| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.12.2011, 18:47
| #1 |
 |  Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Hallo, ich habe folgendes Problem: -Vor ca 1 Woche hatte sich nach dem Hochfahren mein Avast antiviren Programm von selbst deaktiviert und die Internetverbindung war daraufhin sehr langsam bis gar nicht mehr nutzbar. Jedoch nur auf meinem PC, der Rechner von meinem Vater z.b. ging problemlos im selben W-lan netzwerk. -Dann hatte ich mehrmals ein aufhängen des PC´s mit anschließendem Bluescreen -Nun seit ca 3 Tagen ist der PC sehr langsam, das heißt die Maus reagiert nur sehr träge auf meine Befehle, Programme zu öffnen dauert eine ewigkeit, wenn er davor nicht abstürzt. Was ich selbst bis jetzt versucht habe: -Mehrmaliger Scan mit Malewarebytes, Avast = Ohne Funde! -Defogger durchlaufen lassen (log siehe unten) hier sind die log-files davon: MALEWAREBYTES: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8239 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 28.11.2011 12:33:23 mbam-log-2011-11-28 (12-33-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 431310 Laufzeit: 1 Stunde(n), 30 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier der zweite: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8314 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 05.12.2011 14:10:45 mbam-log-2011-12-05 (14-10-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 450157 Laufzeit: 1 Stunde(n), 35 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:31 on 05/12/2011 (josch) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Ich bräuchte wirklich Hilfe um mein System wieder fit zu kriegen, bzw. auch tipps um es zukünftig sauber zu halten. Vielen Dank schonmal für eure Hilfe! |
|
05.12.2011, 19:14
| #2 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Hier noch das Log-File von OLT:
__________________[ Application Events ] Error - 05.12.2011 09:19:14 | Computer Name = josch-PC | Source = ESENT | ID = 455 Description = Windows (3760) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000A6.log. Error - 05.12.2011 09:19:15 | Computer Name = josch-PC | Source = Windows Search Service | ID = 9000 Description = Error - 05.12.2011 09:19:15 | Computer Name = josch-PC | Source = Windows Search Service | ID = 7040 Description = Error - 05.12.2011 09:19:15 | Computer Name = josch-PC | Source = Windows Search Service | ID = 7042 Description = Error - 05.12.2011 09:19:15 | Computer Name = josch-PC | Source = Windows Search Service | ID = 9002 Description = Error - 05.12.2011 09:19:15 | Computer Name = josch-PC | Source = Windows Search Service | ID = 3029 Description = Error - 05.12.2011 09:19:17 | Computer Name = josch-PC | Source = Windows Search Service | ID = 3029 Description = Error - 05.12.2011 09:19:17 | Computer Name = josch-PC | Source = Windows Search Service | ID = 3028 Description = Error - 05.12.2011 09:19:17 | Computer Name = josch-PC | Source = Windows Search Service | ID = 3058 Description = Error - 05.12.2011 09:19:17 | Computer Name = josch-PC | Source = Windows Search Service | ID = 7010 Description = [ Media Center Events ] Error - 16.11.2011 07:43:31 | Computer Name = josch-PC | Source = MCUpdate | ID = 0 Description = 12:43:31 - Fehler beim Herstellen der Internetverbindung. 12:43:31 - Serververbindung konnte nicht hergestellt werden.. Error - 16.11.2011 21:48:52 | Computer Name = josch-PC | Source = MCUpdate | ID = 0 Description = 02:48:52 - Fehler beim Herstellen der Internetverbindung. 02:48:52 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 15.05.2011 07:59:21 | Computer Name = josch-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4926 seconds with 900 seconds of active time. This session ended with a crash. [ System Events ] Error - 20.10.2011 09:35:25 | Computer Name = josch-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 20.10.2011 09:35:25 | Computer Name = josch-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 20.10.2011 09:35:25 | Computer Name = josch-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 21.10.2011 07:32:37 | Computer Name = josch-PC | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 21.10.2011 07:33:44 | Computer Name = josch-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 21.10.2011 10:54:10 | Computer Name = josch-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 21.10.2011 12:46:36 | Computer Name = josch-PC | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 21.10.2011 12:47:08 | Computer Name = josch-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?21.?10.?2011 um 18:45:46 unerwartet heruntergefahren. Error - 21.10.2011 12:47:14 | Computer Name = josch-PC | Source = BugCheck | ID = 1001 Description = Error - 21.10.2011 12:47:58 | Computer Name = josch-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd < End of report > |
|
05.12.2011, 19:20
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
06.12.2011, 11:47
| #4 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Beim Scannen mit ESET hat sich der PC mehrmals fast aufgehangen und war sehr lange eingefroren, ging aber trotzdem bis zum Ende der Scan. Hier ist die log txt von ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e9a1473fdcdcbb49b8c5bd4ac124bc7b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-06 10:31:55 # local_time=2011-12-06 11:31:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 66615 74789075 0 0 # compatibility_mode=8192 67108863 100 0 654305 654305 0 0 # scanned=269254 # found=0 # cleaned=0 # scan_time=9631 |
|
06.12.2011, 12:04
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Das OTL_log ist völlig verhunzt bei dir: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.12.2011, 12:57
| #6 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.12.2011 12:22:16 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\josch\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,36% Memory free 4,00 Gb Paging File | 2,66 Gb Available in Paging File | 66,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 20,11 Gb Free Space | 34,32% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 8,82 Gb Free Space | 10,03% Space Free | Partition Type: NTFS Drive G: | 465,65 Gb Total Space | 234,98 Gb Free Space | 50,46% Space Free | Partition Type: FAT32 Computer Name: JOSCH-PC | User Name: josch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.05 18:52:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\josch\Desktop\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe PRC - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.03.09 10:56:28 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe ========== Modules (No Company Name) ========== MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.07 19:59:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.05.03 09:55:43 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2011.05.03 09:55:42 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.02 05:18:32 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.04.30 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) SRV - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2005.09.23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2004.07.23 14:11:08 | 000,024,576 | ---- | M] (IBM) [Disabled | Stopped] -- C:\IFOR\WIN\BIN\i4gdb.exe -- (IBM LUM CR) SRV - [2004.07.23 14:11:06 | 000,024,576 | ---- | M] (IBM) [On_Demand | Stopped] -- C:\IFOR\WIN\BIN\i4llmd.exe -- (IBM LUM NDL) SRV - [2004.07.23 14:11:04 | 000,024,576 | ---- | M] (IBM) [Disabled | Stopped] -- C:\IFOR\WIN\BIN\i4lmd.exe -- (IBM LUM LMD) ========== Driver Services (SafeList) ========== DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.22 07:45:26 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.17 13:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.08.17 13:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.04.30 11:52:02 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.07.12 14:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.03.12 17:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.01 18:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.24 14:03:02 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir) DRV - [2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX) DRV - [2007.04.24 15:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 29 E6 7B 6F A8 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.30 23:23:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_6.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2011.11.09 16:52:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 16:38:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.05 14:27:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.09 16:52:29 | 000,000,000 | ---D | M] [2007.03.09 10:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josch\AppData\Roaming\mozilla\Extensions [2011.12.01 10:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions [2011.12.01 10:54:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.01 10:27:48 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de [2011.12.05 14:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.05 14:27:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.30 23:23:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\JOSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T114PLHL.DEFAULT\EXTENSIONS\JSDEOBFUSCATOR@ADBLOCKPLUS.ORG.XPI [2011.11.11 16:38:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.18 08:03:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 08:03:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.18 08:03:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 08:03:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 08:03:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 08:03:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKCU..