| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Taskmanager schließt sich sofort wieder und System wird immer langsamerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2012, 15:57
| #1 |
| |  Taskmanager schließt sich sofort wieder und System wird immer langsamer Guten Tag, Ich bin grade via Google auf diese Seite gestoßen und hoffe sehr das ihr mir helfen könnt, ich hatte zwar schon häufig Viren, aber bei mir lautete die Devise immer sofort: Neu aufsetzten. Das hat natürlich auch immer funktioniert, bis jetzt. Da ich neu bin weiß ich nicht so recht ob ich hier im richtigen Unterforum bin, ich habe die Regeln gelesen und hoffe das ich ihnen hinreichend nachkomme. Ich habe seit ein paar Monaten eine SSD, meine alte HDD habe ich als Speicherplatte behalten, auf ihr sind alle meine wichtige Daten gespeichert (Facharbeiten, diverse Hausarbeiten, Filme (von meinen eigenen DvDs gerippt wohlgemerkt), Musik etc. Seit ca 2 Wochen habe ich Windows 8 (x64 pro) und nach etwa drei tagen viel mir auf, dass der Taskmanager sich nach start über alt+strg-entf sofort wieder schließt, auch über das Startmenü war dies der Fall. Auch begann ich micro-Ruckler in unanspruchsvollen Spielen wie CoD BOII oder League of Legends zu bemerken, des Weiteren dauerte das Starten des Systems deutliche länger, das Ausschalten ging manchmal gar nicht (nach abschalten schwarzer Bildschirm, aber die Lüfter brausen scheinbar endlos weiter). Da ich das Blitzschnelle arbeiten dank SSD gewohnt bin nervten mich diese kleinen Dinge schon gewaltig und ich setzte das System gestern neu auf. Der Rechner ist daher so gut wie leer, lediglich die Treiber und volgende Programme sind drauf: Avast Antivirus, Google Crome, ITunes, Photoshop (testversion) DivX, KMPlayer, Start8, Steam samt Black Ops 2, League of Legends Nun habe ich wieder die selben Symptome, Taskmanager und Mircoruckler. Meine Vermutung ist also, das der Virus sich auf der HDD befindet, diese kann ich aber nicht ohne weiteres töten, da ich die Daten auf ihr noch benötige. Scan mit Avast bringt kein Ergebnis. Ich hoffe sehr das ihr mir helfen könnt und danke schon im voraus! Jetzt die Logfiles: OTL OTL logfile created on: 23.12.2012 15:23:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,03% Memory free 7,50 Gb Paging File | 6,32 Gb Available in Paging File | 84,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,13 Gb Total Space | 198,19 Gb Free Space | 83,23% Space Free | Partition Type: NTFS Drive E: | 592,16 Gb Total Space | 234,76 Gb Free Space | 39,64% Space Free | Partition Type: NTFS Computer Name: SIMONPC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.23 15:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.09 23:59:28 | 000,143,024 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe PRC - [2012.09.28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe PRC - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.09.20 07:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.05.04 12:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV - [2012.12.22 14:32:44 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.11.09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.09 23:59:28 | 000,143,024 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8) SRV - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.23 02:06:48 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 08:36:14 | 000,096,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.11.06 08:35:34 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.20 07:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.09.20 07:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.08.21 17:56:38 | 000,091,648 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 15:31:55 | 001,855,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2012.05.04 12:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.05.05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ASACPI.sys -- (MTsensor) DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 26 67 F0 43 E0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.22 17:15:37 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - Extension: Google Drive = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ CHR - Extension: Feedly:Your Google News, Youtube, RSS Reader = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\11.0.458_0\ CHR - Extension: avast! WebRep = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: FB unseen = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5DAEC53D8C099B1094B921010676FA41] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5184A86-CAB8-43FB-95BE-4F7160B1823D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.12.23 15:20:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2012.12.22 22:17:46 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\LolClient [2012.12.22 22:08:00 | 000,000,000 | ---D | C] -- C:\Users\Simon\Games [2012.12.22 22:02:51 | 000,000,000 | ---D | C] -- C:\Riot Games [2012.12.22 17:15:28 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\DivX [2012.12.22 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2012.12.22 17:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2012.12.22 17:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2012.12.22 17:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2012.12.22 17:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2012.12.22 16:09:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\PDAppFlex [2012.12.22 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.12.22 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.12.22 16:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.22 16:08:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.22 16:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.12.22 16:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.12.22 16:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.22 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Adobe [2012.12.22 15:43:12 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2012.12.22 14:56:39 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Skype [2012.12.22 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.22 14:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.22 14:56:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.22 14:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.12.22 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV [2012.12.22 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV [2012.12.22 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer [2012.12.22 14:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer [2012.12.22 14:49:20 | 000,248,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2012.12.22 14:49:20 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2012.12.22 14:49:20 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2012.12.22 14:44:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Apple Computer [2012.12.22 14:44:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Apple Computer [2012.12.22 14:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.22 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.22 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.22 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.22 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.22 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.22 14:44:04 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Apple [2012.12.22 14:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.22 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.12.22 14:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.12.22 14:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.12.22 14:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.12.22 14:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.22 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.12.22 14:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics [2012.12.22 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics [2012.12.22 14:36:45 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Downloaded Installations [2012.12.22 14:36:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.12.22 14:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2012.12.22 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.12.22 14:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.12.22 14:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.22 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.12.22 14:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.22 14:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.12.22 14:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.22 14:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.12.22 14:28:57 | 000,000,000 | ---D | C] -- C:\AMD [2012.12.22 14:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2012.12.22 14:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2012.12.22 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2012.12.22 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.12.22 14:15:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.12.22 14:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2012.12.22 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.12.22 14:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.12.22 14:12:41 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\WinRAR [2012.12.22 14:12:41 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.22 14:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.22 14:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.12.22 14:06:44 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.12.22 14:06:44 | 000,468,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys [2012.12.22 14:06:44 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.12.22 14:06:44 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.12.22 14:06:44 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.12.22 14:06:44 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.12.22 14:06:44 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.12.22 14:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.12.22 14:06:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.12.22 14:06:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.12.22 14:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.12.22 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.12.22 14:04:17 | 000,000,000 | RHSD | C] -- C:\Windows Activation Technologies [2012.12.22 14:04:15 | 000,103,424 | ---- | C] (KJ inside) -- C:\Windows\SysNative\SLCHook.dll [2012.12.22 14:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2012.12.22 14:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2012.12.22 14:03:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2012.12.22 14:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2012.12.22 14:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2012.12.22 14:00:24 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Macromedia [2012.12.22 14:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.22 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.22 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Google [2012.12.22 13:54:11 