Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2012, 22:22   #1
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Hallo seit einiger Zeit habe ich Probleme mit meinem Laptop. Es ist ein Laptop der Marke Medion mit der Modelbezeichnung Akoya p6624. Ich habe es vor einem Jahr bei Aldi gekauft und es lief am Anfang echt gut doch mittlerweile nicht mehr. Ich hab Tuneup utilities 2012 installiert, um erstmal eventuelle Windowsfehler auszuschließen. Nach den Optimierungen habe ich einen Leistungsanstieg gemerkt doch es treten immer noch Probleme auf, weshalb ich davon ausgehe, dass es sich um Malware handeln könnte (Antivirus hat nichts gefunden). Meine Probleme sind folgende: Programme, vorallem Firefox, stürzen öfters grundlos ab, oder hören regelmäßig für einige Sekunden auf zu reagieren. Zum Beispiel als ich für diesen Beitrag meinen Pc mit GMER gescannt habe, ist das Programm mitten beim Scannen grundlos abgestürzt, erst beim zweiten Anlauf konnte ich einen erfolgreichen Scann durchführen. Manchmal Stürzt auch das ganze System ab und der Laptop schaltet sich einfach aus, ein paar Mal ist es sogar vorgekommen, dass ich ca. eine Stunde warten musste, weil er nach mehreren Versuche nicht hochfahren wollte. Meine Cpu Belastung ist manchmal durch manche Anwendungen unerklärlich hoch, z.b durch Sidebar.exe ( ca. 30 % ), Firefox(50-70%),Chrome(-40%). Wenn ich mein Netzteil in Mitten einer Videowiedergabe oder ähnliches anschließe oder ausstecke kommt es manchmal zu Abstürzen. Zu guter Letzt schafft es mein Laptop Medien nicht mehr flüssig abzuspielen. Bei Musik kommt es manchmal zu Verzögerungen und Verzerrungen, bei Videos ( mit VLC ) zu Verzerrungen von Bild oder es hackt einfach. Das wären die Symptome die bei mir auftreten ich hoffe ich kann euch mit dieser Information + Logfiles weiterhelfen. Ich kenn mich überhaupt nicht mit Viren und dergleichen aus, weshalb ich um Nachsicht bitte falls das überhaupt nichts damit zu tun hat, aber ich bin davon ausgegangen. Vielen Dank schon Mal im voraus.
Mfg. Jonnyfoka

Alt 17.02.2012, 11:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Zitat:
Ich hab Tuneup utilities 2012 installiert
Herzlichen Glückwunsch
TU ist mit das schlimmste was du einem Windows-Rechner antun kannst, v.a. wenn du auch noch auf die grandiose Idee kommst, die Registry zu bereinigen

Probier mal: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 17.02.2012, 17:53   #3
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Hey danke für die schnelle Hilfe!
Wusste nicht dass TU so schlecht ist, hab immer gelesen, dass es Windows schneller macht :S Du meinst ich sollte es wieder deinstallieren oder? Würde gerne wissen wieso es so schlecht ist. Hab beide Scanns durchgeführt, beide Mal wurde was gefunden, hier die Logfiles:
Logfile von Malewarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.16.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [Administrator]

Schutz: Aktiviert

16.02.2012 18:00:12
mbam-log-2012-02-16 (18-00-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408415
Laufzeit: 1 Stunde(n), 8 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EuroGrand Casino (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Users\***\Downloads\u1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SetupCasino_641f_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Public\Documents\U1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RKOSY2I.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RY5H7UK.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-3006821076-3840180281-503104694-1001\$RHXXG96.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Casino\EuroGrand Casino\_SetupCasino_641f_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Ultrasurf\u1003.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Ultrasurf\u1006.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Logfile von Esset:
Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=83bdadbcb7419d4aa9047d3722816459
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-17 04:40:00
# local_time=2012-02-17 05:40:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 331890 66026782 149476 0
# compatibility_mode=5893 16776574 100 94 4241 81121152 0 0
# compatibility_mode=8192 67108863 100 0 3917 3917 0 0
# scanned=219394
# found=4
# cleaned=0
# scan_time=6839
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2PSBPJH\brand_files[1].7zip	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Roaming\toolplugin\toolbar.dll	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\SoftonicDownloader_fuer_pspice.exe	Win32/SoftonicDownloader.C application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\Downloads\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I
         
Hoffe diese Logfiles können weiterhelfen.