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\josch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{872AE68C-F41C-41DE-A675-7CB17336D180}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.13 18:51:05 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O33 - MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\Shell - "" = AutoRun O33 - MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1031" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:6 /dir:"C:\Program Files\AVAST Software\Avast") O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico - () MsConfig - StartUpFolder: C:^Users^josch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DriverFinder - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {44D1E9F1-32D0-5933-D39F-27461795687A} - .NET Framework ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5501EF19-BE76-9877-7850-9F67402ABE48} - Microsoft Windows Media Player 12.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B3638A6D-4B97-82D7-AD31-D71539C8B8D4} - Internet Explorer ActiveX: {C4E147DD-2653-B8F3-917B-EB60F3F29565} - Internet Explorer ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CF45E0A2-6326-028B-D122-557DC6D256B1} - Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {E9AAE1D0-D08D-2B82-641D-425F6E31B863} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.05 18:51:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\josch\Desktop\OTL.exe [2011.12.05 14:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.01 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\DVDVideoSoft [2011.12.01 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.01 10:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.12.01 10:54:36 | 000,000,000 | ---D | C] -- C:\Users\josch\Documents\DVDVideoSoft [2011.12.01 10:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2011.12.01 10:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2011.12.01 00:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.12.01 00:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.12.01 00:18:30 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.11.30 23:35:31 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.11.30 22:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Turbo Memory [2011.11.30 22:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2011.11.29 06:17:19 | 000,000,000 | -H-D | C] -- C:\Users\josch\Desktop\neu [2011.11.28 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.25 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\Malwarebytes [2011.11.25 19:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.25 19:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.25 19:12:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.25 19:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.22 15:54:29 | 000,000,000 | ---D | C] -- C:\Users\josch\Spiele [2011.11.22 15:48:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.11.22 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 [2011.11.22 15:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32 [2011.11.22 09:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.22 09:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.22 09:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2011.11.20 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\josch\Documents\OneNote-Notizbücher [2011.11.19 17:03:16 | 000,000,000 | ---D | C] -- C:\Users\josch\Desktop\dateien [2011.11.18 17:58:49 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\dvdcss [2011.11.16 21:48:13 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\Nokia Suite [2011.11.16 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CATIA [2011.11.14 22:57:59 | 000,000,000 | ---D | C] -- C:\Users\josch\Desktop\profil [2011.11.14 22:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.10 16:47:51 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Local\GoldenCheetah-v3 [2011.11.10 16:46:55 | 000,000,000 | ---D | C] -- C:\Users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenCheetah-v3 [2011.11.10 16:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\GoldenCheetah-v3 [2011.11.09 17:01:24 | 000,000,000 | ---D | C] -- C:\Users\josch\Documents\Nokia Suite [2011.11.09 16:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.11.09 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2011.11.09 16:50:29 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.11.09 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.06 10:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.05 18:52:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\josch\Desktop\OTL.exe [2011.12.05 14:26:04 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.05 14:26:04 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.05 14:18:34 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys [2011.12.01 10:54:50 | 000,001,253 | ---- | M] () -- C:\Users\josch\Desktop\Free Audio CD Burner.lnk [2011.12.01 10:54:49 | 000,001,197 | ---- | M] () -- C:\Users\josch\Desktop\DVDVideoSoft Free Studio.lnk [2011.12.01 10:54:48 | 000,001,356 | ---- | M] () -- C:\Users\josch\Desktop\Free YouTube to MP3 Converter.lnk [2011.12.01 10:46:34 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.30 23:27:29 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.30 23:27:29 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.30 23:27:29 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.30 23:27:29 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.30 23:24:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.11.28 19:59:05 | 000,302,592 | ---- | M] () -- C:\Users\josch\Desktop\girdhkpt.exe [2011.11.28 19:34:42 | 000,050,477 | ---- | M] () -- C:\Users\josch\Desktop\Defogger(2).exe [2011.11.28 19:26:17 | 000,000,020 | ---- | M] () -- C:\Users\josch\defogger_reenable [2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.11.28 18:56:33 | 000,263,168 | ---- | M] () -- C:\Users\josch\Desktop\Skiplatte_Tourenski.SLDPRT [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.11.25 19:12:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.24 19:53:24 | 000,294,468 | ---- | M] () -- C:\Users\josch\Desktop\SRM Batterie bestellung.pdf [2011.11.24 17:23:43 | 000,119,432 | ---- | M] () -- C:\Users\josch\Desktop\Überweisung CNC.pdf [2011.11.22 15:51:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.11.22 15:51:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.11.22 10:08:05 | 000,705,600 | ---- | M] () -- C:\Users\josch\Documents\cc_20111122_100740.reg [2011.11.20 20:21:25 | 000,120,479 | ---- | M] () -- C:\Users\josch\Desktop\überweisungsbestätigun.pdf [2011.11.19 17:03:38 | 001,028,204 | ---- | M] () -- C:\Users\josch\Desktop\8.11.2011.gc [2011.11.17 18:47:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2011.11.14 22:34:12 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.10 15:21:55 | 000,049,181 | ---- | M] () -- C:\Users\josch\Desktop\Stundenplan Aktualisier 11-11-2011.pdf [2011.11.09 16:52:41 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2011.11.09 16:37:00 | 000,011,264 | ---- | M] () -- C:\Users\josch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.09 12:07:22 | 000,451,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.01 10:54:50 | 000,001,253 | ---- | C] () -- C:\Users\josch\Desktop\Free Audio CD Burner.lnk [2011.12.01 10:54:49 | 000,001,197 | ---- | C] () -- C:\Users\josch\Desktop\DVDVideoSoft Free Studio.lnk [2011.12.01 10:54:48 | 000,001,356 | ---- | C] () -- C:\Users\josch\Desktop\Free YouTube to MP3 Converter.lnk [2011.11.30 23:35:30 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.11.28 19:58:18 | 000,302,592 | ---- | C] () -- C:\Users\josch\Desktop\girdhkpt.exe [2011.11.28 19:34:42 | 000,050,477 | ---- | C] () -- C:\Users\josch\Desktop\Defogger(2).exe [2011.11.28 19:25:56 | 000,000,020 | ---- | C] () -- C:\Users\josch\defogger_reenable [2011.11.28 19:02:13 | 000,263,168 | ---- | C] () -- C:\Users\josch\Desktop\Skiplatte_Tourenski.SLDPRT [2011.11.25 19:12:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.24 19:53:23 | 000,294,468 | ---- | C] () -- C:\Users\josch\Desktop\SRM Batterie bestellung.pdf [2011.11.24 17:23:42 | 000,119,432 | ---- | C] () -- C:\Users\josch\Desktop\Überweisung CNC.pdf [2011.11.22 15:51:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.11.22 15:51:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.11.22 10:07:43 | 000,705,600 | ---- | C] () -- C:\Users\josch\Documents\cc_20111122_100740.reg [2011.11.22 09:51:25 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.20 20:21:24 | 000,120,479 | ---- | C] () -- C:\Users\josch\Desktop\überweisungsbestätigun.pdf [2011.11.19 17:03:37 | 001,028,204 | ---- | C] () -- C:\Users\josch\Desktop\8.11.2011.gc [2011.11.17 18:47:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2011.11.14 22:34:12 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.10 15:18:32 | 000,049,181 | ---- | C] () -- C:\Users\josch\Desktop\Stundenplan Aktualisier 11-11-2011.pdf [2011.11.09 16:52:41 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2011.10.04 16:13:19 | 000,011,264 | ---- | C] () -- C:\Users\josch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.24 09:58:55 | 000,000,000 | ---- | C] () -- C:\Users\josch\AppData\Local\{6E8C1A81-0C78-4826-972C-E36782A33A6B} [2011.05.23 17:39:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.06 18:30:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.03 11:40:00 | 000,007,605 | ---- | C] () -- C:\Users\josch\AppData\Local\Resmon.ResmonCfg [2011.05.03 11:11:49 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll [2011.05.03 10:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2011.05.01 06:23:43 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2009.07.14 09:47:43 | 000,668,778 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,562 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,451,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,620,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.24 15:52:10 | 000,000,004 | ---- | C] () -- C:\Windows\System32\drivers\shfldol.sys [2007.04.03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.03.09 10:37:15 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2007.03.09 10:37:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2007.03.09 10:37:15 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2007.03.09 10:37:15 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2007.03.09 10:34:43 | 000,156,788 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2007.03.09 10:34:43 | 000,000,920 