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.22 13:54:11 | 000,000,000 | R--D | C] -- C:\Users\Simon\Searches [2012.12.22 13:54:11 | 000,000,000 | R--D | C] -- C:\Users\Simon\Contacts [2012.12.22 13:54:11 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.22 13:54:10 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Adobe [2012.12.22 13:53:56 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\VirtualStore [2012.12.22 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Packages [2012.12.22 13:53:54 | 000,000,000 | --SD | C] -- C:\Users\Simon\AppData\Roaming\Microsoft [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Videos [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Saved Games [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Pictures [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Music [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Links [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Favorites [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Downloads [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Documents [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\Desktop [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.22 13:53:54 | 000,000,000 | R--D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Vorlagen [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\AppData\Local\Verlauf [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\AppData\Local\Temporary Internet Files [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Startmenü [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\SendTo [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Recent [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Netzwerkumgebung [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Lokale Einstellungen [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Documents\Eigene Videos [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Documents\Eigene Musik [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Eigene Dateien [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Documents\Eigene Bilder [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Druckumgebung [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Cookies [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\AppData\Local\Anwendungsdaten [2012.12.22 13:53:54 | 000,000,000 | -HSD | C] -- C:\Users\Simon\Anwendungsdaten [2012.12.22 13:53:54 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData [2012.12.22 13:53:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Temp [2012.12.22 13:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache [2012.12.22 13:53:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Microsoft [2012.12.22 13:53:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.22 13:53:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Programme [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.12.22 13:51:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.22 13:50:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.12.22 13:50:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.12.22 13:49:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.12.23 15:22:12 | 000,000,000 | ---- | M] () -- C:\Users\Simon\defogger_reenable [2012.12.23 15:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2012.12.23 15:19:34 | 000,050,477 | ---- | M] () -- C:\Users\Simon\Desktop\Defogger.exe [2012.12.23 15:04:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.23 14:04:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.23 11:36:47 | 000,071,512 | ---- | M] () -- C:\Users\Simon\Desktop\l.jpg [2012.12.23 11:36:33 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 11:36:33 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.23 11:36:33 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.23 11:36:33 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.23 11:36:33 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.23 11:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.23 02:55:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2012.12.23 02:55:43 | 3434,430,464 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 02:35:05 | 004,903,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.23 02:06:48 | 000,468,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys [2012.12.23 02:06:48 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum [2012.12.22 14:36:44 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.12.22 14:06:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.12.22 13:50:38 | 000,051,659 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.12.22 13:50:38 | 000,051,659 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.12.22 13:50:27 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.12.22 13:50:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat ========== Files Created - No Company Name ========== [2012.12.23 15:22:12 | 000,000,000 | ---- | C] () -- C:\Users\Simon\defogger_reenable [2012.12.23 15:19:36 | 000,050,477 | ---- | C] () -- C:\Users\Simon\Desktop\Defogger.exe [2012.12.23 11:36:47 | 000,071,512 | ---- | C] () -- C:\Users\Simon\Desktop\l.jpg [2012.12.23 02:49:49 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.23 02:49:48 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2012.12.23 02:44:39 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2012.12.23 02:06:48 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum [2012.12.22 16:41:28 | 000,000,295 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk [2012.12.22 16:09:35 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012.12.22 