland Professional X        Mailsoft        05.12.2011                1.00

Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        04.06.2012        18.0MB        1.61.0.1400

McAfee Security Scan Plus        McAfee, Inc.        02.04.2012        8.30MB        2.0.181.2

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        27.11.2011        38.8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        27.11.2011        2.94MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        03.12.2011        52.0MB        4.0.30319

Microsoft Flight        Microsoft Studios        06.03.2012                1.0.0000.129

Microsoft Flight Simulator 2004 A Century of Flight        Microsoft        03.12.2011                9.0

Microsoft Flight Simulator X: Acceleration        Microsoft Game Studios        05.12.2011                10.0.61637.0

Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        06.03.2012        31.3MB        3.5.92.0

Microsoft Games for Windows Marketplace        Microsoft Corporation        06.03.2012        6.04MB        3.5.50.0

Microsoft Office File Validation Add-In        Microsoft Corporation        10.03.2012        7.95MB        14.0.5130.5003

Microsoft Office Live Add-in 1.5        Microsoft Corporation        07.05.2012        0.50MB        2.0.4024.1

Microsoft Office Standard Edition 2003        Microsoft Corporation        09.05.2012        647MB        11.0.8173.0

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.03.2012        0.29MB        8.0.56336

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        06.12.2011        2.37MB        9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        06.03.2012        0.58MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        07.03.2012        0.59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        07.03.2012        12.3MB        10.0.40219

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        05.12.2011        1.28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        05.12.2011        1.33MB        4.20.9876.0

MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        05.12.2011        1.23MB        4.20.9818.0

NVIDIA 3D Vision Controller-Treiber 296.10        NVIDIA Corporation        18.05.2012                296.10

NVIDIA 3D Vision Treiber 296.10        NVIDIA Corporation        18.05.2012                296.10

NVIDIA Grafiktreiber 296.10        NVIDIA Corporation        18.05.2012                296.10

NVIDIA HD-Audiotreiber 1.3.12.0        NVIDIA Corporation        18.05.2012                1.3.12.0

NVIDIA PhysX-Systemsoftware 9.12.0213        NVIDIA Corporation        18.05.2012                9.12.0213

NVIDIA Update 1.7.11        NVIDIA Corporation        18.05.2012                1.7.11

PMDG 747-400/400F for FSX        Precision Manuals Development Group        19.05.2012                2.10.0040

PMDG744X_GE_AC        Precision Manuals Development Group        23.05.2012                1.10.0000

PMDG744X_GE_AF        Precision Manuals Development Group        19.05.2012                1.10.0000

PMDG744X_GE_BR2        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_GE_JL3        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_GE_KL        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_GE_LH        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_GE_NH        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_GE_SV        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_GE_TG        Precision Manuals Development Group        23.05.2012                1.20.0000

PMDG744X_GE_VS        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_PW_AI        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_PW_CI        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_PW_IB        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_PW_MH        Precision Manuals Development Group        23.05.2012                1.20.0000

PMDG744X_PW_NW3        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_PW_SQ        Precision Manuals Development Group        23.05.2012                1.10.0000

PMDG744X_PW_UA3        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_RR_BA        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744X_RR_CX        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744X_RR_QF        Precision Manuals Development Group        23.05.2012                1.10.0000

PMDG744XF_GE_5XF        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744XF_GE_CVF        Precision Manuals Development Group        23.05.2012                1.10.0000

PMDG744XF_PW_FXF        Precision Manuals Development Group        19.05.2012                1.00.0000

PMDG744XF_PW_SQF        Precision Manuals Development Group        23.05.2012                1.00.0000

PMDG744XF_RR_CXF        Precision Manuals Development Group        19.05.2012                1.00.0000

QualityWings Ultimate 757 Collection                07.04.2012                

QualityWings Ultimate 757 Collection FSX 1.2.6                07.04.2012        606MB        

QuickTime        Apple Inc.        28.11.2011        73.3MB        7.71.80.42

Steam        Valve Corporation        03.12.2011        1.59MB        1.0.0.0

Steuer 2011 12.0.1        Information Factory AG        18.03.2012                12.0.1

Train Simulator 2012        RailSimulator.com        03.12.2011                

Ultimate Terrain X - Europe                05.12.2011                

Ultimate Terrain X - USA                05.12.2011                

VIRTUALI Addon ManagerX                11.05.2012        38.7MB        

VIRTUALI Addon ManagerX                24.03.2012                

VIRTUALI Addon ManagerX                12.05.2012                

VistaMare ViMaCore X                07.01.2012                

Windows Live ID Sign-in Assistant        Microsoft Corporation        06.03.2012        10.0MB        6.500.3165.0

Ich bin etwas überfordert von den vielen weiteren Tools und Programmen
(OLT, etc.), welche bei vielen Anfragen zur Sprache kommen. Da ich kein Spezialist bin, kenne ich all diese Dinge nicht.

Daher meine Fragen:

Welche weitere Aktionen sollte ich unbedingt vornehmen?
oder
Wäre es besser mein System ganz neu aufzusetzen?

Schon mal vielen Dank für eure Bemühungen und Gruss aus der Schweiz.

Walter

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne

Erstmals danke für Deine Hilfe. Der ESET Online Scan gemäss den obigen Anweisungen ausgeführt ergab folgendes Resultat:

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-09 10:51:05

# local_time=2012-06-09 12:51:05 (+0100, Mitteleuropäische Sommerzeit)

# country="Switzerland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 13474968 13474968 0 0

# compatibility_mode=5893 16776573 100 94 59774 90860976 0 0

# compatibility_mode=8192 67108863 100 0 92 92 0 0

# scanned=775200

# found=4

# cleaned=0

# scan_time=7939

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5d1efb9a-76058492        multiple threats (unable to clean)        00000000000000000000000000000000        I

K:\WALTER-PC\Backup Set 2012-01-10 165152\Backup Files 2012-01-10 165152\Backup files 2.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I

K:\WALTER-PC\Backup Set 2012-01-22 223724\Backup Files 2012-01-22 223724\Backup files 2.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I

K:\ZZZ_Master_Archiv\Aktuelle_Downloads\Basisanwendungen\SwisscomQuickHelp_m-Setup.exe        probably unknown NewHeur_PE virus (unable to clean)        00000000000000000000000000000000        I

Gerne erwarte ich Deinen weiteren Feedback, was zu tun ist.

Gruss
Walter

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Arne

Ja, der normale Windows Modus funktioniert wieder problemlos und auch im Startmenü und unter "alle Programme" ist alles vorhanden wie vorher.

Die im ESET-Scan gefundenen Files überraschen mich etwas, insbesondere diejenigen im externen Laufwerk K, da dieses beim Einfangen des Trojaners anfangs letzter Woche nicht lief und die erwähnten Dateien ältere Back-ups sind, die vorher nie auffielen oder Probleme bereiteten.

Gruss
Walter

ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne

Okay, habe den OLT-Scan gemäss Deiner Anweisung ausgeführt. Hier ist der Log:

OTL Logfile:

Code:

OTL logfile created on: 11.06.2012 10:12:49 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Walter\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.56% Memory free

23.98 Gb Paging File | 21.71 Gb Available in Paging File | 90.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 714.71 Gb Total Space | 656.08 Gb Free Space | 91.80% Space Free | Partition Type: NTFS

Drive D: | 97.66 Gb Total Space | 90.83 Gb Free Space | 93.00% Space Free | Partition Type: NTFS

Drive E: | 321.21 Gb Total Space | 316.21 Gb Free Space | 98.44% Space Free | Partition Type: NTFS

Drive F: | 146.49 Gb Total Space | 62.66 Gb Free Space | 42.77% Space Free | Partition Type: NTFS

Drive G: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Drive H: | 119.14 Gb Total Space | 42.96 Gb Free Space | 36.06% Space Free | Partition Type: NTFS

Drive K: | 931.28 Gb Total Space | 729.19 Gb Free Space | 78.30% Space Free | Partition Type: FAT32

 

Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.11 10:07:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe

PRC - [2012.05.19 16:16:45 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012.05.08 22:36:18 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 22:36:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 22:36:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.04 23:14:17 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.04 12:57:41 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe

PRC - [2008.06.15 13:14:30 | 001,692,672 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.19 16:16:45 | 020,313,384 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012.05.19 16:16:44 | 001,099,576 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012.05.19 16:16:44 | 000,895,312 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012.05.19 16:16:44 | 000,190,776 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012.05.19 16:16:44 | 000,123,192 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.05.19 16:16:45 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.05.08 22:36:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.08 22:36:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.04 23:14:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 22:36:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 22:36:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.11.29 00:47:08 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 0C C5 24 15 AE CC 01  [binary data]

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deCH460

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: Google Mail = C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-3627449669-795322702-1899169270-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1000..\Run: [HDDHealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)

O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6341E948-7F26-4E47-AEE8-763B1B79556C}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.11 10:07:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe

[2012.06.09 10:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.05 13:51:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes

[2012.06.05 13:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.05 13:51:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.05 13:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.05 13:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.03 12:16:09 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx

[2012.06.03 12:16:09 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx

[2012.06.03 12:16:09 | 000,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed32.ocx

[2012.06.03 12:16:09 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevImLib.dll

