| |
| |||||||
Log-Analyse und Auswertung: System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von MedienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2012, 22:22
| #1 |
| |  System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Hallo seit einiger Zeit habe ich Probleme mit meinem Laptop. Es ist ein Laptop der Marke Medion mit der Modelbezeichnung Akoya p6624. Ich habe es vor einem Jahr bei Aldi gekauft und es lief am Anfang echt gut doch mittlerweile nicht mehr. Ich hab Tuneup utilities 2012 installiert, um erstmal eventuelle Windowsfehler auszuschließen. Nach den Optimierungen habe ich einen Leistungsanstieg gemerkt doch es treten immer noch Probleme auf, weshalb ich davon ausgehe, dass es sich um Malware handeln könnte (Antivirus hat nichts gefunden). Meine Probleme sind folgende: Programme, vorallem Firefox, stürzen öfters grundlos ab, oder hören regelmäßig für einige Sekunden auf zu reagieren. Zum Beispiel als ich für diesen Beitrag meinen Pc mit GMER gescannt habe, ist das Programm mitten beim Scannen grundlos abgestürzt, erst beim zweiten Anlauf konnte ich einen erfolgreichen Scann durchführen. Manchmal Stürzt auch das ganze System ab und der Laptop schaltet sich einfach aus, ein paar Mal ist es sogar vorgekommen, dass ich ca. eine Stunde warten musste, weil er nach mehreren Versuche nicht hochfahren wollte. Meine Cpu Belastung ist manchmal durch manche Anwendungen unerklärlich hoch, z.b durch Sidebar.exe ( ca. 30 % ), Firefox(50-70%),Chrome(-40%). Wenn ich mein Netzteil in Mitten einer Videowiedergabe oder ähnliches anschließe oder ausstecke kommt es manchmal zu Abstürzen. Zu guter Letzt schafft es mein Laptop Medien nicht mehr flüssig abzuspielen. Bei Musik kommt es manchmal zu Verzögerungen und Verzerrungen, bei Videos ( mit VLC ) zu Verzerrungen von Bild oder es hackt einfach. Das wären die Symptome die bei mir auftreten ich hoffe ich kann euch mit dieser Information + Logfiles weiterhelfen. Ich kenn mich überhaupt nicht mit Viren und dergleichen aus, weshalb ich um Nachsicht bitte falls das überhaupt nichts damit zu tun hat, aber ich bin davon ausgegangen. Vielen Dank schon Mal im voraus. Mfg. Jonnyfoka |
|
17.02.2012, 11:59
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von MedienZitat:
 TU ist mit das schlimmste was du einem Windows-Rechner antun kannst, v.a. wenn du auch noch auf die grandiose Idee kommst, die Registry zu bereinigen  Probier mal: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
17.02.2012, 17:53
| #3 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Hey danke für die schnelle Hilfe!
__________________Wusste nicht dass TU so schlecht ist, hab immer gelesen, dass es Windows schneller macht :S Du meinst ich sollte es wieder deinstallieren oder? Würde gerne wissen wieso es so schlecht ist. Hab beide Scanns durchgeführt, beide Mal wurde was gefunden, hier die Logfiles: Logfile von Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.16.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Mark :: MARK-PC [Administrator] Schutz: Aktiviert 16.02.2012 18:00:12 mbam-log-2012-02-16 (18-00-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 408415 Laufzeit: 1 Stunde(n), 8 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EuroGrand Casino (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\Users\***\Downloads\u1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SetupCasino_641f_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Public\Documents\U1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RKOSY2I.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RY5H7UK.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RHXXG96.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Casino\EuroGrand Casino\_SetupCasino_641f_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Ultrasurf\u1003.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Ultrasurf\u1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=83bdadbcb7419d4aa9047d3722816459
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-17 04:40:00
# local_time=2012-02-17 05:40:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 331890 66026782 149476 0
# compatibility_mode=5893 16776574 100 94 4241 81121152 0 0
# compatibility_mode=8192 67108863 100 0 3917 3917 0 0
# scanned=219394
# found=4
# cleaned=0
# scan_time=6839
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2PSBPJH\brand_files[1].7zip a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Roaming\toolplugin\toolbar.dll Win32/Adware.ToolPlugin application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_pspice.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
|
|
17.02.2012, 18:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.02.2012, 19:13
| #5 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Hier der OTL.log : OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/17/2012 6:40:29 PM - Run 1 OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\***\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.18 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 58.58% Memory free 6.35 Gb Paging File | 4.89 Gb Available in Paging File | 76.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 565.07 Gb Total Space | 283.98 Gb Free Space | 50.26% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 9.61 Gb Free Space | 32.05% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/17 18:37:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/12/13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011/12/13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011/06/29 01:22:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/27 11:43:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/08 16:54:38 | 000,255,368 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_tray.exe PRC - [2010/11/08 16:54:38 | 000,107,400 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_service.exe PRC - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/06/26 01:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010/06/22 20:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE PRC - [2010/06/21 21:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2010/06/02 15:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/14 19:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/11 23:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011/08/31 12:13:52 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/07 03:37:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/12/13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/15 16:12:14 | 001,325,992 | ---- | M] (Nutzwerk GmbH) [Disabled | Stopped] -- C:\Program Files\SaferSurf-for-Free\bin\GlobRobProxyServices.exe -- (GlobRobProxyServices) SRV - [2011/07/14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011/06/29 01:22:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/26 20:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/05/07 16:26:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/04/27 11:43:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/11 02:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/11/08 16:54:38 | 000,107,400 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files\SecureW2\sw2_service.exe -- (SW2SVC) SRV - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/05/06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/07/08 12:00:06 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/06/29 01:22:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/29 01:22:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/20 17:15:54 | 000,052,224 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm) DRV - [2011/05/20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter) DRV - [2011/05/20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) Vodafone Vodafone ZTE DC Enumerator (ZTE) DRV - [2011/05/20 17:15:52 | 000,067,968 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) Vodafone Vodafone ZTE CDC-ACM driver (ZTE) DRV - [2011/05/20 17:15:52 | 000,009,984 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo) DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/10/15 01:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010/09/01 14:33:12 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010/07/26 15:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/07/26 15:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt) DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/05/10 20:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R) DRV - [2010/04/27 08:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 08:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub) DRV - [2010/03/18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010/03/04 16:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/03/02 12:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/02/26 22:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/08/13 07:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid) DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data] IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data] IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://co109w.col109.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1960928614!fid=1&fav=1&n=121980293|www.facebook.com|https://webmail.tu-harburg.de/horde/imp/login.php" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/03 21:54:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 00:36:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 21:54:27 | 000,000,000 | ---D | M] [2011/12/18 15:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/02/16 13:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions [2011/03/20 20:49:58 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010/10/29 18:46:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/02/18 14:05:12 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2011/12/24 13:24:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/27 12:03:59 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011/11/30 18:50:01 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\welcome@toolmin.com [2010/11/02 17:19:52 | 000,002,199 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml [2012/01/31 18:01:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml [2010/12/01 19:26:43 | 000,001,244 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml [2012/01/06 19:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/12/29 22:33:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{7FD52B87-AB55-46EC-BFE4-030FA7D9550B}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\CONTACTO@MOVIEZET.COM.XPI [2012/02/12 00:36:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/12/07 23:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/10/02 11:26:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/02 11:26:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/02 11:26:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/10/02 11:26:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/30 18:50:01 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2011/11/30 18:27:18 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011/10/02 11:26:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/02 11:26:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgboknoflmhcknhcjcfiakcfneppiea\2.3_0\ CHR - Extension: MonsterDivx = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkinfljboeildloankgjmljfibngeefa\0.95_0\ CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamcegpifjpiabcihcbedejkjgdgcfi\2.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Moviezet - Reproductor Online = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfgaeoabpbhdhgmiimjhmgmjckgdgdf\2.0_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfelaacnhmebkfigncdhamnepacfmdbj\1.0_0\ CHR - Extension: Cuevana Stream = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_1\ CHR - Extension: Cuevana Stream = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_1\.svn\props\.svn-work CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files\SecureW2\sw2_tray.exe (SecureW2 B.V.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F296444-9A0D-4683-8C5C-403042E9D49F}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26559E0-6842-4CEA-BEB2-774854E241BE}: NameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\cvh.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\realplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\safersurftray.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sftdde.