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2007.03.09 10:34:43 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2007.03.09 10:34:43 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2007.03.09 10:34:43 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2007.03.09 10:34:43 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2007.03.07 23:07:50 | 000,000,068 | ---- | C] () -- C:\Windows\spwdrg.INI [2007.03.07 23:07:42 | 000,000,133 | ---- | C] () -- C:\Windows\Crypkey.ini [2007.03.07 23:07:35 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2007.03.07 23:07:35 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2007.03.07 23:07:35 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2007.03.07 23:07:35 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe ========== LOP Check ========== [2007.03.09 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Ansys [2011.11.06 14:10:45 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\BitComet [2011.06.01 10:31:05 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Canneverbe Limited [2011.05.03 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DassaultSystemes [2011.11.28 19:09:15 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DriverFinder [2011.12.01 10:56:38 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DVDVideoSoft [2011.12.01 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.02 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\IM [2011.10.07 11:46:48 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia [2011.10.07 11:46:50 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia Ovi Suite [2011.11.16 21:48:13 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia Suite [2011.06.01 10:27:38 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\OpenCandy [2011.10.04 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\PC Suite [2011.05.02 13:22:40 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Unigraphics Solutions [2011.10.13 21:34:39 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\WindSolutions [2011.11.10 00:37:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.11 16:02:43 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Adobe [2007.03.09 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Ansys [2011.08.26 07:14:08 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Apple Computer [2011.11.06 14:10:45 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\BitComet [2011.06.01 10:31:05 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Canneverbe Limited [2011.05.03 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DassaultSystemes [2011.11.28 19:09:15 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DriverFinder [2011.11.18 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\dvdcss [2011.12.01 10:56:38 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DVDVideoSoft [2011.12.01 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\DVDVideoSoftIEHelpers [2007.03.08 14:01:43 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Identities [2011.05.02 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\IM [2007.03.09 10:37:03 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\InstallShield [2007.03.09 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Macromedia [2011.11.25 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Malwarebytes [2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Media Center Programs [2011.11.20 20:20:59 | 000,000,000 | --SD | M] -- C:\Users\josch\AppData\Roaming\Microsoft [2007.03.09 10:47:07 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Mozilla [2011.10.07 11:46:48 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia [2011.10.07 11:46:50 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia Ovi Suite [2011.11.16 21:48:13 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Nokia Suite [2011.06.01 10:27:38 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\OpenCandy [2011.10.04 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\PC Suite [2011.11.22 10:02:40 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Skype [2011.11.14 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\skypePM [2011.11.28 19:00:30 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\SolidWorks [2011.05.02 13:22:40 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\Unigraphics Solutions [2011.11.18 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\vlc [2011.10.13 21:34:39 | 000,000,000 | ---D | M] -- C:\Users\josch\AppData\Roaming\WindSolutions < %APPDATA%\*.exe /s > [2011.10.11 15:59:10 | 000,038,208 | ---- | M] () -- C:\Users\josch\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.05.05 15:07:28 | 000,023,558 | R--- | M] () -- C:\Users\josch\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_18be6784.exe [2011.05.05 15:07:28 | 000,023,558 | R--- | M] () -- C:\Users\josch\AppData\Roaming\Microsoft\Installer\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}\_294823.exe [2011.09.07 08:14:21 | 072,334,312 | ---- | M] () -- C:\Users\josch\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe [2011.06.01 10:27:45 | 000,476,736 | ---- | M] () -- C:\Users\josch\AppData\Roaming\OpenCandy\OpenCandy_4E7D71769DDF4E1199D346744FF73715\Gutscheinrausch_p11v1.exe [2011.06.01 10:27:40 | 000,416,160 | ---- | M] () -- C:\Users\josch\AppData\Roaming\OpenCandy\OpenCandy_4E7D71769DDF4E1199D346744FF73715\LatestDLMgr.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
06.12.2011, 13:26
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.06.01 10:27:48 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de
O4 - HKCU..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.13 18:51:05 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O33 - MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\Shell - "" = AutoRun
O33 - MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 17:26
| #8 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Danke schonmal für die Hilfe!!! Das Fixen mit OTL hat geklappt, nur beim Runterfahren hat sich der Rechner augehängt und ist nicht ausgegangen, ich hab 1h gewartet und er war immer noch nicht aus, dann hab ich ihn ausgeschalten und neu gestartet. Dann hab ich folgende log datei erhalten: All processes killed ========== OTL ========== C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de\chrome\content\skin folder moved successfully. C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de\chrome\content folder moved successfully. C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de\chrome folder moved successfully. C:\Users\josch\AppData\Roaming\mozilla\Firefox\Profiles\t114plhl.default\extensions\mail@gutscheinrausch.de folder moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c396b50-1046-11e1-94fb-001b246a0638}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c396b50-1046-11e1-94fb-001b246a0638}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c396b50-1046-11e1-94fb-001b246a0638}\ not found. File F:\NokiaPCIA_Autorun.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: josch ->Temp folder emptied: 411457 bytes ->Temporary Internet Files folder emptied: 180626 bytes ->Java cache emptied: 17195176 bytes ->FireFox cache emptied: 89434926 bytes ->Flash cache emptied: 41853 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1521156 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 104,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12062011_170147 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
06.12.2011, 19:08
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 20:10
| #10 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? 19:15:44.0986 4092 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 19:15:45.0485 4092 ============================================================ 19:15:45.0485 4092 Current date / time: 2011/12/06 19:15:45.0485 19:15:45.0485 4092 SystemInfo: 19:15:45.0485 4092 19:15:45.0485 4092 OS Version: 6.1.7601 ServicePack: 1.0 19:15:45.0485 4092 Product type: Workstation 19:15:45.0485 4092 ComputerName: JOSCH-PC 19:15:45.0485 4092 UserName: josch 19:15:45.0485 4092 Windows directory: C:\Windows 19:15:45.0485 4092 System windows directory: C:\Windows 19:15:45.0485 4092 Processor architecture: Intel x86 19:15:45.0485 4092 Number of processors: 2 19:15:45.0485 4092 Page size: 0x1000 19:15:45.0485 4092 Boot type: Normal boot 19:15:45.0485 4092 ============================================================ 19:15:45.0844 4092 Initialize success 19:16:21.0579 1232 ============================================================ 19:16:21.0579 1232 Scan started 19:16:21.0579 1232 Mode: Manual; SigCheck; TDLFS; 19:16:21.0579 1232 ============================================================ 19:16:21.0922 1232 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 19:16:22.0031 1232 1394ohci - ok 19:16:22.0063 1232 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 19:16:22.0078 1232 ACPI - ok 19:16:22.0125 1232 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 19:16:22.0156 1232 AcpiPmi - ok 19:16:22.0234 1232 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 19:16:22.0250 1232 adp94xx - ok 19:16:22.0297 1232 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 19:16:22.0312 1232 adpahci - ok 19:16:22.0343 1232 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 19:16:22.0359 1232 adpu320 - ok 19:16:22.0390 1232 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 19:16:22.0437 1232 AFD - ok 19:16:22.0546 1232 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 19:16:22.0562 1232 agp440 - ok 19:16:22.0593 1232 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 19:16:22.0609 1232 aic78xx - ok 19:16:22.0655 1232 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 19:16:22.0671 1232 aliide - ok 19:16:22.0702 1232 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 19:16:22.0702 1232 amdagp - ok 19:16:22.0749 1232 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 19:16:22.0765 1232 amdide - ok 19:16:22.0796 1232 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 19:16:22.0827 1232 AmdK8 - ok 19:16:22.0858 1232 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 19:16:22.0905 1232 AmdPPM - ok 19:16:22.0952 