[2012.06.03 12:16:09 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx

[2012.06.03 12:16:09 | 000,115,712 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevClb20.ocx

[2012.06.03 12:16:09 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\SysWow64\SPIN32.OCX

[2012.05.20 22:43:29 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012.05.20 15:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations

[2012.05.20 15:32:30 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2012.05.19 17:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012.05.19 17:01:34 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012.05.19 17:01:34 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.11 10:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.11 10:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.11 10:07:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe

[2012.06.11 10:07:14 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.11 10:07:14 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.11 09:59:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.11 09:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.11 09:59:41 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.05 13:51:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.05 00:43:23 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.05 00:43:23 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.05 00:43:23 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.05 00:43:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.05 00:43:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.04 19:18:00 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk

[2012.06.03 12:16:04 | 000,000,507 | ---- | M] () -- C:\Users\Public\Desktop\FSC 9.lnk

[2012.06.01 14:05:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.05.24 10:16:24 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.05.20 18:34:06 | 000,312,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.05.20 15:50:42 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk

[2012.05.20 15:32:30 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.05 13:51:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.03 12:16:09 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\threed32.oca

[2012.06.03 12:16:09 | 000,093,696 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.oca

[2012.06.03 12:16:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\grid32.oca

[2012.06.03 12:16:09 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP

[2012.06.03 12:16:09 | 000,002,493 | ---- | C] () -- C:\Windows\SysWow64\COMCTL32.DEP

[2012.06.03 12:16:09 | 000,002,405 | ---- | C] () -- C:\Windows\SysWow64\MSINET.DEP

[2012.06.03 12:16:09 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\sevClb20.dep

[2012.06.03 12:16:09 | 000,000,549 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.dep

[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevXPCtl.dep

[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevEin20.dep

[2012.06.03 12:16:04 | 000,000,507 | ---- | C] () -- C:\Users\Public\Desktop\FSC 9.lnk

[2012.05.20 15:33:53 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk

[2012.05.19 17:02:10 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012.05.15 18:33:39 | 000,001,267 | ---- | C] () -- C:\Users\Walter\Desktop\QW757 Livery Manager.lnk

[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.12.06 13:15:35 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin

[2011.12.04 19:40:46 | 000,000,040 | -HS- | C] () -- C:\Windows\cnerolf.dat

[2011.12.04 13:36:54 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.29 16:57:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

 
 ========== LOP Check ==========

 

[2012.06.07 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ChessBase

[2011.12.06 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Flight1

[2011.12.06 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\HiFi

[2012.03.19 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Information Factory

[2012.05.07 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lockheed Martin

[2012.03.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Virtuali

[2012.06.03 21:57:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.29 01:05:29 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Adobe

[2011.12.09 19:53:06 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Apple Computer

[2012.01.05 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Avira

[2012.06.07 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ChessBase

[2011.12.06 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Flight1

[2011.12.07 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Google

[2011.12.06 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\HiFi

[2011.11.28 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Identities

[2012.03.19 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Information Factory

[2011.12.06 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\InstallShield

[2012.05.07 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lockheed Martin

[2011.11.29 01:21:36 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Macromedia

[2012.06.05 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Malwarebytes

[2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Media Center Programs

[2012.03.07 18:11:46 | 000,000,000 | --SD | M] -- C:\Users\Walter\AppData\Roaming\Microsoft

[2011.12.06 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\NVIDIA

[2012.03.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Virtuali

 
 < %APPDATA%\*.exe /s >

[2007.02.27 12:51:58 | 015,175,680 | ---- | M] (HiFi Simulation Software) -- C:\Users\Walter\AppData\Roaming\HiFi\ASE\ASv6.exe

[2008.08.17 12:22:08 | 000,111,616 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Lockheed Martin\Prepar3D\tidy.exe

[2011.12.06 13:03:32 | 000,015,086 | R--- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Installer\{3C40DA91-58D8-44F8-BD19-969912D8612E}\ARPPRODUCTICON.exe

[2011.12.06 13:08:01 | 000,015,086 | R--- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Installer\{ABA28CFF-ED95-47A8-95F6-89402D6FFA3D}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:74603393

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A1D5C6AA

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:00934A10
 

< End of report >

--- --- ---
[/CODE]

Gruss und Danke
Walter

Hallo Arne

Sorry, habe soeben auf dem Desktop gesehen, dass OLT noch einen zweiten Output generierte ("Extras"), den ich auch poste:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 11.06.2012 10:12:49 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Walter\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.56% Memory free

23.98 Gb Paging File | 21.71 Gb Available in Paging File | 90.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 714.71 Gb Total Space | 656.08 Gb Free Space | 91.80% Space Free | Partition Type: NTFS

Drive D: | 97.66 Gb Total Space | 90.83 Gb Free Space | 93.00% Space Free | Partition Type: NTFS

Drive E: | 321.21 Gb Total Space | 316.21 Gb Free Space | 98.44% Space Free | Partition Type: NTFS

Drive F: | 146.49 Gb Total Space | 62.66 Gb Free Space | 42.77% Space Free | Partition Type: NTFS

Drive G: | 117.19 Gb Total Space | 117.10 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Drive H: | 119.14 Gb Total Space | 42.96 Gb Free Space | 36.06% Space Free | Partition Type: NTFS

Drive K: | 931.28 Gb Total Space | 729.19 Gb Free Space | 78.30% Space Free | Partition Type: FAT32

 

Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0185240A-FD26-4C23-9516-3FB004E52716}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{0862601F-E837-4F47-825D-784AAB642863}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{136DCE60-9F14-4E8B-A562-1E1ADEC3D225}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{15CF99D8-1E80-4BB7-975C-333D55277B7C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1F58CC6C-282B-4F9A-A0F8-FF120C7BBF78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{22E74A03-0FFF-4079-A8C6-4062A6BC8FA1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{29C5AFB8-E7FB-4E00-8417-4A2CBA8BC296}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{38649FB0-2779-4EA9-A966-0A2D5C76BC13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{505AF513-193B-4655-A4A4-6B37CB6287B5}" = rport=138 | protocol=17 | dir=out | app=system | 

"{50FB27D5-9F23-4BD1-BF6C-F469A02224C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{6904692C-AF10-40A5-93FD-3A35E57668C7}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{7393BE48-2B38-4FA9-AE1F-A1C233822422}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7B9609E3-3FA2-481E-A79A-F4B85CFDB137}" = rport=445 | protocol=6 | dir=out | app=system | 

"{7C39D604-5C3B-4C27-8884-728FA6800181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A7D4A3D3-C8FF-4388-8EA6-F1B7ABCC5D54}" = lport=139 | protocol=6 | dir=in | app=system | 

"{B17019D1-F2FF-46E8-B0DF-0A8571F4159E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{B5E69EE7-4FB4-40E7-9F0D-34E46936480E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B5F75A3A-150B-4131-AC10-E4130328919B}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C353ABCE-D2EA-449E-A45A-448D3A514185}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C5AC0741-2C8B-4347-BBE6-B6C9F6C0453A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D52DDA8F-9994-42D2-A3B2-76541C6948E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DAC0FBEC-1A6E-4919-B814-D2B5DD5EB8FD}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FFF4A762-E228-4D12-BDEC-9E684B48695C}" = lport=137 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0212181D-52A3-4F5F-A173-A0100FC44CF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{093B5583-14EE-45F2-BC1E-66AF254D9A86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{28951861-D5AB-4666-A3A9-5A3F77601367}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{29D24CC1-25C2-4F2D-96CC-62343E693441}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2E53E0AC-6905-4A03-8D25-C148BE46AD05}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 

"{316CB239-5A28-44F8-8B6E-3A6F79EB9120}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 

"{3D29B4ED-8C58-4545-9DB5-343444E71078}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4EBFF2D5-2708-4FCE-B4BD-C10BB6A2F476}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{52D84574-B3DE-4B45-9AF6-313762749CEB}" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\microsoft flight\flight.exe | 

"{56EC8B79-B3F7-4CAF-AE96-23B96FD75508}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{5AED1610-19EB-4FBE-ABA2-FB6825FA4C9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5CD2BCF6-AE36-48A3-80E7-E35CD2B78ED4}" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\microsoft flight\flight.exe | 

"{5D05A81F-A52E-4E60-97AE-16B947D5CBA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{60918484-F3B6-4BA4-A22A-731AA03EFFEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{679EF750-C342-4BA3-9AEB-1862802848B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{67DC7359-2064-44E7-8A6C-96BF7B0E259D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{68C6B78B-3856-494E-91AA-5131F78A662F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6B6BEA0D-41D0-4491-A2FA-9F0CEECA26A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{715224ED-F853-4FEA-BEF9-1B980E166DBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{768B265B-1945-4E1E-BD64-0D5009F20407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{817E248E-C542-432B-8C10-7DD886FCC8A3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{94CB4E2A-C66A-47EA-969F-54DFB9D30093}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{9A5466A9-CD3D-4511-81D9-E4B111A696F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{B48F199E-0189-4581-8BA0-A8B00897A381}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 

"{BE46F955-933A-4AA0-8CE3-FD36DE90655A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{E41AF275-E70F-460F-B758-92FEB1ADA55E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E7F1D8A0-0CB3-4DD2-A2AD-62759657EA35}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 