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall_steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell - "" = AutoRun O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell - "" = AutoRun O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell - "" = AutoRun O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: BsScanner - Service SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: BsScanner - Service SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/17 15:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/17 15:37:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012/02/17 15:31:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/02/16 17:56:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012/02/16 17:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/16 17:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/16 17:56:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/02/16 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2012/02/15 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojanerboard [2012/02/15 16:18:33 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012/02/15 16:18:18 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012/02/15 16:18:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012/02/15 16:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2012/02/15 16:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2012/02/15 16:15:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012/02/05 16:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012/02/05 16:37:53 | 000,000,000 | ---D | C] -- C:\Users\***\SystemRequirementsLab [2012/02/03 21:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/02/03 21:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2012/02/02 13:59:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012/02/02 13:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/02/02 13:57:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/01/31 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/01/31 18:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012/01/28 17:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaferSurf-for-Free [2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\SaferSurf-for-Free [2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nutzwerk [2012/01/22 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simfy [2012/01/22 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2012/01/22 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\simfy [2012/01/18 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss [2011/08/31 12:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/17 18:22:07 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/17 18:22:07 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/17 18:21:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/17 16:22:11 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/17 15:37:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012/02/17 15:31:21 | 000,697,322 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/02/17 15:31:21 | 000,652,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/17 15:31:21 | 000,148,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/02/17 15:31:21 | 000,121,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/17 15:18:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/17 15:18:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/17 15:18:18 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2012/02/16 17:56:50 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/16 01:08:50 | 000,000,969 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012/02/16 01:08:50 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012/02/15 20:26:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012/02/15 16:18:17 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012/02/15 16:18:17 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2012/02/05 16:53:36 | 000,015,856 | ---- | M] () -- C:\Windows\System32\results.xml [2012/02/04 20:30:51 | 000,203,911 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.jpg [2012/02/03 21:54:22 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012/02/03 21:54:22 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/02/03 21:53:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012/02/02 21:44:29 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/30 21:05:55 | 000,001,865 | ---- | M] () -- C:\Users\***\Desktop\Hinweis zum SaferSurf Testaccount.lnk [2012/01/22 19:40:06 | 000,000,032 | ---- | M] () -- C:\Users\***\.simfy [2012/01/22 19:40:03 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/16 17:56:50 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/16 01:08:50 | 000,000,969 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012/02/16 01:08:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012/02/15 20:26:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/02/15 16:18:17 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012/02/15 16:18:17 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2012/02/15 16:18:17 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2012/02/04 20:30:51 | 000,203,911 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.jpg [2012/02/03 21:54:22 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012/02/03 21:54:22 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/01/29 18:23:58 | 000,001,865 | ---- | C] () -- C:\Users\***\Desktop\Hinweis zum SaferSurf Testaccount.lnk [2012/01/22 19:40:06 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy [2012/01/22 19:40:03 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk [2011/08/31 12:46:18 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2011/08/31 12:46:12 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2011/08/31 12:46:10 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2011/08/31 12:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/07/12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010/12/22 02:46:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/11/05 02:13:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2010/11/04 21:17:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/11/03 19:14:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010/11/03 13:46:26 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/29 13:37:45 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/08/13 23:50:46 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2010/08/13 23:50:45 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2010/08/09 14:26:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010/08/09 13:23:48 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe [2010/08/09 05:37:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/07/27 07:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2010/07/27 07:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2010/05/12 14:13:56 | 000,697,322 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/12 14:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/12 14:13:56 | 000,148,328 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/12 14:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 05:33:53 | 000,368,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,652,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,121,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008/09/16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/09/16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010/11/04 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard [2011/07/23 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/04/01 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011/01/27 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2011/03/28 18:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2011/02/14 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010/11/02 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011/11/30 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicNet [2012/02/03 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2011/03/28 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2012/01/22 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2012/02/07 02:10:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Inspection Library [2011/11/30 18:43:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toolplugin [2010/10/29 13:31:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012/02/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010/12/22 02:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles [2012/01/13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2012/02/16 17:37:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2012/01/22 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012/01/15 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2010/11/04 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011/01/26 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard [2010/10/29 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel [2011/04/16 04:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2010/11/03 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2012/01/18 22:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011/07/23 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/04/01 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/16 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet [2011/01/27 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2011/03/28 18:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2011/02/14 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010/10/28 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010/11/02 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010/11/02 13:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd [2010/11/02 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech [2010/10/28 13:43:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012/02/16 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009/07/14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010/11/03 04:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2012/01/23 13:37:55 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010/10/28 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011/11/30 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicNet [2012/02/03 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2011/03/28 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2012/02/03 21:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real [2012/01/22 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2012/02/16 00:33:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011/12/29 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2012/02/07 02:10:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Inspection Library [2011/11/30 18:43:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toolplugin [2010/10/29 13:31:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012/02/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010/12/22 02:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles [2012/01/30 22:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2012/01/13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2012/02/02 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp [2010/11/07 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012/01/22 19:36:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010/11/02 13:26:22 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012/01/06 19:35:35 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\FlashGot.exe [2012/01/29 16:21:35 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > [/code] |
|
17.02.2012, 19:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2010/11/02 17:19:52 | 000,002,199 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml
[2012/01/31 18:01:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml
[2010/12/01 19:26:43 | 000,001,244 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien |
|
18.02.2012, 14:57
| #7 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Ich habe den Fix durchgeführt doch nach dem Neustart, kann mein Laptop keine Verbindung zum Internet herstellen, auch nicht mit Lankabel. Der zeigt einfach die ganze Zeit "Es sind keine Verbindungen verfügbar" an. Auch kommt der Fehler, dass er keine Verbindung zu einem Windowsdienst herstellen kann. Das hochfahren selber, erst nachdem ich das Passwort für mein Benutzer eingetippt hab, braucht jetzt unendlich lange! ich muss ca. 5 Minuten Warten bis er erst den Desktop geladen hat. Logfile kann ich also leider nicht posten, da ich über einem anderen PC jetzt verbunden bin. Falls es nicht anders geht würde ich den Fix rückgängig machen wollen..:S |
|
18.02.2012, 15:48
| #8 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Da ich eine wichtige Arbeit an meinem Laptop schreibe und dafür dringend Internet brauche, habe ich das System auf gestern Abend wiederhergestellt, es tut mir sehr Leid aber ich konnte aus Zeitdruck nicht warten..:/ die Logfile von dem Fix ist aber erhalten geblieben : Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\0jgigkal.default\user.js moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
File C:\Program Files\Orbitdownloader\GrabPro.dll not found.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully.