16:09:21 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.12.22 16:08:59 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.12.22 16:08:57 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.12.22 15:59:46 | 004,903,016 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.22 14:44:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.12.22 14:36:29 | 000,001,174 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSetup.lnk [2012.12.22 14:36:02 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk [2012.12.22 14:14:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.12.22 14:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.12.22 13:59:24 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.22 13:59:23 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.22 13:54:10 | 000,001,442 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.22 13:51:12 | 3434,430,464 | -HS- | C] () -- C:\hiberfil.sys [2012.12.22 13:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.22 13:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2012.12.22 13:50:10 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2012.12.22 15:52:02 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.22 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\LolClient [2012.12.22 16:09:54 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PDAppFlex ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 23.12.2012 15:23:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,03% Memory free 7,50 Gb Paging File | 6,32 Gb Available in Paging File | 84,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,13 Gb Total Space | 198,19 Gb Free Space | 83,23% Space Free | Partition Type: NTFS Drive E: | 592,16 Gb Total Space | 234,76 Gb Free Space | 39,64% Space Free | Partition Type: NTFS Computer Name: SIMONPC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10B062DE-063F-4DD2-A2D0-32AC98D9FDB4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{164DACCD-9FED-47BE-A46C-7DB0D541539E}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{2882262C-6134-41CF-9478-C1ADB6F4C9D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{352D0941-78C6-4C7C-AA93-0D5A065782DF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{37519CA2-7CD7-44B3-B1F1-010E920D05C8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{43B9F393-8287-4C10-B484-6536E4AF1919}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{465D8D64-A2C2-4E7A-9ED2-67886BE5C8A8}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{4F230BA0-B71A-4181-B485-238018838B3B}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{52074E04-7955-4ADF-87A1-79D4665F41E5}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{5986564B-5DD1-4BBA-B57C-741C80EBB7A7}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{5F1B0F12-1220-4463-8E64-21C06D4F89BB}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{61F41FE6-90A8-4B9F-9E76-A462DA544DA4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{63627CAA-60B5-4547-BF54-88620CBE2DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{6A8EAECB-5A5E-4F15-8860-4506F883E562}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{6F082E29-EB70-447C-AD31-1E298BAA8AE2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{72AC1C63-EB10-4CC1-BC13-892C880AA618}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{7F89ECF6-0602-4115-99D2-FFD3F8D95949}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{82450B8F-6249-4CA3-92E1-25727EFE580D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{8B14B8C2-AB68-4862-B8A4-05D3ED6C46CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{946C920B-D438-4F0A-93A9-3491DF6EFF49}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | "{948FF4C9-A071-474A-ADCE-3995003C7A6F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{9D97D31E-84C7-4DD9-9D60-F2C30C718ABB}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{A00C2B6A-66AA-486F-8FE7-D3C61012916E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{AA06C099-C8BC-45C9-9E18-869A2E260DFE}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{AAD4FBB8-9747-4286-88FF-CA6CF2E7DBD2}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{AB05D31B-53F7-412E-9194-FB8168EBD50B}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe | "{B847DF26-5ED0-471F-9D2A-0859BB5E0D0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BC7D1ED1-E6B9-4284-BA37-BAA45602A8AD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{BCA18281-8D94-4669-83DC-0E6BB7A10C38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C8F23560-B74F-4F20-BECE-AD5AF9648C56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{C94E431C-0119-486A-A7A4-7F0AA9C61CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe | "{CFAEB779-0497-4D8D-92CB-A013CB071A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D223965E-47CD-4A2C-8D2D-FC9E43B40DCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E196AB79-6457-47BD-9D4E-EC0D8F8C0A30}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{EBE67116-38AB-4535-8814-3A5D4A0F6248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "Start8_is1" = Start8 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E3E41AF1-9F6A-68E4-F914-EAF965426700}" = Application Profiles "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service "avast" = avast! Free Antivirus "DivX Setup" = DivX-Setup "Google Chrome" = Google Chrome "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "The KMPlayer" = The KMPlayer (remove only) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.12.2012 06:31:31 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: RuntimeBroker.