1232 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 19:16:22.0967 1232 amdsata - ok 19:16:23.0014 1232 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 19:16:23.0030 1232 amdsbs - ok 19:16:23.0061 1232 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 19:16:23.0077 1232 amdxata - ok 19:16:23.0123 1232 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 19:16:23.0170 1232 AppID - ok 19:16:23.0217 1232 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 19:16:23.0233 1232 arc - ok 19:16:23.0264 1232 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 19:16:23.0279 1232 arcsas - ok 19:16:23.0295 1232 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys 19:16:23.0326 1232 aswFsBlk - ok 19:16:23.0357 1232 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys 19:16:23.0373 1232 aswMonFlt - ok 19:16:23.0389 1232 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys 19:16:23.0404 1232 aswRdr - ok 19:16:23.0451 1232 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys 19:16:23.0467 1232 aswSnx - ok 19:16:23.0498 1232 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys 19:16:23.0529 1232 aswSP - ok 19:16:23.0545 1232 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys 19:16:23.0560 1232 aswTdi - ok 19:16:23.0623 1232 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 19:16:23.0654 1232 AsyncMac - ok 19:16:23.0685 1232 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 19:16:23.0701 1232 atapi - ok 19:16:23.0763 1232 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 19:16:23.0794 1232 b06bdrv - ok 19:16:23.0825 1232 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 19:16:23.0841 1232 b57nd60x - ok 19:16:23.0872 1232 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 19:16:23.0919 1232 Beep - ok 19:16:23.0935 1232 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 19:16:23.0966 1232 blbdrive - ok 19:16:23.0997 1232 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 19:16:24.0013 1232 bowser - ok 19:16:24.0075 1232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:16:24.0106 1232 BrFiltLo - ok 19:16:24.0137 1232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:16:24.0169 1232 BrFiltUp - ok 19:16:24.0200 1232 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 19:16:24.0247 1232 Brserid - ok 19:16:24.0278 1232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 19:16:24.0309 1232 BrSerWdm - ok 19:16:24.0340 1232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:16:24.0371 1232 BrUsbMdm - ok 19:16:24.0418 1232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 19:16:24.0465 1232 BrUsbSer - ok 19:16:24.0496 1232 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 19:16:24.0543 1232 BTHMODEM - ok 19:16:24.0574 1232 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 19:16:24.0621 1232 cdfs - ok 19:16:24.0652 1232 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 19:16:24.0668 1232 cdrom - ok 19:16:24.0699 1232 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 19:16:24.0730 1232 circlass - ok 19:16:24.0761 1232 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 19:16:24.0777 1232 CLFS - ok 19:16:24.0886 1232 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 19:16:24.0902 1232 CmBatt - ok 19:16:24.0995 1232 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 19:16:25.0011 1232 cmdide - ok 19:16:25.0042 1232 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 19:16:25.0073 1232 CNG - ok 19:16:25.0089 1232 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 19:16:25.0105 1232 Compbatt - ok 19:16:25.0136 1232 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 19:16:25.0167 1232 CompositeBus - ok 19:16:25.0214 1232 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 19:16:25.0229 1232 crcdisk - ok 19:16:25.0261 1232 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 19:16:25.0292 1232 CSC - ok 19:16:25.0354 1232 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 19:16:25.0370 1232 CVirtA - ok 19:16:25.0417 1232 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys 19:16:25.0432 1232 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 19:16:25.0432 1232 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 19:16:25.0463 1232 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 19:16:25.0510 1232 DfsC - ok 19:16:25.0541 1232 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 19:16:25.0573 1232 discache - ok 19:16:25.0604 1232 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 19:16:25.0619 1232 Disk - ok 19:16:25.0635 1232 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 19:16:25.0651 1232 DKbFltr - ok 19:16:25.0682 1232 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys 19:16:25.0697 1232 DNE - ok 19:16:25.0713 1232 DritekPortIO - ok 19:16:25.0775 1232 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 19:16:25.0791 1232 drmkaud - ok 19:16:25.0838 1232 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 19:16:25.0885 1232 DXGKrnl - ok 19:16:26.0009 1232 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 19:16:26.0134 1232 ebdrv - ok 19:16:26.0212 1232 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 19:16:26.0228 1232 elxstor - ok 19:16:26.0275 1232 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 19:16:26.0290 1232 ErrDev - ok 19:16:26.0337 1232 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 19:16:26.0368 1232 exfat - ok 19:16:26.0399 1232 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 19:16:26.0446 1232 fastfat - ok 19:16:26.0493 1232 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 19:16:26.0524 1232 fdc - ok 19:16:26.0555 1232 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 19:16:26.0571 1232 FileInfo - ok 19:16:26.0618 1232 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 19:16:26.0665 1232 Filetrace - ok 19:16:26.0696 1232 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 19:16:26.0727 1232 flpydisk - ok 19:16:26.0758 1232 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 19:16:26.0774 1232 FltMgr - ok 19:16:26.0821 1232 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 19:16:26.0836 1232 FsDepends - ok 19:16:26.0867 1232 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 19:16:26.0883 1232 Fs_Rec - ok 19:16:26.0899 1232 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys 19:16:26.0914 1232 FTDIBUS - ok 19:16:26.0977 1232 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys 19:16:26.0977 1232 FTSER2K - ok 19:16:27.0008 1232 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 19:16:27.0039 1232 fvevol - ok 19:16:27.0086 1232 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:16:27.0101 1232 gagp30kx - ok 19:16:27.0117 1232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:16:27.0133 1232 GEARAspiWDM - ok 19:16:27.0164 1232 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 19:16:27.0195 1232 hcw85cir - ok 19:16:27.0242 1232 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 19:16:27.0273 1232 HdAudAddService - ok 19:16:27.0304 1232 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 19:16:27.0320 1232 HDAudBus - ok 19:16:27.0367 1232 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 19:16:27.0398 1232 HidBatt - ok 19:16:27.0429 1232 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 19:16:27.0460 1232 HidBth - ok 19:16:27.0476 1232 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 19:16:27.0507 1232 HidIr - ok 19:16:27.0538 1232 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 19:16:27.0554 1232 HidUsb - ok 19:16:27.0616 1232 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 19:16:27.0632 1232 HpSAMD - ok 19:16:27.0679 1232 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys 19:16:27.0741 1232 HSF_DPV - ok 19:16:27.0757 1232 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 19:16:27.0803 1232 HSXHWAZL - ok 19:16:27.0835 1232 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 19:16:27.0897 1232 HTTP - ok 19:16:27.0897 1232 HWiNFO32 (79b69cd1dfbdc48ccad4b8b6d4048786) C:\Program Files\HWiNFO32\HWiNFO32.SYS 19:16:27.0913 1232 HWiNFO32 - ok 19:16:27.0944 1232 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 19:16:27.0959 1232 hwpolicy - ok 19:16:27.0975 1232 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 19:16:28.0069 1232 i8042prt - ok 19:16:28.0115 1232 iaNvStor (3db9f6f69b8bb99d241b15c7b52e3a3d) C:\Windows\system32\DRIVERS\iaNvStor.sys 19:16:28.0115 1232 iaNvStor - ok 19:16:28.0162 1232 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys 19:16:28.0178 1232 iaStor - ok 19:16:28.0287 1232 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 19:16:28.0318 1232 iaStorV - ok 19:16:28.0381 1232 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 19:16:28.0381 1232 iirsp - ok 19:16:28.0505 1232 IntcAzAudAddService (da7dcb6565e68e3f95f043c4b01b8960) C:\Windows\system32\drivers\RTKVHDA.sys 19:16:28.0615 1232 IntcAzAudAddService - ok 19:16:28.0693 1232 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 19:16:28.0693 1232 intelide - ok 19:16:28.0724 1232 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 19:16:28.0755 1232 intelppm - ok 19:16:28.0802 1232 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:16:28.0833 1232 IpFilterDriver - ok 19:16:28.0880 1232 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 19:16:28.0911 1232 IPMIDRV - ok 19:16:29.0005 1232 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 19:16:29.0036 1232 IPNAT - ok 19:16:29.0067 1232 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 19:16:29.0098 1232 IRENUM - ok 19:16:29.0145 1232 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 19:16:29.0161 1232 isapnp - ok 19:16:29.0207 1232 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 19:16:29.0223 1232 iScsiPrt - ok 19:16:29.0254 1232 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 19:16:29.0270 1232 kbdclass - ok 19:16:29.0285 1232 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 19:16:29.0317 1232 kbdhid - ok 19:16:29.0348 1232 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 19:16:29.0363 1232 KSecDD - ok 19:16:29.0395 1232 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 19:16:29.0410 1232 KSecPkg - ok 19:16:29.0441 1232 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 