C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.
C:\Program Files\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
C:\Users\***\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 3699934363 bytes
->Temporary Internet Files folder emptied: 270603050 bytes
->Java cache emptied: 1270521 bytes
->FireFox cache emptied: 87483486 bytes
->Google Chrome cache emptied: 305503241 bytes
->Apple Safari cache emptied: 1162240 bytes
->Flash cache emptied: 74536 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10423459 bytes
RecycleBin emptied: 5279771701 bytes
Total Files Cleaned = 9,209.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
OTL by OldTimer - Version 3.2.32.0 log created on 02182012_142556
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
19.02.2012, 18:38
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 01:03
| #10 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien sry, dass es diesmal ein wenig gedauert hat... hier das log: Code:
ATTFilter 00:59:21.0583 3900 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
00:59:22.0223 3900 ============================================================
00:59:22.0223 3900 Current date / time: 2012/02/22 00:59:22.0223
00:59:22.0223 3900 SystemInfo:
00:59:22.0223 3900
00:59:22.0223 3900 OS Version: 6.1.7601 ServicePack: 1.0
00:59:22.0223 3900 Product type: Workstation
00:59:22.0223 3900 ComputerName: MARK-PC
00:59:22.0223 3900 UserName: Mark
00:59:22.0223 3900 Windows directory: C:\Windows
00:59:22.0223 3900 System windows directory: C:\Windows
00:59:22.0223 3900 Processor architecture: Intel x86
00:59:22.0223 3900 Number of processors: 4
00:59:22.0223 3900 Page size: 0x1000
00:59:22.0223 3900 Boot type: Normal boot
00:59:22.0223 3900 ============================================================
00:59:22.0551 3900 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:59:22.0551 3900 \Device\Harddisk0\DR0:
00:59:22.0551 3900 MBR used
00:59:22.0551 3900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:59:22.0551 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x46A24000
00:59:22.0551 3900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x46A56800, BlocksNum 0x3C00000
00:59:22.0629 3900 Initialize success
00:59:22.0629 3900 ============================================================
01:00:40.0813 5028 ============================================================
01:00:40.0813 5028 Scan started
01:00:40.0813 5028 Mode: Manual; SigCheck; TDLFS;
01:00:40.0813 5028 ============================================================
01:00:41.0156 5028 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
01:00:41.0359 5028 1394ohci - ok
01:00:41.0453 5028 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
01:00:41.0468 5028 ACPI - ok
01:00:41.0546 5028 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
01:00:41.0640 5028 AcpiPmi - ok
01:00:41.0765 5028 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
01:00:41.0780 5028 adp94xx - ok
01:00:41.0827 5028 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
01:00:41.0843 5028 adpahci - ok
01:00:41.0889 5028 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
01:00:41.0905 5028 adpu320 - ok
01:00:41.0952 5028 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
01:00:42.0061 5028 AFD - ok
01:00:42.0092 5028 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
01:00:42.0108 5028 agp440 - ok
01:00:42.0186 5028 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
01:00:42.0186 5028 aic78xx - ok
01:00:42.0264 5028 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
01:00:42.0279 5028 aliide - ok
01:00:42.0311 5028 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
01:00:42.0326 5028 amdagp - ok
01:00:42.0342 5028 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
01:00:42.0357 5028 amdide - ok
01:00:42.0404 5028 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
01:00:42.0482 5028 AmdK8 - ok
01:00:42.0498 5028 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
01:00:42.0545 5028 AmdPPM - ok
01:00:42.0607 5028 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
01:00:42.0607 5028 amdsata - ok
01:00:42.0669 5028 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
01:00:42.0669 5028 amdsbs - ok
01:00:42.0701 5028 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
01:00:42.0701 5028 amdxata - ok
01:00:42.0763 5028 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
01:00:42.0888 5028 AppID - ok
01:00:43.0013 5028 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
01:00:43.0013 5028 arc - ok
01:00:43.0028 5028 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
01:00:43.0044 5028 arcsas - ok
01:00:43.0091 5028 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:43.0247 5028 AsyncMac - ok
01:00:43.0434 5028 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
01:00:43.0434 5028 atapi - ok
01:00:43.0496 5028 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:43.0527 5028 avgntflt - ok
01:00:43.0574 5028 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
01:00:43.0590 5028 avipbb - ok
01:00:43.0637 5028 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
01:00:43.0730 5028 b06bdrv - ok
01:00:43.0777 5028 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:00:43.0808 5028 b57nd60x - ok
01:00:43.0886 5028 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:00:43.0949 5028 Beep - ok
01:00:44.0011 5028 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:00:44.0027 5028 blbdrive - ok
01:00:44.0089 5028 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
01:00:44.0136 5028 bowser - ok
01:00:44.0167 5028 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:00:44.0229 5028 BrFiltLo - ok
01:00:44.0261 5028 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:00:44.0307 5028 BrFiltUp - ok
01:00:44.0370 5028 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:00:44.0432 5028 Brserid - ok
01:00:44.0463 5028 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:00:44.0526 5028 BrSerWdm - ok
01:00:44.0557 5028 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:00:44.0588 5028 BrUsbMdm - ok
01:00:44.0619 5028 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:00:44.0666 5028 BrUsbSer - ok
01:00:44.0697 5028 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
01:00:44.0729 5028 BTHMODEM - ok
01:00:44.0775 5028 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:00:44.0822 5028 cdfs - ok
01:00:44.0885 5028 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
01:00:44.0916 5028 cdrom - ok
01:00:44.0947 5028 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
01:00:45.0025 5028 circlass - ok
01:00:45.0056 5028 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:00:45.0072 5028 CLFS - ok
01:00:45.0119 5028 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:45.0150 5028 CmBatt - ok
01:00:45.0197 5028 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
01:00:45.0197 5028 cmdide - ok
01:00:45.0243 5028 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
01:00:45.0259 5028 CNG - ok
01:00:45.0306 5028 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:00:45.0321 5028 Compbatt - ok
01:00:45.0353 5028 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
01:00:45.0399 5028 CompositeBus - ok
01:00:45.0446 5028 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
01:00:45.0446 5028 crcdisk - ok
01:00:45.0524 5028 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