__________________

Alt 17.02.2012, 18:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.02.2012, 19:13   #5
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Hier der OTL.log :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/17/2012 6:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.32.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.18 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 58.58% Memory free
6.35 Gb Paging File | 4.89 Gb Available in Paging File | 76.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 283.98 Gb Free Space | 50.26% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.61 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/02/17 18:37:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/12/13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/06/29 01:22:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/27 11:43:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 16:54:38 | 000,255,368 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_tray.exe
PRC - [2010/11/08 16:54:38 | 000,107,400 | ---- | M] (SecureW2 B.V.) -- C:\Program Files\SecureW2\sw2_service.exe
PRC - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/26 01:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 20:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2010/06/21 21:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2010/06/02 15:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 19:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/11 23:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/08/31 12:13:52 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/07 03:37:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/15 16:12:14 | 001,325,992 | ---- | M] (Nutzwerk GmbH) [Disabled | Stopped] -- C:\Program Files\SaferSurf-for-Free\bin\GlobRobProxyServices.exe -- (GlobRobProxyServices)
SRV - [2011/07/14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/06/29 01:22:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/26 20:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/07 16:26:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 11:43:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/11 02:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/11/08 16:54:38 | 000,107,400 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files\SecureW2\sw2_service.exe -- (SW2SVC)
SRV - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/05/06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/08 12:00:06 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/06/29 01:22:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 01:22:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/20 17:15:54 | 000,052,224 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm)
DRV - [2011/05/20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter)
DRV - [2011/05/20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) Vodafone Vodafone ZTE DC Enumerator (ZTE)
DRV - [2011/05/20 17:15:52 | 000,067,968 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) Vodafone Vodafone ZTE CDC-ACM driver (ZTE)
DRV - [2011/05/20 17:15:52 | 000,009,984 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/15 01:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/09/01 14:33:12 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2010/07/26 15:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 15:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 20:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 08:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 08:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/03/18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/04 16:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 12:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/26 22:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/08/13 07:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://co109w.col109.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1960928614!fid=1&fav=1&n=121980293|www.facebook.com|https://webmail.tu-harburg.de/horde/imp/login.php"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/03 21:54:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 00:36:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 21:54:27 | 000,000,000 | ---D | M]
 
[2011/12/18 15:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012/02/16 13:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions
[2011/03/20 20:49:58 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/10/29 18:46:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/18 14:05:12 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/12/24 13:24:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 12:03:59 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/11/30 18:50:01 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0jgigkal.default\extensions\welcome@toolmin.com
[2010/11/02 17:19:52 | 000,002,199 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml
[2012/01/31 18:01:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml
[2010/12/01 19:26:43 | 000,001,244 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml
[2012/01/06 19:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/29 22:33:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{7FD52B87-AB55-46EC-BFE4-030FA7D9550B}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JGIGKAL.DEFAULT\EXTENSIONS\CONTACTO@MOVIEZET.COM.XPI
[2012/02/12 00:36:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/07 23:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/02 11:26:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/02 11:26:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/02 11:26:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/02 11:26:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/30 18:50:01 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011/11/30 18:27:18 | 000,002,517 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/10/02 11:26:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/02 11:26:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgboknoflmhcknhcjcfiakcfneppiea\2.3_0\
CHR - Extension: MonsterDivx = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkinfljboeildloankgjmljfibngeefa\0.95_0\
CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggamcegpifjpiabcihcbedejkjgdgcfi\2.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Moviezet - Reproductor Online = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfgaeoabpbhdhgmiimjhmgmjckgdgdf\2.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: KickNerds Software = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfelaacnhmebkfigncdhamnepacfmdbj\1.0_0\
CHR - Extension: Cuevana Stream = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_1\
CHR - Extension: Cuevana Stream = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.1_1\.svn\props\.svn-work
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F296444-9A0D-4683-8C5C-403042E9D49F}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26559E0-6842-4CEA-BEB2-774854E241BE}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\cvh.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\realplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\safersurftray.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sftdde.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall_steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/17 15:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/17 15:37:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012/02/17 15:31:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/16 17:56:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012/02/16 17:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/16 17:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/16 17:56:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/16 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/16 01:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/02/15 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojanerboard
[2012/02/15 16:18:33 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/02/15 16:18:18 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012/02/15 16:18:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/02/15 16:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012/02/15 16:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2012/02/15 16:15:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/02/05 16:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/02/05 16:37:53 | 000,000,000 | ---D | C] -- C:\Users\***\SystemRequirementsLab
[2012/02/03 21:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/03 21:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/02/02 13:59:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012/02/02 13:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/02/02 13:57:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/31 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012/01/31 18:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012/01/28 17:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaferSurf-for-Free
[2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\SaferSurf-for-Free
[2012/01/28 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nutzwerk
[2012/01/22 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simfy
[2012/01/22 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2012/01/22 19:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2012/01/18 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2011/08/31 12:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/17 18:22:07 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 18:22:07 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 18:21:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 16:22:11 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/17 15:37:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012/02/17 15:31:21 | 000,697,322 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/17 15:31:21 | 000,652,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 15:31:21 | 000,148,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/17 15:31:21 | 000,121,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 15:18:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 15:18:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 15:18:18 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 17:56:50 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/16 01:08:50 | 000,000,969 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2012/02/16 01:08:50 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/02/15 20:26:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012/02/15 16:18:17 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/02/15 16:18:17 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012/02/05 16:53:36 | 000,015,856 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/02/04 20:30:51 | 000,203,911 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2012/02/03 21:54:22 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2012/02/03 21:54:22 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/03 21:53:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/02/02 21:44:29 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/30 21:05:55 | 000,001,865 | ---- | M] () -- C:\Users\***\Desktop\Hinweis zum SaferSurf Testaccount.lnk