"{E8989E0B-1A0E-40E8-A2A4-6995BC310146}" = protocol=6 | dir=out | app=system | 

"{ECBEBE3E-A17E-4669-9EFF-09CAA92374A5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{ED86899E-2218-497C-AB53-DE728B6940AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FD85C8D1-3334-49D0-A09E-2CBD3B837558}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 X - FSX

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04B73EB2-7538-4CC4-BBD6-5463E508B69B}" = aerosoft's - Balearic Islands X for FSX

"{0A297C87-BF52-43FD-AD75-EE72228E4457}" = aerosoft's - Mega Airport Amsterdam FSX

"{0CBA8FE8-3245-4E62-B8BE-951A3C7C7EC3}" = PMDG744X_GE_JL3

"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X

"{157C62A5-C5E1-4225-A858-5BD0830FF116}" = PMDG744XF_PW_SQF

"{171E2019-105B-433B-B0E7-CCAE67A9F486}" = Just Flight - 767-200/300 for FSX

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11

"{1B19DA07-6870-4E60-9171-5C53AD21A0E0}" = aerosoft's - Mega Airport Munich X

"{1D67FB28-58DA-4425-B426-99E894468197}" = PMDG744X_PW_IB

"{1F0DB6EB-B8D8-45E4-9B04-3DA89B68FEBF}" = PMDG744X_PW_CI

"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30

"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X

"{2F76FF6D-B992-4FD9-8686-F09F868B2C58}" = FSNavigator

"{327E8086-4211-4F7D-8731-720FEA0367B4}" = aerosoft's - German Airports 1 - FS2004

"{3B6F6E35-900C-4FE3-B2F6-067443353CD1}" = aerosoft's - Mega Airport Stockholm Arlanda X

"{3C40DA91-58D8-44F8-BD19-969912D8612E}" = Active Sky Evolution

"{400BAAA2-F9AC-469F-9772-8DF9CF5C1273}" = FlyTampa's - Mega Airport Vienna X - FSX

"{40F75775-0940-4F2D-B43F-2BB37E51F13A}" = PMDG744X_GE_SV

"{411B6A8F-0088-496D-8A0A-1319BB825D7C}" = Aerosoft's - German Airports 1 - Friedrichshafen X

"{463A571A-B793-459B-BEA8-028DC323AAB0}" = Aerosoft's - Mega Airport Zurich 2012 - FSX

"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A7EA2A2-221D-437C-8727-B033E6679124}" = PMDG744X_GE_BR2

"{4C7F54EE-DC36-431F-9978-DA678D77C4BA}" = aerosoft's - Tahiti X

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight

"{4D5308D2-6B0A-4BB0-809F-AE1000038101}" = Microsoft Flight

"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight

"{56BBD67B-36C0-449E-9AD1-B79F13E71243}" = PMDG744X_PW_MH

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6360C5E9-2842-4213-88B9-47D814FAAD54}" = aerosoft's - German Airports 3 X - FSX

"{6758B364-96C0-4143-ABDF-8160F8A2AA0D}" = PMDG744X_PW_SQ

"{6A9F0C42-3758-42EC-B4DE-F85BC5C175CF}" = PMDG744X_RR_CX

"{6DB56B61-0462-46D7-8E54-7D0782E6113E}" = Mailsoft's - Kleinflugplätze Schweiz Teil 3 X

"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration

"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{8A265EE0-9527-4807-B946-D79C7364774B}" = Just Flight - World Airports 3 FSX

"{8A3D1E45-8D8C-4FC6-A769-DF1232776190}" = PMDG744X_GE_AC

"{8AB7326C-8A0C-4368-A8CD-58B6AB7B3895}" = Mailsoft's - Kleinflugplätze Schweiz Teil 5 X

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X

"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{930945C3-064B-4ACD-A004-436A4783FCD9}" = FlyLogic's - Bern-Belp X

"{96E1C9EE-5109-41FA-B412-E3358626051D}" = PMDG744X_PW_NW3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA

"{A1D97ADB-EFF4-4F31-B286-873F06AC6496}" = PMDG744X_GE_NH

"{A8736347-B854-400E-A060-19321AD85B98}" = aerosoft's - Mega Airport Barcelona X

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11

"{ABD462F9-7436-4086-A65B-AC6360ED45FC}" = PMDG744XF_RR_CXF

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest

"{AD7B435D-C7CB-46A4-9D8B-4F54520C7633}" = FlyLogic's - Lugano X

"{B3B8E0B9-04D0-4449-969C-A23F0C90CB85}" = PMDG744X_GE_VS

"{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X

"{C0E7FAD8-F8AE-4819-AEBF-D92562315EEE}" = Mailsoft's - Switzerland Professional X

"{C820ADA9-1C94-469E-833E-832E100E92A2}" = PMDG744X_PW_AI

"{CB858C75-8537-4B71-9080-2A4F7D51F128}" = Aerosoft's - Mega Airport Brussels X

"{D145DF3E-0DB1-4ABC-90E4-E89BA713B01B}" = Mailsoft's - Sion X

"{D1F56041-DDC6-4508-994D-D70FC4022DB0}" = aerosoft's - Holiday Airports FSX

"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{E18578DE-567F-4524-95BE-680A1779D15B}" = PMDG744XF_GE_CVF

"{E4298CF5-9C36-4519-9089-FF7A43EA5C5D}" = aerosoft's - German Airports 1 - Stuttgart X

"{E45EC4EA-CE0C-4F1C-9DA4-908A5860CDBA}" = PMDG744XF_GE_5XF

"{E5326C48-869C-43C0-A78E-B531CCFF066B}" = FlyLogic's - Altenrhein X

"{E94F6096-7F52-4EFD-A703-5A61B72A2F3F}" = Just Flight - World Airports 4 for FSX

"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}" = PMDG744X_RR_QF

"{ECE1939E-3491-409E-87B7-E7DF65E7B909}" = aerosoft's - German Airports 3 - FS2004

"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX

"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X

"{F77ABA68-8AC4-497E-9FFA-9CA4506B78FC}" = PMDG744XF_PW_FXF

"{F86772B6-2F2B-4EA4-B5D6-875BBE41B9FB}" = PMDG744X_GE_TG

"{F941AABE-E868-42D9-9F38-884250F7898A}" = aerosoft's - FlightSim Commander 9

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"5365-1369-1386-1612" = Steuer 2011 12.0.1

"afx" = AFX

"Airbus Series 1 Deluxe - Evolution Full (FSX)" = Airbus Series 1 Deluxe - Evolution Full (FSX)

"Airbus Series 2 - Evolution Full (FSX)" = Airbus Series 2 - Evolution Full (FSX)

"Avira AntiVir Desktop" = Avira Free Antivirus

"ESET Online Scanner" = ESET Online Scanner v3

"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight

"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration

"FSDreamTeam Geneva FS9_is1" = FSDreamTeam Geneva FS9 1.1

"FSDreamTeam Geneva FSX_is1" = FSDreamTeam Geneva FSX 1.3.2

"FSDreamTeam GSX_is1" = FSDreamTeam GSX 1.4.1

"FSDreamTeam Los Angeles International FSX_is1" = FSDreamTeam Los Angeles International FSX 1.4

"FSDreamTeam OHareX 2.0_is1" = FSDreamTeam OHareX 2.0

"FSDreamTeam ZurichX_is1" = FSDreamTeam ZurichX 2.0.2

"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight

"Google Chrome" = Google Chrome

"HDD Health_is1" = HDD Health v3.3 Beta

"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.6

"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X

"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1

"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1

"Steam App 24010" = Train Simulator 2012

"ViMaCore X" = VistaMare ViMaCore X

"VIRTUALI Addon ManagerX 2.8.0.10_is1" = VIRTUALI Addon ManagerX

"VIRTUALI Addon ManagerX 2.9.0.1_is1" = VIRTUALI Addon ManagerX

"VIRTUALI Addon ManagerX 2.9.0.3_is1" = VIRTUALI Addon ManagerX

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"A380v2 (FSX)" = A380v2 (FSX)

"QualityWings Ultimate 757 Collection" = QualityWings Ultimate 757 Collection

"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe

"Ultimate Terrain X - USA" = Ultimate Terrain X - USA

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 08.06.2012 17:16:55 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 08.06.2012 17:22:11 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 09.06.2012 04:28:29 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09.06.2012 04:33:43 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 09.06.2012 16:49:11 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09.06.2012 16:54:02 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 10.06.2012 04:42:49 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.06.2012 04:48:07 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 11.06.2012 04:01:33 | Computer Name = Walter-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 11.06.2012 04:06:17 | Computer Name = Walter-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

[ System Events ]

Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Search erreicht.

 

Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Search erreicht.

 

Error - 24.03.2012 13:30:26 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 24.03.2012 13:30:55 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7032

Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden

 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,

 ist fehlgeschlagen. Fehler:   %%1056

 

Error - 03.04.2012 12:52:01 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-1073473535.

 

Error - 03.04.2012 12:52:02 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Search erreicht.

 

Error - 03.04.2012 12:52:12 | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

 

< End of report >

--- --- ---
[/CODE]

Vielleicht brauchst Du diesen auch.