01:00:45.0571 5028 DfsC - ok
01:00:45.0618 5028 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:00:45.0665 5028 discache - ok
01:00:45.0727 5028 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
01:00:45.0743 5028 Disk - ok
01:00:45.0805 5028 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:00:45.0836 5028 drmkaud - ok
01:00:45.0883 5028 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
01:00:45.0914 5028 DXGKrnl - ok
01:00:46.0008 5028 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
01:00:46.0086 5028 ebdrv - ok
01:00:46.0211 5028 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
01:00:46.0226 5028 elxstor - ok
01:00:46.0273 5028 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
01:00:46.0320 5028 ErrDev - ok
01:00:46.0367 5028 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:00:46.0413 5028 exfat - ok
01:00:46.0460 5028 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:00:46.0507 5028 fastfat - ok
01:00:46.0569 5028 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
01:00:46.0585 5028 fdc - ok
01:00:46.0632 5028 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:00:46.0647 5028 FileInfo - ok
01:00:46.0679 5028 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:00:46.0725 5028 Filetrace - ok
01:00:46.0772 5028 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:46.0819 5028 flpydisk - ok
01:00:46.0850 5028 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:00:46.0866 5028 FltMgr - ok
01:00:46.0897 5028 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:00:46.0913 5028 FsDepends - ok
01:00:46.0928 5028 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
01:00:46.0928 5028 Fs_Rec - ok
01:00:46.0975 5028 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
01:00:46.0991 5028 fvevol - ok
01:00:47.0037 5028 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:00:47.0037 5028 gagp30kx - ok
01:00:47.0084 5028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:00:47.0084 5028 GEARAspiWDM - ok
01:00:47.0162 5028 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
01:00:47.0209 5028 giveio ( UnsignedFile.Multi.Generic ) - warning
01:00:47.0209 5028 giveio - detected UnsignedFile.Multi.Generic (1)
01:00:47.0287 5028 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:00:47.0349 5028 hcw85cir - ok
01:00:47.0396 5028 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
01:00:47.0443 5028 HdAudAddService - ok
01:00:47.0505 5028 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
01:00:47.0537 5028 HDAudBus - ok
01:00:47.0583 5028 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
01:00:47.0646 5028 HECI - ok
01:00:47.0677 5028 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
01:00:47.0693 5028 HidBatt - ok
01:00:47.0739 5028 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
01:00:47.0771 5028 HidBth - ok
01:00:47.0802 5028 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
01:00:47.0833 5028 HidIr - ok
01:00:47.0880 5028 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
01:00:47.0927 5028 HidUsb - ok
01:00:47.0989 5028 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
01:00:48.0005 5028 HpSAMD - ok
01:00:48.0051 5028 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
01:00:48.0114 5028 HTTP - ok
01:00:48.0161 5028 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:00:48.0192 5028 hwdatacard - ok
01:00:48.0223 5028 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
01:00:48.0239 5028 hwpolicy - ok
01:00:48.0285 5028 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
01:00:48.0332 5028 i8042prt - ok
01:00:48.0395 5028 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
01:00:48.0410 5028 iaStor - ok
01:00:48.0519 5028 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
01:00:48.0535 5028 iaStorV - ok
01:00:48.0753 5028 igfx (24ccec128bebb148e50c6093523ad686) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:00:49.0081 5028 igfx - ok
01:00:49.0190 5028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
01:00:49.0190 5028 iirsp - ok
01:00:49.0253 5028 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
01:00:49.0315 5028 Impcd - ok
01:00:49.0393 5028 IntcAzAudAddService (acec5bbee4aa34d74be0e2e512cc2026) C:\Windows\system32\drivers\RTKVHDA.sys
01:00:49.0471 5028 IntcAzAudAddService - ok
01:00:49.0627 5028 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
01:00:49.0674 5028 IntcDAud - ok
01:00:49.0705 5028 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
01:00:49.0721 5028 intelide - ok
01:00:49.0767 5028 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:00:49.0783 5028 intelppm - ok
01:00:49.0830 5028 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:00:49.0877 5028 IpFilterDriver - ok
01:00:49.0908 5028 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
01:00:49.0939 5028 IPMIDRV - ok
01:00:49.0970 5028 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:00:50.0033 5028 IPNAT - ok
01:00:50.0095 5028 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:00:50.0173 5028 IRENUM - ok
01:00:50.0204 5028 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
01:00:50.0220 5028 isapnp - ok
01:00:50.0235 5028 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
01:00:50.0251 5028 iScsiPrt - ok
01:00:50.0298 5028 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
01:00:50.0298 5028 kbdclass - ok
01:00:50.0329 5028 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
01:00:50.0360 5028 kbdhid - ok
01:00:50.0423 5028 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
01:00:50.0438 5028 KSecDD - ok
01:00:50.0469 5028 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
01:00:50.0485 5028 KSecPkg - ok
01:00:50.0532 5028 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
01:00:50.0547 5028 L1C - ok
01:00:50.0610 5028 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:00:50.0610 5028 LHidFilt - ok
01:00:50.0672 5028 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:00:50.0719 5028 lltdio - ok
01:00:50.0766 5028 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:00:50.0766 5028 LMouFilt - ok
01:00:50.0844 5028 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:00:50.0859 5028 LSI_FC - ok
01:00:50.0875 5028 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:00:50.0891 5028 LSI_SAS - ok
01:00:50.0922 5028 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:00:50.0937 5028 LSI_SAS2 - ok
01:00:50.0953 5028 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:00:50.0969 5028 LSI_SCSI - ok
01:00:51.0000 5028 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:00:51.0047 5028 luafv - ok
01:00:51.0093 5028 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
01:00:51.0093 5028 LUsbFilt - ok
01:00:51.0156 5028 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
01:00:51.0156 5028 MBAMProtector - ok
01:00:51.0187 5028 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
01:00:51.0203 5028 megasas - ok
01:00:51.0249 5028 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
01:00:51.0265 5028 MegaSR - ok
01:00:51.0312 5028 mod7700 (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys
01:00:51.0343 5028 mod7700 - ok
01:00:51.0405 5028 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:00:51.0468 5028 Modem - ok
01:00:51.0499 5028 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:00:51.0530 5028 monitor - ok
01:00:51.0577 5028 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:00:51.0593 5028 mouclass - ok