[2012/01/22 19:40:06 | 000,000,032 | ---- | M] () -- C:\Users\***\.simfy
[2012/01/22 19:40:03 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/16 17:56:50 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/16 01:08:50 | 000,000,969 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2012/02/16 01:08:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012/02/15 20:26:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012/02/15 16:18:17 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/02/15 16:18:17 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012/02/15 16:18:17 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012/02/04 20:30:51 | 000,203,911 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2012/02/03 21:54:22 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2012/02/03 21:54:22 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/29 18:23:58 | 000,001,865 | ---- | C] () -- C:\Users\***\Desktop\Hinweis zum SaferSurf Testaccount.lnk
[2012/01/22 19:40:06 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy
[2012/01/22 19:40:03 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk
[2011/08/31 12:46:18 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/08/31 12:46:12 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/08/31 12:46:10 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/08/31 12:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/07/12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/12/22 02:46:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/11/05 02:13:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2010/11/04 21:17:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/03 19:14:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/11/03 13:46:26 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 13:37:45 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/13 23:50:46 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010/08/13 23:50:45 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010/08/09 14:26:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/08/09 13:23:48 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/08/09 05:37:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/27 07:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 07:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/05/12 14:13:56 | 000,697,322 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 14:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 14:13:56 | 000,148,328 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 14:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,368,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,652,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,121,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/09/16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010/11/04 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard
[2011/07/23 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/04/01 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/27 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2011/03/28 18:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011/02/14 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010/11/02 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011/11/30 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicNet
[2012/02/03 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011/03/28 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2012/01/22 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012/02/07 02:10:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Inspection Library
[2011/11/30 18:43:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toolplugin
[2010/10/29 13:31:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012/02/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010/12/22 02:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2012/01/13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2012/02/16 17:37:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2012/01/22 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012/01/15 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010/11/04 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011/01/26 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard
[2010/10/29 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2011/04/16 04:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2010/11/03 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012/01/18 22:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011/07/23 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/04/01 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/16 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet
[2011/01/27 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2011/03/28 18:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011/02/14 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010/10/28 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010/11/02 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010/11/02 13:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010/11/02 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2010/10/28 13:43:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012/02/16 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009/07/14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010/11/03 04:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2012/01/23 13:37:55 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010/10/28 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/11/30 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicNet
[2012/02/03 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011/03/28 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2012/02/03 21:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2012/01/22 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012/02/16 00:33:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011/12/29 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012/02/07 02:10:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/01/25 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Inspection Library
[2011/11/30 18:43:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toolplugin
[2010/10/29 13:31:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012/02/15 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010/12/22 02:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2012/01/30 22:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012/01/13 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2012/02/02 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2010/11/07 22:36:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/01/22 19:36:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/11/02 13:26:22 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012/01/06 19:35:35 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\FlashGot.exe
[2012/01/29 16:21:35 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---
[/code]


Alt 17.02.2012, 19:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2010/11/02 17:19:52 | 000,002,199 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml
[2012/01/31 18:01:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml
[2010/12/01 19:26:43 | 000,001,244 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3006821076-3840180281-503104694-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3006821076-3840180281-503104694-1000..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll (alpha 2000 GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell - "" = AutoRun
O33 - MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[2010/10/29 15:13:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien

Alt 18.02.2012, 14:57   #7
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Ich habe den Fix durchgeführt doch nach dem Neustart, kann mein Laptop keine Verbindung zum Internet herstellen, auch nicht mit Lankabel. Der zeigt einfach die ganze Zeit "Es sind keine Verbindungen verfügbar" an. Auch kommt der Fehler, dass er keine Verbindung zu einem Windowsdienst herstellen kann. Das hochfahren selber, erst nachdem ich das Passwort für mein Benutzer eingetippt hab, braucht jetzt unendlich lange! ich muss ca. 5 Minuten Warten bis er erst den Desktop geladen hat. Logfile kann ich also leider nicht posten, da ich über einem anderen PC jetzt verbunden bin. Falls es nicht anders geht würde ich den Fix rückgängig machen wollen..:S

Alt 18.02.2012, 15:48   #8
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Da ich eine wichtige Arbeit an meinem Laptop schreibe und dafür dringend Internet brauche, habe ich das System auf gestern Abend wiederhergestellt, es tut mir sehr Leid aber ich konnte aus Zeitdruck nicht warten..:/ die Logfile von dem Fix ist aber erhalten geblieben :

Code:
ATTFilter
 All processes killed
========== OTL ==========
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\0jgigkal.default\user.js moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\google-mxico.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\sweetim.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\searchplugins\winamp-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
File C:\Program Files\Orbitdownloader\GrabPro.dll not found.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3006821076-3840180281-503104694-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully.
C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.