19:16:29.0488 1232 lltdio - ok 19:16:29.0551 1232 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:16:29.0551 1232 LSI_FC - ok 19:16:29.0582 1232 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:16:29.0597 1232 LSI_SAS - ok 19:16:29.0629 1232 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:16:29.0644 1232 LSI_SAS2 - ok 19:16:29.0691 1232 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:16:29.0707 1232 LSI_SCSI - ok 19:16:29.0738 1232 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 19:16:29.0769 1232 luafv - ok 19:16:29.0831 1232 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\Windows\system32\drivers\LUMDriver.sys 19:16:29.0847 1232 LUMDriver - ok 19:16:29.0878 1232 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 19:16:29.0878 1232 MBAMProtector - ok 19:16:29.0909 1232 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:16:29.0941 1232 mdmxsdk - ok 19:16:29.0972 1232 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 19:16:29.0987 1232 megasas - ok 19:16:30.0034 1232 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 19:16:30.0050 1232 MegaSR - ok 19:16:30.0081 1232 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 19:16:30.0128 1232 Modem - ok 19:16:30.0143 1232 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 19:16:30.0175 1232 monitor - ok 19:16:30.0190 1232 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 19:16:30.0206 1232 mouclass - ok 19:16:30.0237 1232 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 19:16:30.0268 1232 mouhid - ok 19:16:30.0284 1232 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 19:16:30.0299 1232 mountmgr - ok 19:16:30.0362 1232 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 19:16:30.0377 1232 mpio - ok 19:16:30.0409 1232 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 19:16:30.0440 1232 mpsdrv - ok 19:16:30.0487 1232 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 19:16:30.0518 1232 MRxDAV - ok 19:16:30.0533 1232 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:16:30.0565 1232 mrxsmb - ok 19:16:30.0596 1232 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:16:30.0627 1232 mrxsmb10 - ok 19:16:30.0658 1232 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:16:30.0689 1232 mrxsmb20 - ok 19:16:30.0705 1232 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 19:16:30.0721 1232 msahci - ok 19:16:30.0752 1232 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 19:16:30.0767 1232 msdsm - ok 19:16:30.0799 1232 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 19:16:30.0830 1232 Msfs - ok 19:16:30.0861 1232 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 19:16:30.0908 1232 mshidkmdf - ok 19:16:30.0923 1232 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 19:16:30.0939 1232 msisadrv - ok 19:16:30.0986 1232 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 19:16:31.0033 1232 MSKSSRV - ok 19:16:31.0064 1232 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 19:16:31.0111 1232 MSPCLOCK - ok 19:16:31.0142 1232 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 19:16:31.0173 1232 MSPQM - ok 19:16:31.0204 1232 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 19:16:31.0220 1232 MsRPC - ok 19:16:31.0251 1232 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 19:16:31.0267 1232 mssmbios - ok 19:16:31.0360 1232 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 19:16:31.0407 1232 MSTEE - ok 19:16:31.0438 1232 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 19:16:31.0454 1232 MTConfig - ok 19:16:31.0469 1232 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 19:16:31.0485 1232 Mup - ok 19:16:31.0516 1232 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 19:16:31.0547 1232 NativeWifiP - ok 19:16:31.0594 1232 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 19:16:31.0641 1232 NDIS - ok 19:16:31.0672 1232 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 19:16:31.0719 1232 NdisCap - ok 19:16:31.0735 1232 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 19:16:31.0781 1232 NdisTapi - ok 19:16:31.0797 1232 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 19:16:31.0844 1232 Ndisuio - ok 19:16:31.0875 1232 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 19:16:31.0906 1232 NdisWan - ok 19:16:31.0937 1232 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 19:16:31.0969 1232 NDProxy - ok 19:16:32.0000 1232 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 19:16:32.0047 1232 NetBIOS - ok 19:16:32.0078 1232 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 19:16:32.0109 1232 NetBT - ok 19:16:32.0281 1232 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 19:16:32.0468 1232 netw5v32 - ok 19:16:32.0499 1232 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\Windows\system32\ckldrv.sys 19:16:32.0515 1232 NetworkX ( UnsignedFile.Multi.Generic ) - warning 19:16:32.0515 1232 NetworkX - detected UnsignedFile.Multi.Generic (1) 19:16:32.0546 1232 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 19:16:32.0561 1232 nfrd960 - ok 19:16:32.0608 1232 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\Windows\system32\drivers\ccdcmb.sys 19:16:32.0655 1232 nmwcd - ok 19:16:32.0717 1232 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\Windows\system32\drivers\ccdcmbo.sys 19:16:32.0764 1232 nmwcdc - ok 19:16:32.0811 1232 nmwcdnsu (4f0de685a96dc843ccc8a861b3fac12d) C:\Windows\system32\drivers\nmwcdnsu.sys 19:16:32.0842 1232 nmwcdnsu - ok 19:16:32.0873 1232 nmwcdnsuc (578117c0c0cf10d99c8853e83c4bc63c) C:\Windows\system32\drivers\nmwcdnsuc.sys 19:16:32.0920 1232 nmwcdnsuc - ok 19:16:32.0936 1232 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 19:16:32.0983 1232 Npfs - ok 19:16:32.0998 1232 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 19:16:33.0045 1232 nsiproxy - ok 19:16:33.0170 1232 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 19:16:33.0217 1232 Ntfs - ok 19:16:33.0248 1232 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 19:16:33.0279 1232 Null - ok 19:16:33.0310 1232 nuvotoncir (7f5d69a031be0e7bdfb8126e1a212417) C:\Windows\system32\DRIVERS\nuvotoncir.sys 19:16:33.0326 1232 nuvotoncir - ok 19:16:33.0685 1232 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:16:34.0153 1232 nvlddmkm - ok 19:16:34.0231 1232 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 19:16:34.0246 1232 nvraid - ok 19:16:34.0262 1232 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 19:16:34.0277 1232 nvstor - ok 19:16:34.0355 1232 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 19:16:34.0371 1232 nv_agp - ok 19:16:34.0402 1232 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 19:16:34.0433 1232 ohci1394 - ok 19:16:34.0465 1232 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 19:16:34.0496 1232 Parport - ok 19:16:34.0527 1232 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 19:16:34.0543 1232 partmgr - ok 19:16:34.0589 1232 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 19:16:34.0605 1232 Parvdm - ok 19:16:34.0636 1232 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 19:16:34.0667 1232 pccsmcfd - ok 19:16:34.0683 1232 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 19:16:34.0714 1232 pci - ok 19:16:34.0745 1232 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 19:16:34.0761 1232 pciide - ok 19:16:34.0792 1232 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 19:16:34.0808 1232 pcmcia - ok 19:16:34.0839 1232 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 19:16:34.0855 1232 pcw - ok 19:16:34.0886 1232 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 19:16:34.0948 1232 PEAUTH - ok 19:16:34.0995 1232 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 19:16:35.0042 1232 PptpMiniport - ok 19:16:35.0073 1232 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 19:16:35.0104 1232 Processor - ok 19:16:35.0135 1232 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 19:16:35.0182 1232 Psched - ok 19:16:35.0276 1232 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 19:16:35.0323 1232 ql2300 - ok 19:16:35.0354 1232 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 19:16:35.0369 1232 ql40xx - ok 19:16:35.0401 1232 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 19:16:35.0432 1232 QWAVEdrv - ok 19:16:35.0463 1232 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 19:16:35.0494 1232 RasAcd - ok 19:16:35.0525 1232 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:16:35.0557 1232 RasAgileVpn - ok 19:16:35.0588 1232 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:16:35.0619 1232 Rasl2tp - ok 19:16:35.0650 1232 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 19:16:35.0697 1232 RasPppoe - ok 19:16:35.0713 1232 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 19:16:35.0759 1232 RasSstp - ok 19:16:35.0791 1232 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 19:16:35.0837 1232 rdbss - ok 19:16:35.0853 1232 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 19:16:35.0884 1232 rdpbus - ok 19:16:35.0900 1232 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:16:35.0947 1232 RDPCDD - ok 19:16:35.0993 1232 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 19:16:36.0009 1232 RDPDR - ok 19:16:36.0025 1232 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 19:16:36.0071 1232 RDPENCDD - ok 19:16:36.0103 1232 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 19:16:36.0134 1232 RDPREFMP - ok 19:16:36.0181 1232 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 19:16:36.0212 1232 RDPWD - ok 19:16:36.0243 1232 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 19:16:36.0259 1232 rdyboost - ok 19:16:36.0290 1232 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys 19:16:36.0321 1232 rimmptsk - ok 19:16:36.0337 1232 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys 19:16:36.0368 1232 rimsptsk - ok 19:16:36.0399 1232 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys 19:16:36.0415 1232 rismxdp - ok 19:16:36.0461 1232 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 19:16:36.0493 1232 rspndr - ok 19:16:36.0555 1232 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 19:16:36.0571 1232 s3cap - ok 19:16:36.0617 1232 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 