01:00:51.0624 5028 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
01:00:51.0655 5028 mouhid - ok
01:00:51.0717 5028 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
01:00:51.0733 5028 mountmgr - ok
01:00:51.0749 5028 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
01:00:51.0764 5028 mpio - ok
01:00:51.0842 5028 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:00:51.0889 5028 mpsdrv - ok
01:00:51.0936 5028 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
01:00:51.0998 5028 MRxDAV - ok
01:00:52.0029 5028 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:00:52.0092 5028 mrxsmb - ok
01:00:52.0123 5028 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:00:52.0170 5028 mrxsmb10 - ok
01:00:52.0201 5028 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:00:52.0232 5028 mrxsmb20 - ok
01:00:52.0263 5028 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
01:00:52.0279 5028 msahci - ok
01:00:52.0310 5028 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
01:00:52.0310 5028 msdsm - ok
01:00:52.0357 5028 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:00:52.0388 5028 Msfs - ok
01:00:52.0419 5028 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:00:52.0466 5028 mshidkmdf - ok
01:00:52.0482 5028 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
01:00:52.0497 5028 msisadrv - ok
01:00:52.0544 5028 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:00:52.0591 5028 MSKSSRV - ok
01:00:52.0622 5028 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:00:52.0653 5028 MSPCLOCK - ok
01:00:52.0669 5028 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:00:52.0700 5028 MSPQM - ok
01:00:52.0731 5028 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:00:52.0747 5028 MsRPC - ok
01:00:52.0794 5028 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
01:00:52.0794 5028 mssmbios - ok
01:00:52.0809 5028 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:00:52.0856 5028 MSTEE - ok
01:00:52.0903 5028 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
01:00:52.0919 5028 MTConfig - ok
01:00:52.0950 5028 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:00:52.0950 5028 Mup - ok
01:00:52.0997 5028 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:00:53.0043 5028 NativeWifiP - ok
01:00:53.0075 5028 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
01:00:53.0106 5028 NDIS - ok
01:00:53.0137 5028 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:00:53.0168 5028 NdisCap - ok
01:00:53.0215 5028 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:00:53.0262 5028 NdisTapi - ok
01:00:53.0293 5028 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
01:00:53.0340 5028 Ndisuio - ok
01:00:53.0371 5028 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
01:00:53.0402 5028 NdisWan - ok
01:00:53.0433 5028 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
01:00:53.0480 5028 NDProxy - ok
01:00:53.0527 5028 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:00:53.0574 5028 NetBIOS - ok
01:00:53.0621 5028 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
01:00:53.0683 5028 NetBT - ok
01:00:53.0808 5028 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
01:00:53.0808 5028 nfrd960 - ok
01:00:53.0855 5028 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:00:53.0901 5028 Npfs - ok
01:00:53.0917 5028 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:00:53.0964 5028 nsiproxy - ok
01:00:54.0026 5028 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
01:00:54.0057 5028 Ntfs - ok
01:00:54.0182 5028 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:00:54.0245 5028 Null - ok
01:00:54.0291 5028 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
01:00:54.0291 5028 nusb3hub - ok
01:00:54.0354 5028 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:00:54.0354 5028 nusb3xhc - ok
01:00:54.0603 5028 nvlddmkm (011c6e2e44a36ed7acb57fd6197f0516) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:00:54.0900 5028 nvlddmkm - ok
01:00:54.0978 5028 nvpciflt (47188871f2a151746a93deef0dbc26d9) C:\Windows\system32\DRIVERS\nvpciflt.sys
01:00:54.0993 5028 nvpciflt - ok
01:00:55.0040 5028 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
01:00:55.0056 5028 nvraid - ok
01:00:55.0071 5028 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
01:00:55.0087 5028 nvstor - ok
01:00:55.0103 5028 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
01:00:55.0118 5028 nv_agp - ok
01:00:55.0134 5028 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
01:00:55.0196 5028 ohci1394 - ok
01:00:55.0227 5028 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
01:00:55.0259 5028 Parport - ok
01:00:55.0290 5028 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
01:00:55.0305 5028 partmgr - ok
01:00:55.0321 5028 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
01:00:55.0352 5028 Parvdm - ok
01:00:55.0383 5028 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
01:00:55.0399 5028 pci - ok
01:00:55.0415 5028 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
01:00:55.0430 5028 pciide - ok
01:00:55.0461 5028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
01:00:55.0477 5028 pcmcia - ok
01:00:55.0508 5028 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
01:00:55.0508 5028 pcw - ok
01:00:55.0539 5028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
01:00:55.0602 5028 PEAUTH - ok
01:00:55.0680 5028 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
01:00:55.0727 5028 PptpMiniport - ok
01:00:55.0773 5028 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
01:00:55.0805 5028 Processor - ok
01:00:55.0851 5028 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
01:00:55.0914 5028 Psched - ok
01:00:55.0992 5028 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
01:00:56.0023 5028 ql2300 - ok
01:00:56.0148 5028 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
01:00:56.0148 5028 ql40xx - ok
01:00:56.0195 5028 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
01:00:56.0226 5028 QWAVEdrv - ok
01:00:56.0257 5028 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
01:00:56.0304 5028 RasAcd - ok
01:00:56.0351 5028 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:00:56.0397 5028 RasAgileVpn - ok
01:00:56.0429 5028 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:00:56.0475 5028 Rasl2tp - ok
01:00:56.0522 5028 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
01:00:56.0569 5028 RasPppoe - ok
01:00:56.0616 5028 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
01:00:56.0663 5028 RasSstp - ok
01:00:56.0709 5028 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
01:00:56.0756 5028 rdbss - ok
01:00:56.0787 5028 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
01:00:56.0819 5028 rdpbus - ok
01:00:56.0865 5028 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:00:56.0912 5028 RDPCDD - ok
01:00:56.0975 5028 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
01:00:57.0021 5028 RDPENCDD - ok
01:00:57.0053 5028 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
01:00:57.0099 5028 RDPREFMP - ok
01:00:57.0131 5028 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
01:00:57.0162 5028 RDPWD - ok
01:00:57.0224 5028 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
01:00:57.0240 5028 rdyboost - ok
01:00:57.0318 5028 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
01:00:57.0365 5028 RimUsb - ok
01:00:57.0411 5028 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