C:\Program Files\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
File C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1935d393-e41b-11df-8a0d-00262dc1e0b6}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3460700f-e42e-11df-af9f-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34607012-e42e-11df-af9f-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63e2354c-3d12-11e1-86e3-00262dc1e0b6}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64041d00-e41c-11df-b404-74f06d0bd458}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
C:\Users\***\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 3699934363 bytes
->Temporary Internet Files folder emptied: 270603050 bytes
->Java cache emptied: 1270521 bytes
->FireFox cache emptied: 87483486 bytes
->Google Chrome cache emptied: 305503241 bytes
->Apple Safari cache emptied: 1162240 bytes
->Flash cache emptied: 74536 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10423459 bytes
RecycleBin emptied: 5279771701 bytes
 
Total Files Cleaned = 9,209.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTL by OldTimer - Version 3.2.32.0 log created on 02182012_142556

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 19.02.2012, 18:38   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2012, 01:03   #10
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



sry, dass es diesmal ein wenig gedauert hat... hier das log:
Code:
ATTFilter
 00:59:21.0583 3900	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
00:59:22.0223 3900	============================================================
00:59:22.0223 3900	Current date / time: 2012/02/22 00:59:22.0223
00:59:22.0223 3900	SystemInfo:
00:59:22.0223 3900	
00:59:22.0223 3900	OS Version: 6.1.7601 ServicePack: 1.0
00:59:22.0223 3900	Product type: Workstation
00:59:22.0223 3900	ComputerName: MARK-PC
00:59:22.0223 3900	UserName: Mark
00:59:22.0223 3900	Windows directory: C:\Windows
00:59:22.0223 3900	System windows directory: C:\Windows
00:59:22.0223 3900	Processor architecture: Intel x86
00:59:22.0223 3900	Number of processors: 4
00:59:22.0223 3900	Page size: 0x1000
00:59:22.0223 3900	Boot type: Normal boot
00:59:22.0223 3900	============================================================
00:59:22.0551 3900	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:59:22.0551 3900	\Device\Harddisk0\DR0:
00:59:22.0551 3900	MBR used
00:59:22.0551 3900	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:59:22.0551 3900	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x46A24000
00:59:22.0551 3900	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x46A56800, BlocksNum 0x3C00000
00:59:22.0629 3900	Initialize success
00:59:22.0629 3900	============================================================
01:00:40.0813 5028	============================================================
01:00:40.0813 5028	Scan started
01:00:40.0813 5028	Mode: Manual; SigCheck; TDLFS; 
01:00:40.0813 5028	============================================================
01:00:41.0156 5028	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
01:00:41.0359 5028	1394ohci - ok
01:00:41.0453 5028	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
01:00:41.0468 5028	ACPI - ok
01:00:41.0546 5028	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
01:00:41.0640 5028	AcpiPmi - ok
01:00:41.0765 5028	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
01:00:41.0780 5028	adp94xx - ok
01:00:41.0827 5028	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
01:00:41.0843 5028	adpahci - ok
01:00:41.0889 5028	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
01:00:41.0905 5028	adpu320 - ok
01:00:41.0952 5028	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
01:00:42.0061 5028	AFD - ok
01:00:42.0092 5028	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
01:00:42.0108 5028	agp440 - ok
01:00:42.0186 5028	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
01:00:42.0186 5028	aic78xx - ok
01:00:42.0264 5028	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
01:00:42.0279 5028	aliide - ok
01:00:42.0311 5028	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
01:00:42.0326 5028	amdagp - ok
01:00:42.0342 5028	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
01:00:42.0357 5028	amdide - ok
01:00:42.0404 5028	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
01:00:42.0482 5028	AmdK8 - ok
01:00:42.0498 5028	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
01:00:42.0545 5028	AmdPPM - ok
01:00:42.0607 5028	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
01:00:42.0607 5028	amdsata - ok
01:00:42.0669 5028	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
01:00:42.0669 5028	amdsbs - ok
01:00:42.0701 5028	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
01:00:42.0701 5028	amdxata - ok
01:00:42.0763 5028	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
01:00:42.0888 5028	AppID - ok
01:00:43.0013 5028	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
01:00:43.0013 5028	arc - ok
01:00:43.0028 5028	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
01:00:43.0044 5028	arcsas - ok
01:00:43.0091 5028	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:00:43.0247 5028	AsyncMac - ok
01:00:43.0434 5028	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
01:00:43.0434 5028	atapi - ok
01:00:43.0496 5028	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
01:00:43.0527 5028	avgntflt - ok
01:00:43.0574 5028	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
01:00:43.0590 5028	avipbb - ok
01:00:43.0637 5028	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
01:00:43.0730 5028	b06bdrv - ok
01:00:43.0777 5028	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:00:43.0808 5028	b57nd60x - ok
01:00:43.0886 5028	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:00:43.0949 5028	Beep - ok
01:00:44.0011 5028	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:00:44.0027 5028	blbdrive - ok
01:00:44.0089 5028	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
01:00:44.0136 5028	bowser - ok
01:00:44.0167 5028	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:00:44.0229 5028	BrFiltLo - ok
01:00:44.0261 5028	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:00:44.0307 5028	BrFiltUp - ok