19:16:36.0633 1232 sbp2port - ok 19:16:36.0664 1232 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 19:16:36.0711 1232 scfilter - ok 19:16:36.0742 1232 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 19:16:36.0758 1232 sdbus - ok 19:16:36.0789 1232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:16:36.0820 1232 secdrv - ok 19:16:36.0883 1232 Ser2pl (ac1f2a09b76b57356f906eeda43ccc2a) C:\Windows\system32\DRIVERS\ser2pl.sys 19:16:36.0929 1232 Ser2pl - ok 19:16:36.0961 1232 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 19:16:36.0992 1232 Serenum - ok 19:16:37.0039 1232 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 19:16:37.0070 1232 Serial - ok 19:16:37.0117 1232 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 19:16:37.0132 1232 sermouse - ok 19:16:37.0179 1232 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 19:16:37.0210 1232 sffdisk - ok 19:16:37.0257 1232 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 19:16:37.0273 1232 sffp_mmc - ok 19:16:37.0304 1232 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:16:37.0319 1232 sffp_sd - ok 19:16:37.0366 1232 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 19:16:37.0382 1232 sfloppy - ok 19:16:37.0429 1232 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 19:16:37.0444 1232 sisagp - ok 19:16:37.0491 1232 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:16:37.0491 1232 SiSRaid2 - ok 19:16:37.0538 1232 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 19:16:37.0553 1232 SiSRaid4 - ok 19:16:37.0569 1232 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 19:16:37.0600 1232 Smb - ok 19:16:37.0631 1232 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 19:16:37.0647 1232 spldr - ok 19:16:37.0709 1232 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\Windows\System32\Drivers\sptd.sys 19:16:37.0741 1232 sptd - ok 19:16:37.0772 1232 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 19:16:37.0865 1232 srv - ok 19:16:37.0897 1232 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 19:16:37.0928 1232 srv2 - ok 19:16:37.0959 1232 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 19:16:38.0006 1232 SrvHsfHDA - ok 19:16:38.0068 1232 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 19:16:38.0099 1232 SrvHsfV92 - ok 19:16:38.0146 1232 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 19:16:38.0177 1232 SrvHsfWinac - ok 19:16:38.0209 1232 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 19:16:38.0255 1232 srvnet - ok 19:16:38.0302 1232 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 19:16:38.0318 1232 stexstor - ok 19:16:38.0349 1232 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 19:16:38.0365 1232 storflt - ok 19:16:38.0411 1232 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 19:16:38.0427 1232 storvsc - ok 19:16:38.0458 1232 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 19:16:38.0474 1232 swenum - ok 19:16:38.0552 1232 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 19:16:38.0614 1232 Tcpip - ok 19:16:38.0677 1232 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 19:16:38.0708 1232 TCPIP6 - ok 19:16:38.0739 1232 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 19:16:38.0801 1232 tcpipreg - ok 19:16:38.0848 1232 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 19:16:38.0895 1232 TDPIPE - ok 19:16:38.0911 1232 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 19:16:38.0942 1232 TDTCP - ok 19:16:38.0973 1232 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 19:16:39.0020 1232 tdx - ok 19:16:39.0082 1232 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 19:16:39.0098 1232 TermDD - ok 19:16:39.0145 1232 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:16:39.0191 1232 tssecsrv - ok 19:16:39.0223 1232 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 19:16:39.0254 1232 TsUsbFlt - ok 19:16:39.0285 1232 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 19:16:39.0316 1232 tunnel - ok 19:16:39.0379 1232 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 19:16:39.0379 1232 uagp35 - ok 19:16:39.0425 1232 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 19:16:39.0457 1232 udfs - ok 19:16:39.0519 1232 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 19:16:39.0535 1232 uliagpkx - ok 19:16:39.0566 1232 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 19:16:39.0597 1232 umbus - ok 19:16:39.0628 1232 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 19:16:39.0659 1232 UmPass - ok 19:16:39.0691 1232 upperdev (78b74af8727a28c128e164e9b53a5413) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 19:16:39.0737 1232 upperdev - ok 19:16:39.0753 1232 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 19:16:39.0784 1232 usbccgp - ok 19:16:39.0815 1232 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 19:16:39.0847 1232 usbcir - ok 19:16:39.0878 1232 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 19:16:39.0893 1232 usbehci - ok 19:16:39.0925 1232 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 19:16:39.0940 1232 usbhub - ok 19:16:40.0003 1232 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 19:16:40.0018 1232 usbohci - ok 19:16:40.0065 1232 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 19:16:40.0096 1232 usbprint - ok 19:16:40.0159 1232 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys 19:16:40.0190 1232 usbser - ok 19:16:40.0221 1232 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 19:16:40.0268 1232 UsbserFilt - ok 19:16:40.0315 1232 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:16:40.0330 1232 USBSTOR - ok 19:16:40.0361 1232 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 19:16:40.0377 1232 usbuhci - ok 19:16:40.0408 1232 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys 19:16:40.0439 1232 usbvideo - ok 19:16:40.0471 1232 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 19:16:40.0486 1232 vdrvroot - ok 19:16:40.0533 1232 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 19:16:40.0549 1232 vga - ok 19:16:40.0580 1232 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 19:16:40.0611 1232 VgaSave - ok 19:16:40.0642 1232 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 19:16:40.0658 1232 vhdmp - ok 19:16:40.0720 1232 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 19:16:40.0736 1232 viaagp - ok 19:16:40.0767 1232 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 19:16:40.0798 1232 ViaC7 - ok 19:16:40.0829 1232 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 19:16:40.0845 1232 viaide - ok 19:16:40.0876 1232 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 19:16:40.0892 1232 vmbus - ok 19:16:40.0923 1232 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 19:16:40.0954 1232 VMBusHID - ok 19:16:40.0970 1232 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 19:16:40.0985 1232 volmgr - ok 19:16:41.0017 1232 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 19:16:41.0048 1232 volmgrx - ok 19:16:41.0079 1232 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 19:16:41.0095 1232 volsnap - ok 19:16:41.0157 1232 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 19:16:41.0173 1232 vsmraid - ok 19:16:41.0204 1232 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 19:16:41.0235 1232 vwifibus - ok 19:16:41.0282 1232 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 19:16:41.0313 1232 WacomPen - ok 19:16:41.0329 1232 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 19:16:41.0360 1232 WANARP - ok 19:16:41.0375 1232 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 19:16:41.0407 1232 Wanarpv6 - ok 19:16:41.0453 1232 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 19:16:41.0469 1232 Wd - ok 19:16:41.0500 1232 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 19:16:41.0531 1232 Wdf01000 - ok 19:16:41.0578 1232 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 19:16:41.0625 1232 WfpLwf - ok 19:16:41.0656 1232 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 19:16:41.0672 1232 WIMMount - ok 19:16:41.0719 1232 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 19:16:41.0765 1232 winachsf - ok 19:16:41.0828 1232 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 19:16:41.0859 1232 WinUsb - ok 19:16:41.0890 1232 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 19:16:41.0921 1232 WmiAcpi - ok 19:16:41.0953 1232 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 19:16:41.0999 1232 ws2ifsl - ok 19:16:42.0046 1232 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 19:16:42.0077 1232 WudfPf - ok 19:16:42.0140 1232 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:16:42.0171 1232 WUDFRd - ok 19:16:42.0202 1232 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys 19:16:42.0233 1232 XAudio - ok 19:16:42.0249 1232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 19:16:42.0296 1232 \Device\Harddisk1\DR1 - ok 19:16:42.0296 1232 Boot (0x1200) (a0d6f3da71cf6cc027e726c0d1b359be) \Device\Harddisk1\DR1\Partition0 19:16:42.0296 1232 \Device\Harddisk1\DR1\Partition0 - ok 19:16:42.0296 1232 Boot (0x1200) (a8046ce0b5ad8ae39466fc99d303217a) \Device\Harddisk1\DR1\Partition1 19:16:42.0296 1232 \Device\Harddisk1\DR1\Partition1 - ok 19:16:42.0296 1232 ============================================================ 19:16:42.0296 1232 Scan finished 19:16:42.0296 1232 ============================================================ 19:16:42.0311 1612 Detected object count: 2 19:16:42.0311 1612 Actual detected object count: 2 19:17:53.0886 1612 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 19:17:53.0886 1612 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:17:53.0886 1612 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user 19:17:53.0886 1612 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
06.12.2011, 20:24
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2011, 21:30
| #12 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Combofix Logfile: Code:
ATTFilter ComboFix 11-12-06.01 - josch 06.12.2011 20:20:02.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2046.1278 [GMT 1:00]
ausgeführt von:: c:\users\josch\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-06 bis 2011-12-06 ))))))))))))))))))))))))))))))
.