Gruss
Walter

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-3627449669-795322702-1899169270-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O32 - HKLM CDRom: AutoRun - 1

[2012.06.03 12:16:09 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\threed32.oca

[2012.06.03 12:16:09 | 000,093,696 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.oca

[2012.06.03 12:16:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\grid32.oca

[2012.06.03 12:16:09 | 000,002,495 | ---- | C] () -- C:\Windows\SysWow64\COMCT232.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\TABCTL32.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\MSFLXGRD.DEP

[2012.06.03 12:16:09 | 000,002,494 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.DEP

[2012.06.03 12:16:09 | 000,002,493 | ---- | C] () -- C:\Windows\SysWow64\COMCTL32.DEP

[2012.06.03 12:16:09 | 000,002,405 | ---- | C] () -- C:\Windows\SysWow64\MSINET.DEP

[2012.06.03 12:16:09 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\sevClb20.dep

[2012.06.03 12:16:09 | 000,000,549 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.dep

[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevXPCtl.dep

[2012.06.03 12:16:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevEin20.dep

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:74603393

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A1D5C6AA

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:00934A10

:Files

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne

Okay, den Fix habe ich wie beschrieben ausgeführt. Nach dem Neustart kam folgendes Resultat:

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3627449669-795322702-1899169270-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\Windows\SysWOW64\threed32.oca moved successfully.

C:\Windows\SysWOW64\sevCmd3.oca moved successfully.

C:\Windows\SysWOW64\grid32.oca moved successfully.

C:\Windows\SysWOW64\COMCT232.DEP moved successfully.

C:\Windows\SysWOW64\TABCTL32.DEP moved successfully.

C:\Windows\SysWOW64\MSFLXGRD.DEP moved successfully.

C:\Windows\SysWOW64\COMDLG32.DEP moved successfully.

C:\Windows\SysWOW64\COMCTL32.DEP moved successfully.

C:\Windows\SysWOW64\MSINET.DEP moved successfully.

C:\Windows\SysWOW64\sevClb20.dep moved successfully.

C:\Windows\SysWOW64\sevCmd3.dep moved successfully.

C:\Windows\SysWOW64\sevXPCtl.dep moved successfully.

C:\Windows\SysWOW64\sevEin20.dep moved successfully.

ADS C:\ProgramData\TEMP:74603393 deleted successfully.

ADS C:\ProgramData\TEMP:A1D5C6AA deleted successfully.

ADS C:\ProgramData\TEMP:00934A10 deleted successfully.

========== FILES ==========

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Walter

->Temp folder emptied: 1177326 bytes

->Temporary Internet Files folder emptied: 25510247 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 801 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3502 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 567418628 bytes

 

Total Files Cleaned = 567.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: UpdatusUser

 

User: Walter

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.48.0 log created on 06112012_153852
 

Files\Folders moved on Reboot...

C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Gruss
Walter

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Hallo Arne

Okay, ich habe den gezippten "MovedFiles" wie beschrieben hochgeladen.

Gruss
Walter

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo Arne

Hier das Log vom TDSSKiller:

Code:

 23:39:25.0073 1140        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

23:39:25.0213 1140        ============================================================

23:39:25.0213 1140        Current date / time: 2012/06/11 23:39:25.0213

23:39:25.0213 1140        SystemInfo:

23:39:25.0213 1140        

23:39:25.0213 1140        OS Version: 6.1.7601 ServicePack: 1.0

23:39:25.0213 1140        Product type: Workstation

23:39:25.0213 1140        ComputerName: WALTER-PC

23:39:25.0213 1140        UserName: Walter

23:39:25.0213 1140        Windows directory: C:\Windows

23:39:25.0213 1140        System windows directory: C:\Windows

23:39:25.0213 1140        Running under WOW64

23:39:25.0213 1140        Processor architecture: Intel x64

23:39:25.0213 1140        Number of processors: 8

23:39:25.0213 1140        Page size: 0x1000

23:39:25.0213 1140        Boot type: Normal boot

23:39:25.0213 1140        ============================================================

23:39:25.0953 1140        Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:25.0953 1140        Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:25.0953 1140        Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

23:39:25.0983 1140        ============================================================

23:39:25.0983 1140        \Device\Harddisk0\DR0:

23:39:25.0983 1140        MBR partitions:

23:39:25.0983 1140        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:39:25.0983 1140        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE48800

23:39:25.0983 1140        \Device\Harddisk1\DR1:

23:39:25.0983 1140        MBR partitions:

23:39:25.0983 1140        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5956DB35

23:39:25.0983 1140        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5956DB74, BlocksNum 0x124FAAF3

23:39:25.0983 1140        \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x6BA68667, BlocksNum 0xEA60942

23:39:25.0993 1140        \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x7A4C8FE8, BlocksNum 0xC35314E

23:39:26.0003 1140        \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x8681C175, BlocksNum 0x2826A5CC

23:39:26.0003 1140        \Device\Harddisk2\DR2:

23:39:26.0003 1140        MBR partitions:

23:39:26.0003 1140        \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982

23:39:26.0003 1140        ============================================================

23:39:26.0023 1140        C: <-> \Device\Harddisk1\DR1\Partition0

23:39:26.0053 1140        D: <-> \Device\Harddisk1\DR1\Partition3

23:39:26.0073 1140        E: <-> \Device\Harddisk1\DR1\Partition4

23:39:26.0093 1140        F: <-> \Device\Harddisk1\DR1\Partition1

23:39:26.0103 1140        G: <-> \Device\Harddisk1\DR1\Partition2

23:39:26.0103 1140        H: <-> \Device\Harddisk0\DR0\Partition1

23:39:26.0103 1140        K: <-> \Device\Harddisk2\DR2\Partition0

23:39:26.0103 1140        ============================================================

23:39:26.0103 1140        Initialize success

23:39:26.0103 1140        ============================================================

23:39:37.0524 2716        ============================================================

23:39:37.0524 2716        Scan started

23:39:37.0524 2716        Mode: Manual; SigCheck; TDLFS; 

23:39:37.0524 2716        ============================================================

23:39:38.0274 2716        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

23:39:38.0334 2716        1394ohci - ok

23:39:38.0354 2716        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:39:38.0364 2716        ACPI - ok

23:39:38.0364 2716        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:39:38.0414 2716        AcpiPmi - ok

23:39:38.0464 2716        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:39:38.0474 2716        AdobeARMservice - ok

23:39:38.0544 2716        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:39:38.0564 2716        AdobeFlashPlayerUpdateSvc - ok

23:39:38.0594 2716        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:39:38.0624 2716        adp94xx - ok

23:39:38.0644 2716        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:39:38.0654 2716        adpahci - ok

23:39:38.0674 2716        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:39:38.0674 2716        adpu320 - ok

23:39:38.0704 2716        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:39:38.0784 2716        AeLookupSvc - ok

23:39:38.0824 2716        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:39:38.0864 2716        AFD - ok

23:39:38.0874 2716        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:39:38.0884 2716        agp440 - ok

23:39:38.0894 2716        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:39:38.0914 2716        ALG - ok

23:39:38.0924 2716        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:39:38.0934 2716        aliide - ok

23:39:38.0934 2716        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:39:38.0944 2716        amdide - ok

23:39:38.0954 2716        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:39:38.0974 2716        AmdK8 - ok

23:39:38.0974 2716        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:39:38.0984 2716        AmdPPM - ok

23:39:39.0004 2716        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:39:39.0014 2716        amdsata - ok

23:39:39.0034 2716        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:39:39.0044 2716        amdsbs - ok

23:39:39.0054 2716        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:39:39.0064 2716        amdxata - ok

23:39:39.0124 2716        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

23:39:39.0134 2716        AntiVirSchedulerService - ok

23:39:39.0154 2716        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

23:39:39.0164 2716        AntiVirService - ok

23:39:39.0164 2716        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:39:39.0214 2716        AppID - ok

23:39:39.0224 2716        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:39:39.0264 2716        AppIDSvc - ok

23:39:39.0264 2716        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:39:39.0294 2716        Appinfo - ok

23:39:39.0334 2716        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:39:39.0344 2716        Apple Mobile Device - ok

23:39:39.0354 2716        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:39:39.0364 2716        arc - ok

23:39:39.0384 2716        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:39:39.0394 2716        arcsas - ok

23:39:39.0444 2716        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:39:39.0454 2716        aspnet_state - ok

23:39:39.0474 2716        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:39:39.0524 2716        AsyncMac - ok

23:39:39.0534 2716        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:39:39.0534 2716        atapi - ok

23:39:39.0564 2716        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:39:39.0614 2716        AudioEndpointBuilder - ok

23:39:39.0614 2716        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:39:39.0644 2716        AudioSrv - ok

23:39:39.0664 2716        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

23:39:39.0684 2716        avgntflt - ok

23:39:39.0704 2716        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

23:39:39.0704 2716        avipbb - ok

23:39:39.0714 2716        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

23:39:39.0724 2716        avkmgr - ok

23:39:39.0754 2716        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:39:39.0784 2716        AxInstSV - ok

23:39:39.0814 2716        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:39:39.0854 2716        b06bdrv - ok

23:39:39.0874 2716        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:39:39.0894 2716        b57nd60a - ok