01:00:44.0370 5028	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:00:44.0432 5028	Brserid - ok
01:00:44.0463 5028	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:00:44.0526 5028	BrSerWdm - ok
01:00:44.0557 5028	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:00:44.0588 5028	BrUsbMdm - ok
01:00:44.0619 5028	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:00:44.0666 5028	BrUsbSer - ok
01:00:44.0697 5028	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
01:00:44.0729 5028	BTHMODEM - ok
01:00:44.0775 5028	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:00:44.0822 5028	cdfs - ok
01:00:44.0885 5028	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
01:00:44.0916 5028	cdrom - ok
01:00:44.0947 5028	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
01:00:45.0025 5028	circlass - ok
01:00:45.0056 5028	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:00:45.0072 5028	CLFS - ok
01:00:45.0119 5028	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:00:45.0150 5028	CmBatt - ok
01:00:45.0197 5028	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
01:00:45.0197 5028	cmdide - ok
01:00:45.0243 5028	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
01:00:45.0259 5028	CNG - ok
01:00:45.0306 5028	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:00:45.0321 5028	Compbatt - ok
01:00:45.0353 5028	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
01:00:45.0399 5028	CompositeBus - ok
01:00:45.0446 5028	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
01:00:45.0446 5028	crcdisk - ok
01:00:45.0524 5028	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
01:00:45.0571 5028	DfsC - ok
01:00:45.0618 5028	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:00:45.0665 5028	discache - ok
01:00:45.0727 5028	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
01:00:45.0743 5028	Disk - ok
01:00:45.0805 5028	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:00:45.0836 5028	drmkaud - ok
01:00:45.0883 5028	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
01:00:45.0914 5028	DXGKrnl - ok
01:00:46.0008 5028	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
01:00:46.0086 5028	ebdrv - ok
01:00:46.0211 5028	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
01:00:46.0226 5028	elxstor - ok
01:00:46.0273 5028	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
01:00:46.0320 5028	ErrDev - ok
01:00:46.0367 5028	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:00:46.0413 5028	exfat - ok
01:00:46.0460 5028	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:00:46.0507 5028	fastfat - ok
01:00:46.0569 5028	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
01:00:46.0585 5028	fdc - ok
01:00:46.0632 5028	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:00:46.0647 5028	FileInfo - ok
01:00:46.0679 5028	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:00:46.0725 5028	Filetrace - ok
01:00:46.0772 5028	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
01:00:46.0819 5028	flpydisk - ok
01:00:46.0850 5028	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:00:46.0866 5028	FltMgr - ok
01:00:46.0897 5028	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:00:46.0913 5028	FsDepends - ok
01:00:46.0928 5028	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
01:00:46.0928 5028	Fs_Rec - ok
01:00:46.0975 5028	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
01:00:46.0991 5028	fvevol - ok
01:00:47.0037 5028	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:00:47.0037 5028	gagp30kx - ok
01:00:47.0084 5028	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:00:47.0084 5028	GEARAspiWDM - ok
01:00:47.0162 5028	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
01:00:47.0209 5028	giveio ( UnsignedFile.Multi.Generic ) - warning
01:00:47.0209 5028	giveio - detected UnsignedFile.Multi.Generic (1)
01:00:47.0287 5028	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:00:47.0349 5028	hcw85cir - ok
01:00:47.0396 5028	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
01:00:47.0443 5028	HdAudAddService - ok
01:00:47.0505 5028	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
01:00:47.0537 5028	HDAudBus - ok
01:00:47.0583 5028	HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
01:00:47.0646 5028	HECI - ok
01:00:47.0677 5028	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
01:00:47.0693 5028	HidBatt - ok
01:00:47.0739 5028	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
01:00:47.0771 5028	HidBth - ok
01:00:47.0802 5028	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
01:00:47.0833 5028	HidIr - ok
01:00:47.0880 5028	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
01:00:47.0927 5028	HidUsb - ok
01:00:47.0989 5028	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
01:00:48.0005 5028	HpSAMD - ok
01:00:48.0051 5028	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
01:00:48.0114 5028	HTTP - ok
01:00:48.0161 5028	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:00:48.0192 5028	hwdatacard - ok
01:00:48.0223 5028	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
01:00:48.0239 5028	hwpolicy - ok
01:00:48.0285 5028	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
01:00:48.0332 5028	i8042prt - ok
01:00:48.0395 5028	iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
01:00:48.0410 5028	iaStor - ok
01:00:48.0519 5028	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
01:00:48.0535 5028	iaStorV - ok
01:00:48.0753 5028	igfx            (24ccec128bebb148e50c6093523ad686) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:00:49.0081 5028	igfx - ok
01:00:49.0190 5028	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
01:00:49.0190 5028	iirsp - ok
01:00:49.0253 5028	Impcd           (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
01:00:49.0315 5028	Impcd - ok
01:00:49.0393 5028	IntcAzAudAddService (acec5bbee4aa34d74be0e2e512cc2026) C:\Windows\system32\drivers\RTKVHDA.sys
01:00:49.0471 5028	IntcAzAudAddService - ok
01:00:49.0627 5028	IntcDAud        (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
01:00:49.0674 5028	IntcDAud - ok
01:00:49.0705 5028	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