01:00:57.0458 5028 rspndr - ok
01:00:57.0505 5028 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys
01:00:57.0521 5028 RSUSBSTOR - ok
01:00:57.0567 5028 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
01:00:57.0599 5028 RTL8167 - ok
01:00:57.0661 5028 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
01:00:57.0692 5028 rtl8192se - ok
01:00:57.0801 5028 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
01:00:57.0817 5028 sbp2port - ok
01:00:57.0864 5028 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
01:00:57.0926 5028 scfilter - ok
01:00:57.0989 5028 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:00:58.0035 5028 secdrv - ok
01:00:58.0113 5028 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
01:00:58.0160 5028 Serenum - ok
01:00:58.0207 5028 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
01:00:58.0238 5028 Serial - ok
01:00:58.0285 5028 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
01:00:58.0316 5028 sermouse - ok
01:00:58.0363 5028 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
01:00:58.0425 5028 sffdisk - ok
01:00:58.0441 5028 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
01:00:58.0472 5028 sffp_mmc - ok
01:00:58.0488 5028 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
01:00:58.0535 5028 sffp_sd - ok
01:00:58.0566 5028 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
01:00:58.0597 5028 sfloppy - ok
01:00:58.0659 5028 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:00:58.0691 5028 Sftfs - ok
01:00:58.0706 5028 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:00:58.0722 5028 Sftplay - ok
01:00:58.0737 5028 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:00:58.0753 5028 Sftredir - ok
01:00:58.0769 5028 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:00:58.0769 5028 Sftvol - ok
01:00:58.0800 5028 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
01:00:58.0815 5028 sisagp - ok
01:00:58.0862 5028 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:00:58.0878 5028 SiSRaid2 - ok
01:00:58.0909 5028 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
01:00:58.0909 5028 SiSRaid4 - ok
01:00:58.0940 5028 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
01:00:59.0003 5028 Smb - ok
01:00:59.0081 5028 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
01:00:59.0081 5028 speedfan - ok
01:00:59.0112 5028 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
01:00:59.0112 5028 spldr - ok
01:00:59.0143 5028 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
01:00:59.0205 5028 srv - ok
01:00:59.0237 5028 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
01:00:59.0268 5028 srv2 - ok
01:00:59.0299 5028 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
01:00:59.0330 5028 srvnet - ok
01:00:59.0377 5028 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
01:00:59.0393 5028 ssmdrv - ok
01:00:59.0502 5028 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
01:00:59.0517 5028 stexstor - ok
01:00:59.0549 5028 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
01:00:59.0564 5028 swenum - ok
01:00:59.0611 5028 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
01:00:59.0627 5028 SynTP - ok
01:00:59.0689 5028 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
01:00:59.0720 5028 Tcpip - ok
01:00:59.0907 5028 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
01:00:59.0939 5028 TCPIP6 - ok
01:00:59.0970 5028 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
01:01:00.0001 5028 tcpipreg - ok
01:01:00.0048 5028 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
01:01:00.0095 5028 TDPIPE - ok
01:01:00.0110 5028 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
01:01:00.0157 5028 TDTCP - ok
01:01:00.0204 5028 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
01:01:00.0251 5028 tdx - ok
01:01:00.0297 5028 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
01:01:00.0297 5028 TermDD - ok
01:01:00.0344 5028 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:00.0391 5028 tssecsrv - ok
01:01:00.0453 5028 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
01:01:00.0516 5028 TsUsbFlt - ok
01:01:00.0656 5028 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
01:01:00.0656 5028 TuneUpUtilitiesDrv - ok
01:01:00.0781 5028 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
01:01:00.0828 5028 tunnel - ok
01:01:00.0859 5028 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
01:01:00.0875 5028 uagp35 - ok
01:01:00.0921 5028 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
01:01:00.0968 5028 udfs - ok
01:01:01.0015 5028 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
01:01:01.0031 5028 uliagpkx - ok
01:01:01.0062 5028 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
01:01:01.0093 5028 umbus - ok
01:01:01.0124 5028 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
01:01:01.0155 5028 UmPass - ok
01:01:01.0218 5028 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
01:01:01.0249 5028 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
01:01:01.0249 5028 USBAAPL - detected UnsignedFile.Multi.Generic (1)
01:01:01.0296 5028 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
01:01:01.0343 5028 usbccgp - ok
01:01:01.0374 5028 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
01:01:01.0405 5028 usbcir - ok
01:01:01.0436 5028 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
01:01:01.0452 5028 usbehci - ok
01:01:01.0483 5028 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
01:01:01.0514 5028 usbhub - ok
01:01:01.0561 5028 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
01:01:01.0592 5028 usbohci - ok
01:01:01.0623 5028 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
01:01:01.0639 5028 usbprint - ok
01:01:01.0670 5028 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
01:01:01.0701 5028 usbscan - ok
01:01:01.0764 5028 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:01.0811 5028 USBSTOR - ok
01:01:01.0826 5028 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
01:01:01.0873 5028 usbuhci - ok
01:01:01.0951 5028 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
01:01:01.0982 5028 usbvideo - ok
01:01:02.0060 5028 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
01:01:02.0076 5028 vdrvroot - ok
01:01:02.0138 5028 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:02.0185 5028 vga - ok
01:01:02.0216 5028 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
01:01:02.0232 5028 VgaSave - ok
01:01:02.0279 5028 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
01:01:02.0279 5028 vhdmp - ok
01:01:02.0310 5028 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
01:01:02.0325 5028 viaagp - ok
01:01:02.0357 5028 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
01:01:02.0372 5028 ViaC7 - ok
01:01:02.0403 5028 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
01:01:02.0419 5028 viaide - ok
01:01:02.0466 5028 vodafone_K3805-z_dc_enum (99d9ea024462c5ab369299f794c0bab7) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
01:01:02.0528 5028 vodafone_K3805-z_dc_enum - ok
01:01:02.0559 5028 vodafone_zte_cdc_acm (3ad0d0044a4f2ad80f368bb9293ffee5) C:\Windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys
01:01:02.0591 5028 vodafone_zte_cdc_acm - ok
01:01:02.0622 5028 vodafone_zte_cdc_ecm (83e9661bc716bf1bfea7a6a6273a4cec) C:\Windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys
01:01:02.0653 5028 vodafone_zte_cdc_ecm - ok