.
2011-12-06 19:29 . 2011-12-06 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 17:17 . 2011-12-06 17:17 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD5A83EA-D56D-467F-A275-E4C379345623}\offreg.dll
2011-12-06 16:01 . 2011-12-06 16:01 -------- dc----w- C:\_OTL
2011-12-05 13:27 . 2011-12-05 13:27 -------- d-----w- c:\program files\Common Files\Java
2011-12-05 13:27 . 2011-10-03 04:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-05 10:51 . 2011-11-21 10:47 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD5A83EA-D56D-467F-A275-E4C379345623}\mpengine.dll
2011-12-01 09:56 . 2011-12-01 09:56 -------- d-----w- c:\users\josch\AppData\Roaming\DVDVideoSoft
2011-12-01 09:54 . 2011-12-01 09:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-12-01 09:54 . 2011-12-01 09:54 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-30 23:25 . 2011-12-05 11:00 -------- d-----w- c:\users\UpdatusUser
2011-11-30 23:24 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-11-30 23:24 . 2011-10-15 08:53 487232 ----a-w- c:\windows\system32\nvhotkey.dll
2011-11-30 23:24 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-30 23:24 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-11-30 23:24 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-30 23:24 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-30 23:24 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-30 23:24 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-30 23:24 . 2011-11-30 23:24 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-30 23:19 . 2011-11-30 23:25 -------- d-----w- c:\program files\NVIDIA Corporation
2011-11-30 23:18 . 2011-11-30 23:18 -------- dc----w- C:\NVIDIA
2011-11-30 22:35 . 2011-10-15 08:53 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-11-30 22:35 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-30 22:35 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-30 22:35 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-30 22:35 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-30 22:35 . 2011-10-15 08:53 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-11-30 22:35 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-30 22:35 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-30 22:35 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-30 22:35 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-30 22:35 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-11-30 22:35 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-28 18:06 . 2011-11-28 18:06 -------- d-----w- c:\program files\ESET
2011-11-25 19:37 . 2009-07-01 17:05 232472 ----a-w- c:\windows\system32\drivers\iaNvStor.sys
2011-11-25 19:37 . 2009-07-01 17:01 172032 ----a-w- c:\windows\system32\nvccoin.dll
2011-11-25 19:37 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-11-25 18:13 . 2011-11-25 18:13 -------- d-----w- c:\users\josch\AppData\Roaming\Malwarebytes
2011-11-25 18:12 . 2011-11-25 18:12 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 18:12 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 18:12 . 2011-11-25 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-22 14:54 . 2011-11-22 15:57 -------- d-----w- c:\users\josch\Spiele
2011-11-22 14:48 . 2011-11-22 14:48 -------- d-----w- c:\windows\Sun
2011-11-22 14:38 . 2011-11-22 14:38 -------- d-----w- c:\program files\HWiNFO32
2011-11-22 08:51 . 2011-12-01 09:46 -------- d-----w- c:\program files\CCleaner
2011-11-18 16:58 . 2011-11-18 16:58 -------- d-----w- c:\users\josch\AppData\Roaming\dvdcss
2011-11-16 20:48 . 2011-11-16 20:48 -------- d-----w- c:\users\josch\AppData\Roaming\Nokia Suite
2011-11-16 20:23 . 2011-11-16 20:23 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-16 20:20 . 2011-11-16 20:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-16 20:20 . 2011-11-16 20:20 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-10 15:47 . 2011-11-10 15:48 -------- d-----w- c:\users\josch\AppData\Local\GoldenCheetah-v3
2011-11-10 15:46 . 2011-11-10 15:46 -------- d-----w- c:\program files\GoldenCheetah-v3
2011-11-09 15:52 . 2011-11-09 15:52 -------- d-----w- c:\program files\Common Files\Nokia
2011-11-09 15:50 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-11-09 15:50 . 2011-11-09 15:50 -------- d-----w- c:\program files\PC Connectivity Solution
2011-11-08 19:15 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 19:15 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 19:15 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 22:23 . 2011-05-14 19:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2007-03-09 09:56 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2007-03-09 09:56 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2007-03-09 09:57 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2007-03-09 09:57 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2007-03-09 09:57 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2007-03-09 09:57 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2007-03-09 09:57 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2007-03-09 09:57 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-03 04:06 . 2011-04-30 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-13 21:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-11 15:38 . 2007-03-09 09:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-23 7625248]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^josch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2011-11-01 14:40 1053056 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2007-03-09 136176]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-12-02 87336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2007-03-09 136176]
R3 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\I4LLMD.EXE [2004-07-23 24576]
R3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1343400]
R4 IBM LUM CR;IBM Central Registry License Server;c:\ifor\WIN\BIN\I4GDB.EXE [2004-07-23 24576]
R4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\I4LMD.EXE [2004-07-23 24576]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-30 611064]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 232472]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2011-09-22 21624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 44544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33862628
*NewlyCreated* - 38411453
*NewlyCreated* - 54912019
*NewlyCreated* - 77419845
*Deregistered* - 33862628
*Deregistered* - 38411453
*Deregistered* - 54912019
*Deregistered* - 77419845
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\josch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\josch\AppData\Roaming\Mozilla\Firefox\Profiles\t114plhl.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE1"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-06 20:31:41
ComboFix-quarantined-files.txt 2011-12-06 19:31
.
Vor Suchlauf: 14 Verzeichnis(se), 21.655.879.680 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.580.320.768 Bytes frei
.
- - End Of File - - 34069FDFE4DCC05F21C0E9A004982FF1
|
|
07.12.2011, 12:15
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.12.2011, 09:53
| #14 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-07 19:10:56
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0 rev.