01:00:49.0721 5028	intelide - ok
01:00:49.0767 5028	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:00:49.0783 5028	intelppm - ok
01:00:49.0830 5028	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:00:49.0877 5028	IpFilterDriver - ok
01:00:49.0908 5028	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
01:00:49.0939 5028	IPMIDRV - ok
01:00:49.0970 5028	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:00:50.0033 5028	IPNAT - ok
01:00:50.0095 5028	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:00:50.0173 5028	IRENUM - ok
01:00:50.0204 5028	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
01:00:50.0220 5028	isapnp - ok
01:00:50.0235 5028	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
01:00:50.0251 5028	iScsiPrt - ok
01:00:50.0298 5028	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
01:00:50.0298 5028	kbdclass - ok
01:00:50.0329 5028	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
01:00:50.0360 5028	kbdhid - ok
01:00:50.0423 5028	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
01:00:50.0438 5028	KSecDD - ok
01:00:50.0469 5028	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
01:00:50.0485 5028	KSecPkg - ok
01:00:50.0532 5028	L1C             (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
01:00:50.0547 5028	L1C - ok
01:00:50.0610 5028	LHidFilt        (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:00:50.0610 5028	LHidFilt - ok
01:00:50.0672 5028	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:00:50.0719 5028	lltdio - ok
01:00:50.0766 5028	LMouFilt        (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:00:50.0766 5028	LMouFilt - ok
01:00:50.0844 5028	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:00:50.0859 5028	LSI_FC - ok
01:00:50.0875 5028	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:00:50.0891 5028	LSI_SAS - ok
01:00:50.0922 5028	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:00:50.0937 5028	LSI_SAS2 - ok
01:00:50.0953 5028	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:00:50.0969 5028	LSI_SCSI - ok
01:00:51.0000 5028	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:00:51.0047 5028	luafv - ok
01:00:51.0093 5028	LUsbFilt        (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
01:00:51.0093 5028	LUsbFilt - ok
01:00:51.0156 5028	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
01:00:51.0156 5028	MBAMProtector - ok
01:00:51.0187 5028	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
01:00:51.0203 5028	megasas - ok
01:00:51.0249 5028	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
01:00:51.0265 5028	MegaSR - ok
01:00:51.0312 5028	mod7700         (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys
01:00:51.0343 5028	mod7700 - ok
01:00:51.0405 5028	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:00:51.0468 5028	Modem - ok
01:00:51.0499 5028	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:00:51.0530 5028	monitor - ok
01:00:51.0577 5028	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:00:51.0593 5028	mouclass - ok
01:00:51.0624 5028	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
01:00:51.0655 5028	mouhid - ok
01:00:51.0717 5028	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
01:00:51.0733 5028	mountmgr - ok
01:00:51.0749 5028	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
01:00:51.0764 5028	mpio - ok
01:00:51.0842 5028	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:00:51.0889 5028	mpsdrv - ok
01:00:51.0936 5028	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
01:00:51.0998 5028	MRxDAV - ok
01:00:52.0029 5028	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:00:52.0092 5028	mrxsmb - ok
01:00:52.0123 5028	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:00:52.0170 5028	mrxsmb10 - ok
01:00:52.0201 5028	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:00:52.0232 5028	mrxsmb20 - ok
01:00:52.0263 5028	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
01:00:52.0279 5028	msahci - ok
01:00:52.0310 5028	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
01:00:52.0310 5028	msdsm - ok
01:00:52.0357 5028	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:00:52.0388 5028	Msfs - ok
01:00:52.0419 5028	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:00:52.0466 5028	mshidkmdf - ok
01:00:52.0482 5028	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
01:00:52.0497 5028	msisadrv - ok
01:00:52.0544 5028	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:00:52.0591 5028	MSKSSRV - ok
01:00:52.0622 5028	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:00:52.0653 5028	MSPCLOCK - ok
01:00:52.0669 5028	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:00:52.0700 5028	MSPQM - ok
01:00:52.0731 5028	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:00:52.0747 5028	MsRPC - ok
01:00:52.0794 5028	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
01:00:52.0794 5028	mssmbios - ok
01:00:52.0809 5028	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:00:52.0856 5028	MSTEE - ok
01:00:52.0903 5028	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
01:00:52.0919 5028	MTConfig - ok
01:00:52.0950 5028	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:00:52.0950 5028	Mup - ok
01:00:52.0997 5028	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:00:53.0043 5028	NativeWifiP - ok
01:00:53.0075 5028	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
01:00:53.0106 5028	NDIS - ok
01:00:53.0137 5028	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:00:53.0168 5028	NdisCap - ok
01:00:53.0215 5028	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:00:53.0262 5028	NdisTapi - ok
01:00:53.0293 5028	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
01:00:53.0340 5028	Ndisuio - ok
01:00:53.0371 5028	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
01:00:53.0402 5028	NdisWan - ok
01:00:53.0433 5028	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
01:00:53.0480 5028	NDProxy - ok
01:00:53.0527 5028	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:00:53.0574 5028	NetBIOS - ok
01:00:53.0621 5028	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
01:00:53.0683 5028	NetBT - ok
01:00:53.0808 5028	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