23:39:39.0954 2716        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:39:40.0054 2716        BDESVC - ok

23:39:40.0074 2716        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:39:40.0104 2716        Beep - ok

23:39:40.0154 2716        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

23:39:40.0184 2716        BFE - ok

23:39:40.0224 2716        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

23:39:40.0284 2716        BITS - ok

23:39:40.0304 2716        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:39:40.0324 2716        blbdrive - ok

23:39:40.0374 2716        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

23:39:40.0394 2716        Bonjour Service - ok

23:39:40.0414 2716        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:39:40.0434 2716        bowser - ok

23:39:40.0434 2716        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:39:40.0444 2716        BrFiltLo - ok

23:39:40.0454 2716        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:39:40.0464 2716        BrFiltUp - ok

23:39:40.0474 2716        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:39:40.0504 2716        Browser - ok

23:39:40.0514 2716        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:39:40.0564 2716        Brserid - ok

23:39:40.0564 2716        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:39:40.0584 2716        BrSerWdm - ok

23:39:40.0584 2716        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:39:40.0594 2716        BrUsbMdm - ok

23:39:40.0594 2716        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:39:40.0604 2716        BrUsbSer - ok

23:39:40.0614 2716        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:39:40.0634 2716        BTHMODEM - ok

23:39:40.0634 2716        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:39:40.0664 2716        bthserv - ok

23:39:40.0664 2716        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:39:40.0684 2716        cdfs - ok

23:39:40.0704 2716        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:39:40.0724 2716        cdrom - ok

23:39:40.0744 2716        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:39:40.0764 2716        CertPropSvc - ok

23:39:40.0764 2716        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:39:40.0774 2716        circlass - ok

23:39:40.0794 2716        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:39:40.0804 2716        CLFS - ok

23:39:40.0834 2716        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:39:40.0844 2716        clr_optimization_v2.0.50727_32 - ok

23:39:40.0884 2716        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:39:40.0894 2716        clr_optimization_v2.0.50727_64 - ok

23:39:40.0944 2716        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:39:40.0954 2716        clr_optimization_v4.0.30319_32 - ok

23:39:40.0974 2716        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:39:40.0984 2716        clr_optimization_v4.0.30319_64 - ok

23:39:40.0994 2716        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:39:41.0004 2716        CmBatt - ok

23:39:41.0014 2716        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:39:41.0024 2716        cmdide - ok

23:39:41.0044 2716        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:39:41.0074 2716        CNG - ok

23:39:41.0084 2716        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:39:41.0094 2716        Compbatt - ok

23:39:41.0104 2716        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

23:39:41.0114 2716        CompositeBus - ok

23:39:41.0124 2716        COMSysApp - ok

23:39:41.0124 2716        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:39:41.0134 2716        crcdisk - ok

23:39:41.0164 2716        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

23:39:41.0214 2716        CryptSvc - ok

23:39:41.0244 2716        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:39:41.0274 2716        DcomLaunch - ok

23:39:41.0294 2716        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:39:41.0324 2716        defragsvc - ok

23:39:41.0334 2716        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:39:41.0364 2716        DfsC - ok

23:39:41.0374 2716        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:39:41.0414 2716        Dhcp - ok

23:39:41.0424 2716        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:39:41.0454 2716        discache - ok

23:39:41.0454 2716        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:39:41.0464 2716        Disk - ok

23:39:41.0484 2716        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:39:41.0514 2716        Dnscache - ok

23:39:41.0524 2716        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:39:41.0554 2716        dot3svc - ok

23:39:41.0584 2716        dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

23:39:41.0604 2716        dot4 - ok

23:39:41.0614 2716        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:39:41.0624 2716        Dot4Print - ok

23:39:41.0634 2716        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

23:39:41.0644 2716        dot4usb - ok

23:39:41.0654 2716        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:39:41.0684 2716        DPS - ok

23:39:41.0704 2716        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:39:41.0734 2716        drmkaud - ok

23:39:41.0774 2716        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:39:41.0804 2716        DXGKrnl - ok

23:39:41.0824 2716        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:39:41.0844 2716        EapHost - ok

23:39:41.0954 2716        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:39:42.0024 2716        ebdrv - ok

23:39:42.0094 2716        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:39:42.0114 2716        EFS - ok

23:39:42.0164 2716        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:39:42.0214 2716        ehRecvr - ok

23:39:42.0234 2716        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:39:42.0254 2716        ehSched - ok

23:39:42.0284 2716        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:39:42.0314 2716        elxstor - ok

23:39:42.0324 2716        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:39:42.0334 2716        ErrDev - ok

23:39:42.0354 2716        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:39:42.0384 2716        EventSystem - ok

23:39:42.0394 2716        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:39:42.0414 2716        exfat - ok

23:39:42.0424 2716        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:39:42.0454 2716        fastfat - ok

23:39:42.0494 2716        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:39:42.0524 2716        Fax - ok

23:39:42.0524 2716        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:39:42.0534 2716        fdc - ok

23:39:42.0544 2716        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:39:42.0574 2716        fdPHost - ok

23:39:42.0574 2716        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:39:42.0614 2716        FDResPub - ok

23:39:42.0624 2716        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:39:42.0624 2716        FileInfo - ok

23:39:42.0644 2716        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:39:42.0674 2716        Filetrace - ok

23:39:42.0674 2716        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:39:42.0684 2716        flpydisk - ok

23:39:42.0694 2716        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:39:42.0704 2716        FltMgr - ok

23:39:42.0754 2716        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:39:42.0794 2716        FontCache - ok

23:39:42.0824 2716        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:39:42.0834 2716        FontCache3.0.0.0 - ok

23:39:42.0854 2716        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:39:42.0864 2716        FsDepends - ok

23:39:42.0874 2716        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:39:42.0894 2716        Fs_Rec - ok

23:39:42.0904 2716        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:39:42.0924 2716        fvevol - ok

23:39:42.0944 2716        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:39:42.0954 2716        gagp30kx - ok

23:39:42.0974 2716        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:39:42.0984 2716        GEARAspiWDM - ok

23:39:43.0014 2716        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:39:43.0054 2716        gpsvc - ok

23:39:43.0094 2716        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:39:43.0104 2716        gupdate - ok

23:39:43.0124 2716        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:39:43.0134 2716        gupdatem - ok

23:39:43.0164 2716        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:39:43.0184 2716        gusvc - ok

23:39:43.0184 2716        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:39:43.0204 2716        hcw85cir - ok

23:39:43.0234 2716        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:39:43.0254 2716        HdAudAddService - ok

23:39:43.0274 2716        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:39:43.0294 2716        HDAudBus - ok

23:39:43.0294 2716        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:39:43.0314 2716        HidBatt - ok

23:39:43.0314 2716        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:39:43.0334 2716        HidBth - ok

23:39:43.0354 2716        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:39:43.0364 2716        HidIr - ok

23:39:43.0374 2716        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

23:39:43.0404 2716        hidserv - ok

23:39:43.0424 2716        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:39:43.0434 2716        HidUsb - ok

23:39:43.0444 2716        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:39:43.0478 2716        hkmsvc - ok

23:39:43.0488 2716        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:39:43.0508 2716        HomeGroupListener - ok

23:39:43.0528 2716        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:39:43.0548 2716        HomeGroupProvider - ok

23:39:43.0558 2716        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:39:43.0568 2716        HpSAMD - ok

23:39:43.0608 2716        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:39:43.0648 2716        HTTP - ok

23:39:43.0658 2716        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:39:43.0658 2716        hwpolicy - ok

23:39:43.0668 2716        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:39:43.0678 2716        i8042prt - ok

23:39:43.0698 2716        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:39:43.0708 2716        iaStorV - ok

23:39:43.0798 2716        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:39:43.0808 2716        IDriverT ( UnsignedFile.Multi.Generic ) - warning

23:39:43.0808 2716        IDriverT - detected UnsignedFile.Multi.Generic (1)

23:39:43.0878 2716        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:39:43.0908 2716        idsvc - ok

23:39:43.0958 2716        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:39:43.0968 2716        iirsp - ok

23:39:44.0008 2716        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:39:44.0058 2716        IKEEXT - ok

23:39:44.0068 2716        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:39:44.0068 2716        intelide - ok

23:39:44.0098 2716        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:39:44.0108 2716        intelppm - ok

23:39:44.0118 2716        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:39:44.0148 2716        IPBusEnum - ok

23:39:44.0148 2716        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:39:44.0178 2716        IpFilterDriver - ok

23:39:44.0208 2716        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

23:39:44.0238 2716        iphlpsvc - ok

23:39:44.0238 2716        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:39:44.0248 2716        IPMIDRV - ok

23:39:44.0278 2716        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:39:44.0318 2716        IPNAT - ok

23:39:44.0388 2716        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

23:39:44.0418 2716        iPod Service - ok

23:39:44.0428 2716        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:39:44.0448 2716        IRENUM - ok

23:39:44.0458 2716        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:39:44.0458 2716        isapnp - ok

23:39:44.0478 2716        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:39:44.0498 2716        iScsiPrt - ok

23:39:44.0518 2716        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:39:44.0518 2716        kbdclass - ok

23:39:44.0528 2716        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:39:44.0538 2716        kbdhid - ok