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010884f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0xdfc Startzeit der fehlerhaften Anwendung: 0x01cde0f8ac496799 Pfad der fehlerhaften Anwendung: C:\Windows\System32\RuntimeBroker.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ea18cd92-4ceb-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 08:48:55 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SettingSyncHost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505aa5b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0xa98 Startzeit der fehlerhaften Anwendung: 0x01cde10bddda978d Pfad der fehlerhaften Anwendung: C:\Windows\System32\SettingSyncHost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 1bf38c0a-4cff-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:44:43 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x19b4 Startzeit der fehlerhaften Anwendung: 0x01cde113a97d3db6 Pfad der fehlerhaften Anwendung: C:\Windows\System32\Taskmgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e74a0b86-4d06-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:44:43 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0150010 Fehleroffset: 0x0000000000103611 ID des fehlerhaften Prozesses: 0x19b4 Startzeit der fehlerhaften Anwendung: 0x01cde113a97d3db6 Pfad der fehlerhaften Anwendung: C:\Windows\System32\Taskmgr.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e77bf298-4d06-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:47:12 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x17bc Startzeit der fehlerhaften Anwendung: 0x01cde114027ac310 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 403e68d8-4d07-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:52:18 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x1740 Startzeit der fehlerhaften Anwendung: 0x01cde114b9418789 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f705545a-4d07-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:52:19 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x1740 Startzeit der fehlerhaften Anwendung: 0x01cde114b9418789 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f72e6184-4d07-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 09:52:23 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50107c26 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0xa28 Startzeit der fehlerhaften Anwendung: 0x01cde114bbe211db Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f9964e0e-4d07-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 10:13:29 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OpenWith.exe, Version: 6.2.9200.16384, Zeitstempel: 0x501099c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x1a20 Startzeit der fehlerhaften Anwendung: 0x01cde117ae74d49c Pfad der fehlerhaften Anwendung: C:\Windows\system32\OpenWith.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ec82302a-4d0a-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 23.12.2012 10:13:34 | Computer Name = SimonPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OpenWith.exe, Version: 6.2.9200.16384, Zeitstempel: 0x501099c3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fcf3e8bdb8 ID des fehlerhaften Prozesses: 0x264 Startzeit der fehlerhaften Anwendung: 0x01cde117b1bdd967 Pfad der fehlerhaften Anwendung: C:\Windows\system32\OpenWith.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: ef715206-4d0a-11e2-be6d-bcaec526eac5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 22.12.2012 08:58:27 | Computer Name = SimonPC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 22.12.2012 09:32:48 | Computer Name = SimonPC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.12.2012 09:32:48 | Computer Name = SimonPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.12.2012 09:37:59 | Computer Name = SimonPC | Source = RTL8167 | ID = 5001 Description = Realtek PCIe GBE Family Controller : Die Ressourcen konnten für den notwendigen Vorgang nicht reserviert werden. Error - 22.12.2012 09:37:59 | Computer Name = SimonPC | Source = RTL8167 | ID = 5001 Description = Realtek PCIe GBE Family Controller : Die Ressourcen konnten für den notwendigen Vorgang nicht reserviert werden. Error - 22.12.2012 09:51:13 | Computer Name = SimonPC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PandoraService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 22.12.2012 10:41:53 | Computer Name = SimonPC | Source = usbehci | ID = 65540 Description = A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response. Error - 22.12.2012 21:31:55 | Computer Name = SimonPC | Source = volmgr | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 22.12.2012 21:34:01 | Computer Name = SimonPC | Source = volmgr | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 23.12.2012 07:51:15 | Computer Name = SimonPC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. < End of report > |
|
24.12.2012, 17:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Taskmanager schließt sich sofort wieder und System wird immer langsamer Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
25.12.2012, 13:02
| #3 |
| | Taskmanager schließt sich sofort wieder und System wird immer langsamer Vielen Dank für die Antwort!