01:00:53.0808 5028	nfrd960 - ok
01:00:53.0855 5028	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:00:53.0901 5028	Npfs - ok
01:00:53.0917 5028	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:00:53.0964 5028	nsiproxy - ok
01:00:54.0026 5028	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
01:00:54.0057 5028	Ntfs - ok
01:00:54.0182 5028	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:00:54.0245 5028	Null - ok
01:00:54.0291 5028	nusb3hub        (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
01:00:54.0291 5028	nusb3hub - ok
01:00:54.0354 5028	nusb3xhc        (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:00:54.0354 5028	nusb3xhc - ok
01:00:54.0603 5028	nvlddmkm        (011c6e2e44a36ed7acb57fd6197f0516) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:00:54.0900 5028	nvlddmkm - ok
01:00:54.0978 5028	nvpciflt        (47188871f2a151746a93deef0dbc26d9) C:\Windows\system32\DRIVERS\nvpciflt.sys
01:00:54.0993 5028	nvpciflt - ok
01:00:55.0040 5028	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
01:00:55.0056 5028	nvraid - ok
01:00:55.0071 5028	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
01:00:55.0087 5028	nvstor - ok
01:00:55.0103 5028	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
01:00:55.0118 5028	nv_agp - ok
01:00:55.0134 5028	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
01:00:55.0196 5028	ohci1394 - ok
01:00:55.0227 5028	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
01:00:55.0259 5028	Parport - ok
01:00:55.0290 5028	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
01:00:55.0305 5028	partmgr - ok
01:00:55.0321 5028	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
01:00:55.0352 5028	Parvdm - ok
01:00:55.0383 5028	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
01:00:55.0399 5028	pci - ok
01:00:55.0415 5028	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
01:00:55.0430 5028	pciide - ok
01:00:55.0461 5028	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
01:00:55.0477 5028	pcmcia - ok
01:00:55.0508 5028	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
01:00:55.0508 5028	pcw - ok
01:00:55.0539 5028	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
01:00:55.0602 5028	PEAUTH - ok
01:00:55.0680 5028	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
01:00:55.0727 5028	PptpMiniport - ok
01:00:55.0773 5028	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
01:00:55.0805 5028	Processor - ok
01:00:55.0851 5028	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
01:00:55.0914 5028	Psched - ok
01:00:55.0992 5028	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
01:00:56.0023 5028	ql2300 - ok
01:00:56.0148 5028	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
01:00:56.0148 5028	ql40xx - ok
01:00:56.0195 5028	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
01:00:56.0226 5028	QWAVEdrv - ok
01:00:56.0257 5028	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
01:00:56.0304 5028	RasAcd - ok
01:00:56.0351 5028	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:00:56.0397 5028	RasAgileVpn - ok
01:00:56.0429 5028	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:00:56.0475 5028	Rasl2tp - ok
01:00:56.0522 5028	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
01:00:56.0569 5028	RasPppoe - ok
01:00:56.0616 5028	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
01:00:56.0663 5028	RasSstp - ok
01:00:56.0709 5028	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
01:00:56.0756 5028	rdbss - ok
01:00:56.0787 5028	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
01:00:56.0819 5028	rdpbus - ok
01:00:56.0865 5028	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:00:56.0912 5028	RDPCDD - ok
01:00:56.0975 5028	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
01:00:57.0021 5028	RDPENCDD - ok
01:00:57.0053 5028	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
01:00:57.0099 5028	RDPREFMP - ok
01:00:57.0131 5028	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
01:00:57.0162 5028	RDPWD - ok
01:00:57.0224 5028	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
01:00:57.0240 5028	rdyboost - ok
01:00:57.0318 5028	RimUsb          (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
01:00:57.0365 5028	RimUsb - ok
01:00:57.0411 5028	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
01:00:57.0458 5028	rspndr - ok
01:00:57.0505 5028	RSUSBSTOR       (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys
01:00:57.0521 5028	RSUSBSTOR - ok
01:00:57.0567 5028	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
01:00:57.0599 5028	RTL8167 - ok
01:00:57.0661 5028	rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
01:00:57.0692 5028	rtl8192se - ok
01:00:57.0801 5028	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
01:00:57.0817 5028	sbp2port - ok
01:00:57.0864 5028	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
01:00:57.0926 5028	scfilter - ok
01:00:57.0989 5028	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:00:58.0035 5028	secdrv - ok
01:00:58.0113 5028	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
01:00:58.0160 5028	Serenum - ok
01:00:58.0207 5028	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
01:00:58.0238 5028	Serial - ok
01:00:58.0285 5028	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
01:00:58.0316 5028	sermouse - ok
01:00:58.0363 5028	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
01:00:58.0425 5028	sffdisk - ok
01:00:58.0441 5028	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
01:00:58.0472 5028	sffp_mmc - ok
01:00:58.0488 5028	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
01:00:58.0535 5028	sffp_sd - ok
01:00:58.0566 5028	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
01:00:58.0597 5028	sfloppy - ok
01:00:58.0659 5028	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:00:58.0691 5028	Sftfs - ok
01:00:58.0706 5028	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:00:58.0722 5028	Sftplay - ok
01:00:58.0737 5028	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:00:58.0753 5028	Sftredir - ok
01:00:58.0769 5028	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:00:58.0769 5028	Sftvol - ok
01:00:58.0800 5028	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