23:39:44.0558 2716        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:39:44.0568 2716        KeyIso - ok

23:39:44.0568 2716        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:39:44.0578 2716        KSecDD - ok

23:39:44.0598 2716        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:39:44.0608 2716        KSecPkg - ok

23:39:44.0618 2716        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:39:44.0648 2716        ksthunk - ok

23:39:44.0678 2716        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:39:44.0698 2716        KtmRm - ok

23:39:44.0718 2716        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

23:39:44.0738 2716        LanmanServer - ok

23:39:44.0768 2716        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:39:44.0788 2716        LanmanWorkstation - ok

23:39:44.0808 2716        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:39:44.0838 2716        lltdio - ok

23:39:44.0858 2716        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:39:44.0888 2716        lltdsvc - ok

23:39:44.0898 2716        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:39:44.0928 2716        lmhosts - ok

23:39:44.0948 2716        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:39:44.0958 2716        LSI_FC - ok

23:39:44.0978 2716        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:39:44.0978 2716        LSI_SAS - ok

23:39:44.0988 2716        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:39:44.0998 2716        LSI_SAS2 - ok

23:39:45.0008 2716        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:39:45.0018 2716        LSI_SCSI - ok

23:39:45.0038 2716        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:39:45.0068 2716        luafv - ok

23:39:45.0128 2716        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

23:39:45.0148 2716        MBAMProtector - ok

23:39:45.0198 2716        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:39:45.0218 2716        MBAMService - ok

23:39:45.0278 2716        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

23:39:45.0288 2716        McComponentHostService - ok

23:39:45.0298 2716        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:39:45.0313 2716        Mcx2Svc - ok

23:39:45.0313 2716        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:39:45.0329 2716        megasas - ok

23:39:45.0344 2716        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:39:45.0360 2716        MegaSR - ok

23:39:45.0376 2716        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:39:45.0422 2716        MMCSS - ok

23:39:45.0422 2716        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:39:45.0469 2716        Modem - ok

23:39:45.0469 2716        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:39:45.0485 2716        monitor - ok

23:39:45.0485 2716        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:39:45.0500 2716        mouclass - ok

23:39:45.0516 2716        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:39:45.0532 2716        mouhid - ok

23:39:45.0532 2716        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:39:45.0547 2716        mountmgr - ok

23:39:45.0557 2716        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:39:45.0567 2716        mpio - ok

23:39:45.0577 2716        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:39:45.0597 2716        mpsdrv - ok

23:39:45.0637 2716        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

23:39:45.0667 2716        MpsSvc - ok

23:39:45.0667 2716        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:39:45.0687 2716        MRxDAV - ok

23:39:45.0707 2716        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:39:45.0717 2716        mrxsmb - ok

23:39:45.0737 2716        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:39:45.0757 2716        mrxsmb10 - ok

23:39:45.0767 2716        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:39:45.0777 2716        mrxsmb20 - ok

23:39:45.0787 2716        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:39:45.0797 2716        msahci - ok

23:39:45.0807 2716        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:39:45.0817 2716        msdsm - ok

23:39:45.0827 2716        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:39:45.0847 2716        MSDTC - ok

23:39:45.0857 2716        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:39:45.0877 2716        Msfs - ok

23:39:45.0887 2716        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:39:45.0917 2716        mshidkmdf - ok

23:39:45.0917 2716        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:39:45.0927 2716        msisadrv - ok

23:39:45.0957 2716        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:39:45.0987 2716        MSiSCSI - ok

23:39:45.0987 2716        msiserver - ok

23:39:46.0007 2716        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:39:46.0027 2716        MSKSSRV - ok

23:39:46.0037 2716        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:39:46.0067 2716        MSPCLOCK - ok

23:39:46.0067 2716        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:39:46.0087 2716        MSPQM - ok

23:39:46.0107 2716        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:39:46.0117 2716        MsRPC - ok

23:39:46.0127 2716        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

23:39:46.0137 2716        mssmbios - ok

23:39:46.0147 2716        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:39:46.0167 2716        MSTEE - ok

23:39:46.0167 2716        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:39:46.0177 2716        MTConfig - ok

23:39:46.0197 2716        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

23:39:46.0217 2716        MTsensor - ok

23:39:46.0227 2716        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:39:46.0237 2716        Mup - ok

23:39:46.0257 2716        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:39:46.0297 2716        napagent - ok

23:39:46.0317 2716        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:39:46.0337 2716        NativeWifiP - ok

23:39:46.0377 2716        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:39:46.0407 2716        NDIS - ok

23:39:46.0417 2716        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:39:46.0437 2716        NdisCap - ok

23:39:46.0447 2716        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:39:46.0467 2716        NdisTapi - ok

23:39:46.0467 2716        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:39:46.0487 2716        Ndisuio - ok

23:39:46.0507 2716        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:39:46.0537 2716        NdisWan - ok

23:39:46.0547 2716        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:39:46.0567 2716        NDProxy - ok

23:39:46.0577 2716        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:39:46.0607 2716        NetBIOS - ok

23:39:46.0617 2716        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:39:46.0647 2716        NetBT - ok

23:39:46.0667 2716        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:39:46.0677 2716        Netlogon - ok

23:39:46.0707 2716        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:39:46.0767 2716        Netman - ok

23:39:46.0817 2716        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:39:46.0837 2716        NetMsmqActivator - ok

23:39:46.0837 2716        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:39:46.0847 2716        NetPipeActivator - ok

23:39:46.0867 2716        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:39:46.0907 2716        netprofm - ok

23:39:46.0907 2716        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:39:46.0917 2716        NetTcpActivator - ok

23:39:46.0917 2716        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:39:46.0927 2716        NetTcpPortSharing - ok

23:39:46.0957 2716        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:39:46.0967 2716        nfrd960 - ok

23:39:46.0977 2716        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:39:47.0007 2716        NlaSvc - ok

23:39:47.0017 2716        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:39:47.0037 2716        Npfs - ok

23:39:47.0047 2716        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:39:47.0067 2716        nsi - ok

23:39:47.0077 2716        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:39:47.0097 2716        nsiproxy - ok

23:39:47.0157 2716        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:39:47.0217 2716        Ntfs - ok

23:39:47.0257 2716        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:39:47.0307 2716        Null - ok

23:39:47.0327 2716        NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

23:39:47.0337 2716        NVHDA - ok

23:39:47.0718 2716        nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:39:47.0856 2716        nvlddmkm - ok

23:39:47.0906 2716        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:39:47.0916 2716        nvraid - ok

23:39:47.0926 2716        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:39:47.0936 2716        nvstor - ok

23:39:47.0986 2716        nvsvc           (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

23:39:47.0996 2716        nvsvc - ok

23:39:48.0106 2716        nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:39:48.0156 2716        nvUpdatusService - ok

23:39:48.0186 2716        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:39:48.0196 2716        nv_agp - ok

23:39:48.0196 2716        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:39:48.0216 2716        ohci1394 - ok

23:39:48.0236 2716        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:39:48.0246 2716        ose - ok

23:39:48.0286 2716        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:39:48.0306 2716        p2pimsvc - ok

23:39:48.0326 2716        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:39:48.0336 2716        p2psvc - ok

23:39:48.0346 2716        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:39:48.0366 2716        Parport - ok

23:39:48.0386 2716        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

23:39:48.0396 2716        partmgr - ok

23:39:48.0416 2716        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:39:48.0436 2716        PcaSvc - ok

23:39:48.0446 2716        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:39:48.0456 2716        pci - ok

23:39:48.0456 2716        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:39:48.0466 2716        pciide - ok

23:39:48.0476 2716        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:39:48.0486 2716        pcmcia - ok

23:39:48.0506 2716        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:39:48.0516 2716        pcw - ok

23:39:48.0536 2716        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:39:48.0576 2716        PEAUTH - ok

23:39:48.0626 2716        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:39:48.0636 2716        PerfHost - ok

23:39:48.0696 2716        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:39:48.0756 2716        pla - ok

23:39:48.0786 2716        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:39:48.0806 2716        PlugPlay - ok

23:39:48.0816 2716        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:39:48.0826 2716        PNRPAutoReg - ok

23:39:48.0846 2716        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:39:48.0856 2716        PNRPsvc - ok

23:39:48.0886 2716        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:39:48.0946 2716        PolicyAgent - ok

23:39:48.0966 2716        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

23:39:48.0996 2716        Power - ok

23:39:49.0036 2716        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:39:49.0076 2716        PptpMiniport - ok

23:39:49.0086 2716        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:39:49.0096 2716        Processor - ok

23:39:49.0126 2716        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

23:39:49.0156 2716        ProfSvc - ok

23:39:49.0176 2716        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:39:49.0186 2716        ProtectedStorage - ok

23:39:49.0196 2716        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:39:49.0226 2716        Psched - ok

23:39:49.0286 2716        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:39:49.0326 2716        ql2300 - ok

23:39:49.0386 2716        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:39:49.0406 2716        ql40xx - ok

23:39:49.0426 2716        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:39:49.0446 2716        QWAVE - ok

23:39:49.0466 2716        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:39:49.0486 2716        QWAVEdrv - ok

23:39:49.0496 2716        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:39:49.0516 2716        RasAcd - ok