Running: i6470fvd.exe; Driver: C:\Users\josch\AppData\Local\Temp\fgloypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DD50FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8ED66510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DD53456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DD534AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DD535C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DD533AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DD534FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DD53400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DD53572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DD50FE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8ED665C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DD50DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DD5100C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DD539BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DD51AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DD53486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DD534D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DD535EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DD533D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DD5353E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DD5342E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DD5359C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8ED66658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DD5196A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DD51030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DD51054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DD50E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DD50F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DD50F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DD50F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DD51078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8ED7A7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E50349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E89D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E90D80 4 Bytes [C4, 0F, D5, 8D] {LES ECX, DWORD [EDI]; AAD 0x8d}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E90DA8 4 Bytes [10, 65, D6, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E90E5C 8 Bytes [56, 34, D5, 8D, AE, 34, D5, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E90E68 4 Bytes [C4, 35, D5, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82E90E84 4 Bytes [AC, 33, D5, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8301DBE8 5 Bytes JMP 8ED7769C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 830361B8 5 Bytes JMP 8ED79174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8304B2FF 4 Bytes CALL 8DD52025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830650D1 4 Bytes CALL 8DD5203B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EEF10 7 Bytes JMP 8ED7A7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text user32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes [E9, 0A, 5C, 52, 8A] {JMP 0xffffffff8a525c0f}
.text user32.dll!UnhookWinEvent 75CEB750 5 Bytes [E9, A7, 4C, 52, 8A] {JMP 0xffffffff8a524cac}
.text user32.dll!SetWindowsHookExW 75CEE30C 5 Bytes [E9, F3, 24, 52, 8A] {JMP 0xffffffff8a5224f8}
.text user32.dll!SetWinEventHook 75CF24DC 5 Bytes [E9, 17, DD, 51, 8A] {JMP 0xffffffff8a51dd1c}
.text user32.dll!SetWindowsHookExA 75D16D0C 5 Bytes [E9, EF, 98, 4F, 8A] {JMP 0xffffffff8a4f98f4}
.text kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[108] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00100600
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[400] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\crypserv.exe[528] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\crypserv.exe[528] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\crypserv.exe[528] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\crypserv.exe[528] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00310A08
.text C:\Windows\system32\crypserv.exe[528] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003103FC
.text C:\Windows\system32\crypserv.exe[528] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00310804
.text C:\Windows\system32\crypserv.exe[528] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003101F8
.text C:\Windows\system32\crypserv.exe[528] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00310600
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[568] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[576] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[644] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[652] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[652] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[652] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00150A08
.text C:\Windows\system32\lsass.exe[652] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001503FC
.text C:\Windows\system32\lsass.exe[652] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00150804
.text C:\Windows\system32\lsass.exe[652] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001501F8
.text C:\Windows\system32\lsass.exe[652] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\lsm.exe[660] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[660] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[660] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[832] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[832] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[832] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001501F8
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[856] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00230A08
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002303FC
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00230804
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002301F8
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00230600
.text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 002E0A08
.text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002E03FC
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 002E0804
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002E01F8
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 002E0600
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00B50A08
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 00B503FC
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00B50804
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 00B501F8
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00B50600
.text C:\Windows\system32\winlogon.exe[1060] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1060] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1060] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1060] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[1060] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[1060] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[1060] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[1060] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 003A0A08
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003A03FC
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 003A0804
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003A01F8
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 003A0600
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00910A08
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 009103FC
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00910804
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 009101F8
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00910600
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00580A08
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 005803FC
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00580804
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 005801F8
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00580600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 000F03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 000F0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 75AAF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\spoolsv.exe[1920] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\spoolsv.exe[1920] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1920] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[1920] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[1920] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[1920] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[1920] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00840A08
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 008403FC
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00840804
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 008401F8
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00840600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00300804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2028] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00300600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2056] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Launch Manager\LManager.exe[2784] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Launch Manager\LManager.exe[2784] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Program Files\Launch Manager\LManager.exe[2784] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Launch Manager\LManager.exe[2784] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00330A08
.text C:\Program Files\Launch Manager\LManager.exe[2784] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003303FC
.text C:\Program Files\Launch Manager\LManager.exe[2784] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00330804
.text C:\Program Files\Launch Manager\LManager.exe[2784] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003301F8
.text C:\Program Files\Launch Manager\LManager.exe[2784] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00330600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2808] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00200600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003103FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00310804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003101F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00310600
.text C:\Windows\System32\svchost.exe[2980] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2980] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2980] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\PLFSetI.exe[3000] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001503FC
.text C:\Windows\PLFSetI.exe[3000] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001501F8
.text C:\Windows\PLFSetI.exe[3000] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\PLFSetI.exe[3000] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001E0A08
.text C:\Windows\PLFSetI.exe[3000] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001E03FC
.text C:\Windows\PLFSetI.exe[3000] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001E0804
.text C:\Windows\PLFSetI.exe[3000] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001E01F8
.text C:\Windows\PLFSetI.exe[3000] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001E0600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001701F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00200A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002003FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00200804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002001F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3084] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[3120] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[3120] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[3120] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3120] user32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00910A08
.text C:\Windows\System32\svchost.exe[3120] user32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 009103FC
.text C:\Windows\System32\svchost.exe[3120] user32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00910804
.text C:\Windows\System32\svchost.exe[3120] user32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 009101F8
.text C:\Windows\System32\svchost.exe[3120] user32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00910600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3160] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3172] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3172] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3172] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3172] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[3172] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00140600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3228] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[3304] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\SearchIndexer.exe[3304] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\SearchIndexer.exe[3304] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3304] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3304] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3304] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3304] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3304] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\Dwm.exe[3428] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[3428] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[3428] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3428] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[3428] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[3428] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[3428] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[3428] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\AUDIODG.EXE[3456] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001A03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001A0804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3464] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\taskhost.exe[3496] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[3496] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[3496] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3496] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[3496] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[3496] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[3496] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[3496] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 000E0600
.text C:\Windows\Explorer.EXE[3500] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[3500] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[3500] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3500] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00250A08
.text C:\Windows\Explorer.EXE[3500] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002503FC
.text C:\Windows\Explorer.EXE[3500] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00250804
.text C:\Windows\Explorer.EXE[3500] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002501F8
.text C:\Windows\Explorer.EXE[3500] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00250600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3748] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00210600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3756] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 001F0600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 000A03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 000A0804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 000A01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 000A0600
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00300A08
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 003003FC
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00300804
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 003001F8
.text C:\Users\josch\AppData\Local\Temp\RtkBtMnt.exe[3852] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00300600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00150A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 001503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00150804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 001501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3988] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[4932] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4932] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4932] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] ntdll.dll!LdrUnloadDll 76DFC8DE 5 Bytes JMP 001603FC
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] ntdll.dll!LdrLoadDll 76E022B8 5 Bytes JMP 001601F8
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] kernel32.dll!GetBinaryTypeW + 70 75AC69F4 1 Byte [62]
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] USER32.dll!UnhookWindowsHookEx 75CEADF9 5 Bytes JMP 00210A08
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] USER32.dll!UnhookWinEvent 75CEB750 5 Bytes JMP 002103FC
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] USER32.dll!SetWindowsHookExW 75CEE30C 5 Bytes JMP 00210804
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] USER32.dll!SetWinEventHook 75CF24DC 5 Bytes JMP 002101F8
.text C:\Users\josch\Desktop\i6470fvd.exe[6104] USER32.dll!SetWindowsHookExA 75D16D0C 5 Bytes JMP 00210600
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk1\DR1 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
|
|
08.12.2011, 10:00
| #15 |
| | Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 09:57:21 on 08.12.2011 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 8.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\josch\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "Dritek General Port I/O" (DritekPortIO) - ? - C:\Program Files\Launch Manager\DPortIO.sys (File not found) "fgloypog" (fgloypog) - ? - C:\Users\josch\AppData\Local\Temp\fgloypog.sys (Hidden registry entry, rootkit activity | File not found) "HWiNFO32/64 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Program Files\HWiNFO32\HWiNFO32.SYS "LUMDriver" (LUMDriver) - "IBM" - C:\Windows\system32\drivers\LUMDriver.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetworkX" (NetworkX) - ? - C:\Windows\system32\ckldrv.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {6A921E8A-C58C-4941-9E71-7946D9DCE941} "CSolidworkPropertyStore Class" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\sldpropertyhandler.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {21D928D4-4850-45E3-9982-AD57051ECD42} "EdrawingThumbNailProvider Class" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks eDrawings\edrwthumbnailprovider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {72670837-AA64-4C1D-AB58-A9D9D31A1216} "Solidworks Document Thumbnail Handler" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\sldthumbnailprovider.dll Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "IaNvSrv" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "PLFSetI" - ? - C:\Windows\PLFSetI.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Crypkey License" (Crypkey License) - "CrypKey (Canada) Ltd." - C:\Windows\system32\crypserv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Flexera Software, Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "IBM Nodelock License Server" (IBM LUM NDL) - "IBM" - C:\IFOR\WIN\BIN\I4LLMD.EXE "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe "SW Distributed TS Coordinator Service" (CoordinatorServiceHost) - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
| Themen zu Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus? |
| anti-malware, aufhängen, avast, dateien, explorer, folge, hilfe!, internetverbindung, langsam, maus, nicht mehr, notebook, pc sehr langsam, problem, programm, programme, rechner, scan, sehr langsam, system, tipps, verbindung, virus, virus?, w-lan |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