__________________Ich habe den Scan durchgeführt, aber er gibt aus "keine Malware gefunden" ich füge am ende das Logfile trotzdem an. Jetzt zu einer Neuen Vermutung: Es könnte theoretisch auch sein, dass es kein Virus ist sondern einfach mit Windows 8 zusammenhängt (Treiberprobleme vieleicht?), ich habe gestern aus Frust einfach mal immer wieder versucht den Taskmanager zu öffnen, nach ca 10 Versuchen blieb dieser auch offen! seit dem probiere ich es immer wieder, mal geht es nach ein paar Versuchen, mal nicht, es scheint vollkommen zufällig zu sein. Auch habe ich grade eine Fehlermeldung erhalten, die ich schon öffters gesehen habe, aber nicht weiter beachtet hatte: "Host Process for Setting Synchronization funktioniert nicht mehr" hier die "Problemsignatur" (ich kann damit nichts anfangen, vieleicht ihr aber?) Problemsignatur: Problemereignisname: BEX64 Anwendungsname: SettingSyncHost.exe Anwendungsversion: 6.2.9200.16420 Anwendungszeitstempel: 505aa5b2 Fehlermodulname: StackHash_bc93 Fehlermodulversion: 0.0.0.0 Fehlermodulzeitstempel: 00000000 Ausnahmeoffset: PCH_A7_FROM_ntdll+0x000000000000319B Ausnahmecode: c0000005 Ausnahmedaten: 0000000000000008 Betriebsystemversion: 6.2.9200.2.0.0.768.101 Gebietsschema-ID: 1031 Zusatzinformation 1: bc93 Zusatzinformation 2: bc9312eea1750d9a6ac38b465cc8d963 Zusatzinformation 3: 2a19 Zusatzinformation 4: 2a19aca9213755d68f323c40f33be9a0 Hier das Logfile des Scans: Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16466
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.411000 GHz
Memory total: 4293038080, free: 2260373504
------------ Kernel report ------------
12/25/2012 01:53:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\AtiPcie.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswnet.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005484060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000026\
Lower Device Object: 0xfffffa8005494060
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005485060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000025\
Lower Device Object: 0xfffffa800540e060
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
Downloaded database version: v2012.12.24.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005485060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005485b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005485060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051b0b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa800540e060, DeviceName: \Device\00000025\, DriverName: \Driver\amdsata\
------------ End ----------
Upper DeviceData: 0xfffff8a00b9dc120, 0xfffffa8005485060, 0xfffffa8004677740
Lower DeviceData: 0xfffff8a00db4de70, 0xfffffa800540e060, 0xfffffa80059a6d90
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BA25937
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 499396608
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 256060514304 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005484060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005484b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005484060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051afb80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8005494060, DeviceName: \Device\00000026\, DriverName: \Driver\amdsata\
------------ End ----------
Upper DeviceData: 0xfffff8a00bf7b2f0, 0xfffffa8005484060, 0xfffffa8004a93090
Lower DeviceData: 0xfffff8a00fd94500, 0xfffffa8005494060, 0xfffffa8008325e40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E88E4
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1241858048
Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 1242068990 Numsec = 8192002
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16466
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.411000 GHz
Memory total: 4293038080, free: 3377459200
|
|
26.12.2012, 21:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt sich sofort wieder und System wird immer langsamer Natürlich können das noch Kinderkrankheiten von Win8 sein, solche Fehler werden im Laufe der Zeit durch Updates von Microsoft behoben. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.12.2012, 14:41
| #5 |
| | Taskmanager schließt sich sofort wieder und System wird immer langsamer Danke für die schnelle Antwort (und das an Feiertagen!) ich habe den Scan durchgeführt und auch hier: keine Malware gefunden. Ich denke es sind wirklich Windows-eigene Probleme, neu dazu gekommen: explorer startet sich beim Systemstart nicht (nach abmelden und neu anmelden dann doch), dafür gab es seit dem letzten Windowsupdate keine Probleme mehr mit dem herunterfahren und die Microruckler sind auch weg. Danke für die Hilfe, jetzt bin ich wenigstens einigermaßen sicher das es kein gemeiner Quälgeist ist der meine Daten in Gefahr bringt (habe natürlich trotzdem ein backup erstellt  Danke für alles, ich melde mich gerne wieder hier, wenn ich ein echtes Problem habe!  (hier trotzdem das logfile) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=2e554f9c5e85144d91624158e6f3de01
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-27 01:24:56
# local_time=2012-12-27 02:24:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=774 16777213 100 91 433094 133324568 0 0
# compatibility_mode=5893 16776574 100 94 13316269 16120807 0 0
# scanned=178974
# found=0
# cleaned=0
# scan_time=5339
Für alle mit Problemen beim starten von windows 8 haben, die "start8" verwenden (startmenü für windows 8), es kann an diesem Programm liegen, ich bin auf classic start umgestiegen und jetzt habe ich keine Probleme mehr! |
|
| Themen zu Taskmanager schließt sich sofort wieder und System wird immer langsamer |
| adblock, antivirus, autorun, bho, bildschirm, black, bonjour, browser, down, error, firefox, google, helper, homepage, iexplore.exe, install.exe, league of legends, ntdll.dll, pandora.tv, realtek, registry, ruckeln, schwarzer bildschirm, security, software, spielen, start problem, starten, system, taskmanager, usb, vdeck.exe, viren, warnung, wichtige daten, windows |
Linear-Darstellung