23:39:49.0526 2716        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:39:49.0556 2716        RasAgileVpn - ok

23:39:49.0566 2716        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:39:49.0586 2716        RasAuto - ok

23:39:49.0606 2716        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:39:49.0626 2716        Rasl2tp - ok

23:39:49.0646 2716        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:39:49.0676 2716        RasMan - ok

23:39:49.0676 2716        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:39:49.0706 2716        RasPppoe - ok

23:39:49.0716 2716        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:39:49.0736 2716        RasSstp - ok

23:39:49.0766 2716        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:39:49.0786 2716        rdbss - ok

23:39:49.0786 2716        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

23:39:49.0806 2716        rdpbus - ok

23:39:49.0806 2716        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:39:49.0826 2716        RDPCDD - ok

23:39:49.0841 2716        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:39:49.0857 2716        RDPENCDD - ok

23:39:49.0872 2716        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:39:49.0904 2716        RDPREFMP - ok

23:39:49.0919 2716        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

23:39:49.0935 2716        RDPWD - ok

23:39:49.0950 2716        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:39:49.0966 2716        rdyboost - ok

23:39:49.0982 2716        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:39:50.0013 2716        RemoteAccess - ok

23:39:50.0028 2716        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:39:50.0054 2716        RemoteRegistry - ok

23:39:50.0064 2716        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:39:50.0094 2716        RpcEptMapper - ok

23:39:50.0104 2716        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:39:50.0124 2716        RpcLocator - ok

23:39:50.0144 2716        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:39:50.0174 2716        RpcSs - ok

23:39:50.0184 2716        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:39:50.0204 2716        rspndr - ok

23:39:50.0224 2716        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:39:50.0234 2716        SamSs - ok

23:39:50.0244 2716        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:39:50.0254 2716        sbp2port - ok

23:39:50.0264 2716        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:39:50.0294 2716        SCardSvr - ok

23:39:50.0294 2716        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:39:50.0324 2716        scfilter - ok

23:39:50.0364 2716        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:39:50.0404 2716        Schedule - ok

23:39:50.0414 2716        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:39:50.0434 2716        SCPolicySvc - ok

23:39:50.0444 2716        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:39:50.0474 2716        SDRSVC - ok

23:39:50.0494 2716        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:39:50.0544 2716        secdrv - ok

23:39:50.0554 2716        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:39:50.0574 2716        seclogon - ok

23:39:50.0584 2716        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

23:39:50.0604 2716        SENS - ok

23:39:50.0624 2716        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:39:50.0644 2716        SensrSvc - ok

23:39:50.0644 2716        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:39:50.0664 2716        Serenum - ok

23:39:50.0674 2716        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:39:50.0684 2716        Serial - ok

23:39:50.0684 2716        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:39:50.0704 2716        sermouse - ok

23:39:50.0714 2716        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:39:50.0754 2716        SessionEnv - ok

23:39:50.0754 2716        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:39:50.0764 2716        sffdisk - ok

23:39:50.0764 2716        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:39:50.0774 2716        sffp_mmc - ok

23:39:50.0774 2716        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:39:50.0794 2716        sffp_sd - ok

23:39:50.0794 2716        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:39:50.0804 2716        sfloppy - ok

23:39:50.0824 2716        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

23:39:50.0864 2716        SharedAccess - ok

23:39:50.0884 2716        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:39:50.0904 2716        ShellHWDetection - ok

23:39:50.0934 2716        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:39:50.0934 2716        SiSRaid2 - ok

23:39:50.0944 2716        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:39:50.0954 2716        SiSRaid4 - ok

23:39:50.0974 2716        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:39:50.0994 2716        Smb - ok

23:39:51.0004 2716        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:39:51.0024 2716        SNMPTRAP - ok

23:39:51.0024 2716        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:39:51.0034 2716        spldr - ok

23:39:51.0054 2716        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:39:51.0084 2716        Spooler - ok

23:39:51.0204 2716        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:39:51.0254 2716        sppsvc - ok

23:39:51.0314 2716        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:39:51.0354 2716        sppuinotify - ok

23:39:51.0394 2716        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:39:51.0424 2716        srv - ok

23:39:51.0444 2716        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:39:51.0464 2716        srv2 - ok

23:39:51.0484 2716        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:39:51.0494 2716        srvnet - ok

23:39:51.0514 2716        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:39:51.0534 2716        SSDPSRV - ok

23:39:51.0544 2716        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:39:51.0564 2716        SstpSvc - ok

23:39:51.0614 2716        Steam Client Service - ok

23:39:51.0684 2716        Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:39:51.0694 2716        Stereo Service - ok

23:39:51.0714 2716        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:39:51.0724 2716        stexstor - ok

23:39:51.0754 2716        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:39:51.0774 2716        stisvc - ok

23:39:51.0804 2716        SWDUMon         (9a62d478ab1b83a9fa1af5254b786d0f) C:\Windows\system32\DRIVERS\SWDUMon.sys

23:39:51.0814 2716        SWDUMon - ok

23:39:51.0814 2716        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

23:39:51.0824 2716        swenum - ok

23:39:51.0854 2716        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:39:51.0884 2716        swprv - ok

23:39:51.0944 2716        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:39:51.0984 2716        SysMain - ok

23:39:52.0024 2716        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:39:52.0034 2716        TabletInputService - ok

23:39:52.0054 2716        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:39:52.0094 2716        TapiSrv - ok

23:39:52.0104 2716        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:39:52.0124 2716        TBS - ok

23:39:52.0204 2716        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

23:39:52.0264 2716        Tcpip - ok

23:39:52.0374 2716        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

23:39:52.0404 2716        TCPIP6 - ok

23:39:52.0434 2716        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:39:52.0474 2716        tcpipreg - ok

23:39:52.0484 2716        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:39:52.0494 2716        TDPIPE - ok

23:39:52.0514 2716        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:39:52.0524 2716        TDTCP - ok

23:39:52.0544 2716        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:39:52.0574 2716        tdx - ok

23:39:52.0584 2716        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

23:39:52.0594 2716        TermDD - ok

23:39:52.0624 2716        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:39:52.0664 2716        TermService - ok

23:39:52.0684 2716        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:39:52.0694 2716        Themes - ok

23:39:52.0714 2716        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:39:52.0734 2716        THREADORDER - ok

23:39:52.0744 2716        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:39:52.0774 2716        TrkWks - ok

23:39:52.0794 2716        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:39:52.0824 2716        TrustedInstaller - ok

23:39:52.0834 2716        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:39:52.0854 2716        tssecsrv - ok

23:39:52.0864 2716        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:39:52.0874 2716        TsUsbFlt - ok

23:39:52.0884 2716        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:39:52.0884 2716        TsUsbGD - ok

23:39:52.0914 2716        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:39:52.0944 2716        tunnel - ok

23:39:52.0944 2716        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:39:52.0954 2716        uagp35 - ok

23:39:52.0974 2716        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:39:53.0014 2716        udfs - ok

23:39:53.0024 2716        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:39:53.0034 2716        UI0Detect - ok

23:39:53.0054 2716        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:39:53.0054 2716        uliagpkx - ok

23:39:53.0074 2716        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:39:53.0084 2716        umbus - ok

23:39:53.0084 2716        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:39:53.0104 2716        UmPass - ok

23:39:53.0114 2716        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:39:53.0144 2716        upnphost - ok

23:39:53.0164 2716        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:39:53.0174 2716        usbccgp - ok

23:39:53.0184 2716        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:39:53.0194 2716        usbcir - ok

23:39:53.0214 2716        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

23:39:53.0224 2716        usbehci - ok

23:39:53.0254 2716        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:39:53.0264 2716        usbhub - ok

23:39:53.0274 2716        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:39:53.0294 2716        usbohci - ok

23:39:53.0304 2716        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:39:53.0314 2716        usbprint - ok

23:39:53.0324 2716        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:39:53.0344 2716        USBSTOR - ok

23:39:53.0354 2716        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:39:53.0374 2716        usbuhci - ok

23:39:53.0384 2716        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:39:53.0404 2716        UxSms - ok

23:39:53.0424 2716        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:39:53.0434 2716        VaultSvc - ok

23:39:53.0444 2716        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:39:53.0444 2716        vdrvroot - ok

23:39:53.0474 2716        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:39:53.0514 2716        vds - ok

23:39:53.0524 2716        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:39:53.0534 2716        vga - ok

23:39:53.0534 2716        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:39:53.0554 2716        VgaSave - ok

23:39:53.0564 2716        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:39:53.0574 2716        vhdmp - ok

23:39:53.0584 2716        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:39:53.0594 2716        viaide - ok

23:39:53.0604 2716        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:39:53.0614 2716        volmgr - ok

23:39:53.0634 2716        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:39:53.0644 2716        volmgrx - ok

23:39:53.0674 2716        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:39:53.0684 2716        volsnap - ok

23:39:53.0704 2716        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:39:53.0714 2716        vsmraid - ok

23:39:53.0774 2716        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:39:53.0844 2716        VSS - ok

23:39:53.0904 2716        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

23:39:53.0934 2716        vwifibus - ok

23:39:53.0954 2716        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:39:53.0994 2716        W32Time - ok

23:39:54.0004 2716        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:39:54.0014 2716        WacomPen - ok