01:01:02.0700 5028 vodafone_zte_cpo (ece758f4838df809e116cfd401d503a4) C:\Windows\system32\DRIVERS\vodafone_zte_cpo.sys
01:01:02.0731 5028 vodafone_zte_cpo - ok
01:01:02.0762 5028 vodafone_zte_ecm_enum (565b78a7ca79b32369b9e734c653de36) C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys
01:01:02.0793 5028 vodafone_zte_ecm_enum - ok
01:01:02.0825 5028 vodafone_zte_ecm_enum_filter (565b78a7ca79b32369b9e734c653de36) C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys
01:01:02.0825 5028 vodafone_zte_ecm_enum_filter - ok
01:01:02.0856 5028 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
01:01:02.0871 5028 volmgr - ok
01:01:02.0918 5028 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
01:01:02.0934 5028 volmgrx - ok
01:01:02.0981 5028 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
01:01:02.0996 5028 volsnap - ok
01:01:03.0043 5028 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
01:01:03.0059 5028 vsmraid - ok
01:01:03.0090 5028 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
01:01:03.0121 5028 vwifibus - ok
01:01:03.0168 5028 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
01:01:03.0215 5028 vwififlt - ok
01:01:03.0261 5028 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
01:01:03.0277 5028 WacomPen - ok
01:01:03.0324 5028 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:03.0371 5028 WANARP - ok
01:01:03.0371 5028 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:03.0402 5028 Wanarpv6 - ok
01:01:03.0464 5028 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
01:01:03.0480 5028 Wd - ok
01:01:03.0527 5028 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:01:03.0542 5028 Wdf01000 - ok
01:01:03.0589 5028 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
01:01:03.0636 5028 WfpLwf - ok
01:01:03.0667 5028 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
01:01:03.0667 5028 WIMMount - ok
01:01:03.0745 5028 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
01:01:03.0792 5028 WinUsb - ok
01:01:03.0823 5028 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
01:01:03.0870 5028 WmiAcpi - ok
01:01:03.0917 5028 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
01:01:03.0963 5028 ws2ifsl - ok
01:01:04.0010 5028 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
01:01:04.0057 5028 WudfPf - ok
01:01:04.0104 5028 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:01:04.0151 5028 WUDFRd - ok
01:01:04.0229 5028 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
01:01:04.0244 5028 X10Hid - ok
01:01:04.0291 5028 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys
01:01:04.0307 5028 XUIF - ok
01:01:04.0338 5028 MBR (0x1B8) (7827ce22d5b6a2e3fa5111270dd20242) \Device\Harddisk0\DR0
01:01:06.0693 5028 \Device\Harddisk0\DR0 - ok
01:01:06.0725 5028 Boot (0x1200) (b0d5a8fbf3d19023aa16814c187ebafb) \Device\Harddisk0\DR0\Partition0
01:01:06.0725 5028 \Device\Harddisk0\DR0\Partition0 - ok
01:01:06.0740 5028 Boot (0x1200) (94a25f0864972491b870d83b6c2142c2) \Device\Harddisk0\DR0\Partition1
01:01:06.0740 5028 \Device\Harddisk0\DR0\Partition1 - ok
01:01:06.0771 5028 Boot (0x1200) (e07850f3d6af56e0d1116a7339a3b2db) \Device\Harddisk0\DR0\Partition2
01:01:06.0771 5028 \Device\Harddisk0\DR0\Partition2 - ok
01:01:06.0771 5028 ============================================================
01:01:06.0771 5028 Scan finished
01:01:06.0771 5028 ============================================================
01:01:06.0787 4280 Detected object count: 2
01:01:06.0787 4280 Actual detected object count: 2
01:01:27.0223 4280 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:27.0223 4280 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:01:27.0223 4280 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:27.0223 4280 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.02.2012, 11:08
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 17:07
| #12 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Combofix Logfile: Code:
ATTFilter ComboFix 12-02-22.01 - Mark 22.02.2012 16:36:28.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3253.2019 [GMT 1:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\users\Mark\AppData\Local\Minibar
c:\users\Mark\AppData\Local\Minibar\chrome\background.html
c:\users\Mark\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Mark\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Mark\AppData\Local\Minibar\chrome\main.js
c:\users\Mark\AppData\Local\Minibar\chrome\manifest.json
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Mark\AppData\Local\Minibar\chrome\popup.html
c:\users\Mark\AppData\Local\Minibar\chrome\popup.js
c:\users\Mark\AppData\Local\Minibar\chrome\tab.html
c:\users\Mark\AppData\Local\Minibar\chrome\tab.js
c:\users\Mark\AppData\Local\Minibar\chrome_installer.js
c:\users\Mark\AppData\Local\Minibar\common.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\install.rdf
c:\users\Mark\AppData\Local\Minibar\firefox_installer.js
c:\users\Mark\AppData\Local\Minibar\ie_installer.js
c:\users\Mark\AppData\Local\Minibar\install.json
c:\users\Mark\AppData\Local\Minibar\minibar.crx
c:\users\Mark\AppData\Local\Minibar\minibar.xpi
c:\users\Mark\AppData\Local\Minibar\sqlite3.exe
c:\users\Mark\AppData\Local\Minibar\Uninstall.exe
c:\users\Mark\AppData\Roaming\toolplugin\toOLbar.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-22 bis 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-22 15:45 . 2012-02-22 15:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-21 16:33 . 2012-02-21 16:34 -------- d-----w- c:\program files\facebookJS
2012-02-18 13:39 . 2012-02-18 13:39 -------- d-----w- c:\users\Mark\AppData\Local\ElevatedDiagnostics
2012-02-18 13:25 . 2012-02-18 13:25 -------- d-----w- C:\_OTL
2012-02-17 14:40 . 2012-02-17 14:40 -------- d-----w- c:\program files\ESET
2012-02-17 14:35 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8472B2D-56E4-4918-9151-D32D199FCBAD}\mpengine.dll
2012-02-16 16:56 . 2012-02-16 16:56 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-16 16:56 . 2012-02-16 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 16:56 . 2012-02-16 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 16:56 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 12:30 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 12:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 12:29 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:08 . 2012-02-20 19:58 -------- d-----w- c:\program files\SpeedFan
2012-02-15 15:18 . 2011-12-13 08:35 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-15 15:18 . 2011-12-13 08:29 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-15 15:18 . 2011-12-13 08:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-15 15:16 . 2012-02-15 15:19 -------- d-----w- c:\program files\TuneUp Utilities 2011
2012-02-15 15:15 . 2012-02-15 15:15 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-02-05 15:38 . 2012-02-05 15:38 -------- d-----w- c:\program files\SystemRequirementsLab
2012-02-05 15:37 . 2012-02-05 15:37 -------- d-----w- c:\users\Mark\SystemRequirementsLab
2012-02-03 20:54 . 2012-02-03 20:54 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-02-03 20:54 . 2012-02-03 20:54 -------- d-----w- c:\program files\Common Files\xing shared
2012-02-03 20:54 . 2012-02-03 20:54 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-02-03 20:53 . 2012-02-03 20:53 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-02-02 12:59 . 2012-02-15 15:17 -------- d-----w- c:\users\Mark\AppData\Roaming\TuneUp Software