23:39:54.0024 2716        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:39:54.0054 2716        WANARP - ok

23:39:54.0054 2716        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:39:54.0074 2716        Wanarpv6 - ok

23:39:54.0134 2716        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

23:39:54.0174 2716        WatAdminSvc - ok

23:39:54.0224 2716        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:39:54.0274 2716        wbengine - ok

23:39:54.0304 2716        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:39:54.0324 2716        WbioSrvc - ok

23:39:54.0344 2716        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:39:54.0374 2716        wcncsvc - ok

23:39:54.0374 2716        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:39:54.0404 2716        WcsPlugInService - ok

23:39:54.0424 2716        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:39:54.0434 2716        Wd - ok

23:39:54.0454 2716        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:39:54.0484 2716        Wdf01000 - ok

23:39:54.0494 2716        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:39:54.0545 2716        WdiServiceHost - ok

23:39:54.0545 2716        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:39:54.0565 2716        WdiSystemHost - ok

23:39:54.0585 2716        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:39:54.0605 2716        WebClient - ok

23:39:54.0625 2716        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:39:54.0655 2716        Wecsvc - ok

23:39:54.0665 2716        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:39:54.0695 2716        wercplsupport - ok

23:39:54.0715 2716        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:39:54.0735 2716        WerSvc - ok

23:39:54.0745 2716        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:39:54.0765 2716        WfpLwf - ok

23:39:54.0765 2716        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:39:54.0775 2716        WIMMount - ok

23:39:54.0785 2716        WinDefend - ok

23:39:54.0795 2716        WinHttpAutoProxySvc - ok

23:39:54.0825 2716        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:39:54.0845 2716        Winmgmt - ok

23:39:54.0925 2716        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:39:54.0985 2716        WinRM - ok

23:39:55.0045 2716        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:39:55.0085 2716        Wlansvc - ok

23:39:55.0255 2716        wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:39:55.0295 2716        wlidsvc - ok

23:39:55.0335 2716        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

23:39:55.0345 2716        WmiAcpi - ok

23:39:55.0365 2716        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:39:55.0375 2716        wmiApSrv - ok

23:39:55.0395 2716        WMPNetworkSvc - ok

23:39:55.0405 2716        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:39:55.0415 2716        WPCSvc - ok

23:39:55.0435 2716        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:39:55.0445 2716        WPDBusEnum - ok

23:39:55.0455 2716        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:39:55.0475 2716        ws2ifsl - ok

23:39:55.0495 2716        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

23:39:55.0515 2716        wscsvc - ok

23:39:55.0515 2716        WSearch - ok

23:39:55.0595 2716        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

23:39:55.0685 2716        wuauserv - ok

23:39:55.0715 2716        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:39:55.0735 2716        WudfPf - ok

23:39:55.0765 2716        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:39:55.0795 2716        WUDFRd - ok

23:39:55.0795 2716        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:39:55.0815 2716        wudfsvc - ok

23:39:55.0835 2716        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:39:55.0855 2716        WwanSvc - ok

23:39:55.0885 2716        yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

23:39:55.0905 2716        yukonw7 - ok

23:39:55.0905 2716        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:39:55.0995 2716        \Device\Harddisk0\DR0 - ok

23:39:56.0005 2716        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

23:39:56.0115 2716        \Device\Harddisk1\DR1 - ok

23:39:56.0115 2716        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

23:39:56.0225 2716        \Device\Harddisk2\DR2 - ok

23:39:56.0225 2716        Boot (0x1200)   (a9245ae223eef996fa0e11d795b374df) \Device\Harddisk0\DR0\Partition0

23:39:56.0225 2716        \Device\Harddisk0\DR0\Partition0 - ok

23:39:56.0235 2716        Boot (0x1200)   (8e4be96111ea748e5b13536568885b17) \Device\Harddisk0\DR0\Partition1

23:39:56.0235 2716        \Device\Harddisk0\DR0\Partition1 - ok

23:39:56.0235 2716        Boot (0x1200)   (12bf13435492e227ddc212ae825c1c8b) \Device\Harddisk1\DR1\Partition0

23:39:56.0235 2716        \Device\Harddisk1\DR1\Partition0 - ok

23:39:56.0245 2716        Boot (0x1200)   (a489ca602fc9f95ac9e6035dfa73691c) \Device\Harddisk1\DR1\Partition1

23:39:56.0255 2716        \Device\Harddisk1\DR1\Partition1 - ok

23:39:56.0265 2716        Boot (0x1200)   (b7720d02a614e47d9a53f4bb7bdbe138) \Device\Harddisk1\DR1\Partition2

23:39:56.0265 2716        \Device\Harddisk1\DR1\Partition2 - ok

23:39:56.0265 2716        Boot (0x1200)   (f5a72c2d803cdbe4985fce14eebbf0ab) \Device\Harddisk1\DR1\Partition3

23:39:56.0265 2716        \Device\Harddisk1\DR1\Partition3 - ok

23:39:56.0275 2716        Boot (0x1200)   (a58c028e9626fe1073d9a9a42670f630) \Device\Harddisk1\DR1\Partition4

23:39:56.0275 2716        \Device\Harddisk1\DR1\Partition4 - ok

23:39:56.0285 2716        Boot (0x1200)   (f1dc55a37b5b1c5eddd85bcf0990a6a1) \Device\Harddisk2\DR2\Partition0

23:39:56.0285 2716        \Device\Harddisk2\DR2\Partition0 - ok

23:39:56.0285 2716        ============================================================

23:39:56.0285 2716        Scan finished

23:39:56.0285 2716        ============================================================

23:39:56.0285 4036        Detected object count: 1

23:39:56.0285 4036        Actual detected object count: 1

23:40:13.0826 4036        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

23:40:13.0826 4036        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruss
Walter

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne

Okay, habe ComboFix ausgeführt wie beschrieben. PC wurde vor dem Generieren des Logs einmal neu gestartet. Dannach konnte ich wie erwähnt Programme nicht starten aber nach einem manuellen Neustart durch mich, geht's wieder.

Hier der Log:

Combofix Logfile:

Code:

ComboFix 12-06-12.01 - Walter 12.06.2012  17:13:44.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.12279.10138 [GMT 2:00]

ausgeführt von:: c:\users\Walter\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\iun6002.exe

K:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))

.

.

2012-06-12 15:17 . 2012-06-12 15:17        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-12 07:46 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0CD46C2-EB7F-4B4B-AEB2-EE21C8BC822D}\mpengine.dll

2012-06-11 13:38 . 2012-06-11 20:50        --------        d-----w-        C:\_OTL

2012-06-09 08:37 . 2012-06-09 08:37        --------        d-----w-        c:\program files (x86)\ESET

2012-06-05 21:35 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll

2012-06-05 21:35 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll

2012-06-05 21:35 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2012-06-05 11:51 . 2012-06-05 11:51        --------        d-----w-        c:\users\Walter\AppData\Roaming\Malwarebytes

2012-06-05 11:51 . 2012-06-05 11:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-05 11:51 . 2012-06-05 11:51        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-05 11:51 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-20 13:32 . 2012-05-20 13:32        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

2012-05-19 15:03 . 2012-05-19 15:03        --------        d-----w-        c:\users\UpdatusUser

2012-05-19 15:02 . 2012-02-29 20:59        2515790        ----a-w-        c:\windows\system32\nvcoproc.bin

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 20:36 . 2012-01-05 10:35        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 20:36 . 2012-01-05 10:35        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-05-04 21:14 . 2012-04-03 11:43        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 21:14 . 2011-11-29 17:47        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 21:14 . 2012-04-14 21:14        8769696        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-08 12:49 . 2012-04-08 12:49        199        ----a-w-        c:\users\Walter\QualityWings_Ultimate 757 Collection.reg

2012-03-31 06:05 . 2012-05-10 09:28        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-10 09:28        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 09:28        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-10 09:28        3146240        ----a-w-        c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-10 09:28        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-03-24 15:41 . 2012-03-24 15:41        191        ----a-w-        c:\users\Walter\FSDreamTeam_Los Angeles V2.reg

2012-03-24 15:40 . 2012-03-24 15:40        190        ----a-w-        c:\users\Walter\FSDreamTeam_Chicago Ohare.reg

2012-03-24 15:26 . 2012-03-24 15:26        179        ----a-w-        c:\users\Walter\FSDreamTeam_GSX.reg

2012-03-17 07:58 . 2012-05-10 09:28        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-29 39408]

"Steam"="d:\program files (x86)\Steam\Steam.exe" [2011-12-04 1242448]

"HDDHealth"="c:\program files (x86)\HDD Health\hddhealth.exe" [2008-06-15 1692672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:14]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 23:19]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 23:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bluewin.ch/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-afx - c:\windows\iun6002.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-12  17:20:07 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-12 15:20

.

Vor Suchlauf: 11 Verzeichnis(se), 703'724'363'776 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 703'295'815'680 Bytes frei

.

- - End Of File - - DCB4618D5EE654F07C7BC6E9AC937FDF

--- --- ---

Hoffe nur, dass nach all diesen Tätigkeiten mein System dann wieder okay ist. Deine Hilfe und ausführlichen Anleitungen sind jedenfalls super.

Gruss
Walter