2012-02-02 12:57 . 2012-02-15 15:17 -------- d-----w- c:\programdata\TuneUp Software
2012-02-02 12:57 . 2012-02-02 12:57 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-31 17:01 . 2012-01-31 17:01 -------- d-----w- c:\program files\SweetIM
2012-01-31 17:01 . 2012-01-31 17:01 -------- d-----w- c:\programdata\SweetIM
2012-01-28 16:58 . 2012-01-28 16:58 -------- d-----w- c:\programdata\Caphyon
2012-01-28 16:58 . 2012-01-28 16:58 -------- d-----w- c:\program files\SaferSurf-for-Free
2012-01-28 16:58 . 2012-01-28 16:58 -------- d-----w- c:\programdata\Nutzwerk
2012-01-27 01:31 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 13:43 . 2010-11-01 19:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-09 13:43 . 2010-10-29 13:24 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-06 13:53 . 2010-10-29 13:25 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 13:53 . 2010-10-29 13:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 13:53 . 2010-12-25 12:04 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-03 20:53 . 2010-08-09 12:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-26 23:21 . 2010-07-06 21:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 19:52 . 2011-10-27 09:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-21 15:22 . 2010-11-01 19:25 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-21 17:04 . 2011-05-10 01:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27 1330480 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-02 9222760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-02 1481320]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SecureW2 Tray"="c:\program files\SecureW2\sw2_tray.exe" [2010-11-08 255368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 176408]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Valve\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"MobileBroadband"=c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\DRIVERS\vodafone_zte_cpo.sys [2011-05-20 9984]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1343400]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R4 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-11 249648]
R4 GlobRobProxyServices;GlobRobProxyServices;c:\program files\SaferSurf-for-Free\bin\GlobRobProxyServices.exe [2011-09-15 1325992]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-26 19656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-27 1620584]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SW2SVC;SecureW2 Service;c:\program files\SecureW2\sw2_service.exe [2010-11-08 107400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-10 2320920]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-07-08 10064]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952]
S3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [2011-05-20 67968]
S3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys [2011-05-20 52224]
S3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys [2011-05-20 47488]
S3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [2011-05-20 47488]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 16:56]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 16:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.imesh.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = local;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Mark\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mark\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\SaferSurf-for-Free\bin\wslsp.dll
TCP: Interfaces\{E26559E0-6842-4CEA-BEB2-774854E241BE}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://co109w.col109.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1960928614!fid=1&fav=1&n=121980293|www.facebook.com|https://webmail.tu-harburg.de/horde/imp/login.php
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-22 16:47:22
ComboFix-quarantined-files.txt 2012-02-22 15:47
.
Vor Suchlauf: 9 Verzeichnis(se), 313.791.270.912 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 313.886.969.856 Bytes frei
.
- - End Of File - - 9A9093F499140676284331EC63F5D1CA
|
|
22.02.2012, 19:48
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 00:51
| #14 |
| | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Log GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-22 23:18:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1
Running: oqjqq6vl.exe; Driver: C:\Users\Mark\AppData\Local\Temp\pwldypoc.sys
---- System - GMER 1.0.15 ----
SSDT 91BB0ACE ZwCreateSection
SSDT 91BB0AD3 ZwSetContextThread
SSDT 91BB0A6F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E82369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC2EAC 4 Bytes [CE, 0A, BB, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC324C 4 Bytes [D3, 0A, BB, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82EC3324 4 Bytes [6F, 0A, BB, 91]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Mark\Desktop\Spiele\Sniper[bna]\x2122Uploadz - Plants vs Zombies - GOTY Edition\Plants.vs.Zombies.GOTY.Edition.Sniper[bna].exe 1
---- EOF - GMER 1.0.15 ----
Log Osam: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:32:01 on 22.02.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Mark\AppData\Local\Temp\catchme.sys (File not found) "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "pwldypoc" (pwldypoc) - ? - C:\Users\Mark\AppData\Local\Temp\pwldypoc.sys (Hidden registry entry, rootkit activity | File not found) "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "speedfan" (speedfan) - "Almico Software" - C:\Windows\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? - (File not found | COM-object registry key not found) {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll <binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {EEE6C35C-6118-11DC-9C72-001320C79847} "SweetPacks Browser Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "SecureW2 Tray" - "SecureW2 B.V." - C:\Program Files\SecureW2\sw2_tray.exe "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "SecureW2 Service" (SW2SVC) - "SecureW2 B.V." - C:\Program Files\SecureW2\sw2_service.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe "Vodafone-Mobile-Broadband-Dienst" (VmbService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "GlobRob" - "alpha 2000 GmbH" - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== Ich konnte mit aswMBR.exe keinen erfolgreichen Scann durchführen. Das erste Mal ist es mitten Beim Scann abgestürzt, beim zweiten Mal habe ich auch die Antivirprogs deaktiviert und es ist trotzdem einfach so abgestürzt. Beide Mal nach einer längeren Zeit, weshalb ich es auch kein drittes Mal versucht habe. Am Laptop habe ich während des Scanns nicht gearbeitet. |
|
23.02.2012, 09:54
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien Konntest du denn erkennen, wie aswMBR den MBR einstuft? Sowas wie "unknown MBR code" oder Windows 7 default MBR code" ?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien |
| abstürze, anfang, antivirus, anwendungen, auslastung, bild, cpu, cpu auslastung, cpu auslastung hoch, fehlermedungen, firefox, folge, gekauft, gen, gmer, grundlos, hack, hochfahren, hohe, hohe cpu, logfiles, malware, musik, netzteil, probleme, programme, sekunden, system, systemabstürze, unflüssige wiedergabe, viren |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