01:00:58.0815 5028	sisagp - ok
01:00:58.0862 5028	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:00:58.0878 5028	SiSRaid2 - ok
01:00:58.0909 5028	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
01:00:58.0909 5028	SiSRaid4 - ok
01:00:58.0940 5028	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
01:00:59.0003 5028	Smb - ok
01:00:59.0081 5028	speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
01:00:59.0081 5028	speedfan - ok
01:00:59.0112 5028	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
01:00:59.0112 5028	spldr - ok
01:00:59.0143 5028	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
01:00:59.0205 5028	srv - ok
01:00:59.0237 5028	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
01:00:59.0268 5028	srv2 - ok
01:00:59.0299 5028	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
01:00:59.0330 5028	srvnet - ok
01:00:59.0377 5028	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
01:00:59.0393 5028	ssmdrv - ok
01:00:59.0502 5028	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
01:00:59.0517 5028	stexstor - ok
01:00:59.0549 5028	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
01:00:59.0564 5028	swenum - ok
01:00:59.0611 5028	SynTP           (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
01:00:59.0627 5028	SynTP - ok
01:00:59.0689 5028	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
01:00:59.0720 5028	Tcpip - ok
01:00:59.0907 5028	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
01:00:59.0939 5028	TCPIP6 - ok
01:00:59.0970 5028	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
01:01:00.0001 5028	tcpipreg - ok
01:01:00.0048 5028	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
01:01:00.0095 5028	TDPIPE - ok
01:01:00.0110 5028	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
01:01:00.0157 5028	TDTCP - ok
01:01:00.0204 5028	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
01:01:00.0251 5028	tdx - ok
01:01:00.0297 5028	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
01:01:00.0297 5028	TermDD - ok
01:01:00.0344 5028	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:01:00.0391 5028	tssecsrv - ok
01:01:00.0453 5028	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
01:01:00.0516 5028	TsUsbFlt - ok
01:01:00.0656 5028	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
01:01:00.0656 5028	TuneUpUtilitiesDrv - ok
01:01:00.0781 5028	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
01:01:00.0828 5028	tunnel - ok
01:01:00.0859 5028	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
01:01:00.0875 5028	uagp35 - ok
01:01:00.0921 5028	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
01:01:00.0968 5028	udfs - ok
01:01:01.0015 5028	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
01:01:01.0031 5028	uliagpkx - ok
01:01:01.0062 5028	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
01:01:01.0093 5028	umbus - ok
01:01:01.0124 5028	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
01:01:01.0155 5028	UmPass - ok
01:01:01.0218 5028	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
01:01:01.0249 5028	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
01:01:01.0249 5028	USBAAPL - detected UnsignedFile.Multi.Generic (1)
01:01:01.0296 5028	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
01:01:01.0343 5028	usbccgp - ok
01:01:01.0374 5028	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
01:01:01.0405 5028	usbcir - ok
01:01:01.0436 5028	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
01:01:01.0452 5028	usbehci - ok
01:01:01.0483 5028	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
01:01:01.0514 5028	usbhub - ok
01:01:01.0561 5028	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
01:01:01.0592 5028	usbohci - ok
01:01:01.0623 5028	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
01:01:01.0639 5028	usbprint - ok
01:01:01.0670 5028	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
01:01:01.0701 5028	usbscan - ok
01:01:01.0764 5028	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:01:01.0811 5028	USBSTOR - ok
01:01:01.0826 5028	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
01:01:01.0873 5028	usbuhci - ok
01:01:01.0951 5028	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
01:01:01.0982 5028	usbvideo - ok
01:01:02.0060 5028	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
01:01:02.0076 5028	vdrvroot - ok
01:01:02.0138 5028	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
01:01:02.0185 5028	vga - ok
01:01:02.0216 5028	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
01:01:02.0232 5028	VgaSave - ok
01:01:02.0279 5028	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
01:01:02.0279 5028	vhdmp - ok
01:01:02.0310 5028	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
01:01:02.0325 5028	viaagp - ok
01:01:02.0357 5028	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
01:01:02.0372 5028	ViaC7 - ok
01:01:02.0403 5028	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
01:01:02.0419 5028	viaide - ok
01:01:02.0466 5028	vodafone_K3805-z_dc_enum (99d9ea024462c5ab369299f794c0bab7) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
01:01:02.0528 5028	vodafone_K3805-z_dc_enum - ok
01:01:02.0559 5028	vodafone_zte_cdc_acm (3ad0d0044a4f2ad80f368bb9293ffee5) C:\Windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys
01:01:02.0591 5028	vodafone_zte_cdc_acm - ok
01:01:02.0622 5028	vodafone_zte_cdc_ecm (83e9661bc716bf1bfea7a6a6273a4cec) C:\Windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys
01:01:02.0653 5028	vodafone_zte_cdc_ecm - ok
01:01:02.0700 5028	vodafone_zte_cpo (ece758f4838df809e116cfd401d503a4) C:\Windows\system32\DRIVERS\vodafone_zte_cpo.sys
01:01:02.0731 5028	vodafone_zte_cpo - ok
01:01:02.0762 5028	vodafone_zte_ecm_enum (565b78a7ca79b32369b9e734c653de36) C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys
01:01:02.0793 5028	vodafone_zte_ecm_enum - ok
01:01:02.0825 5028	vodafone_zte_ecm_enum_filter (565b78a7ca79b32369b9e734c653de36) C:\Windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys
01:01:02.0825 5028	vodafone_zte_ecm_enum_filter - ok
01:01:02.0856 5028	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
01:01:02.0871 5028	volmgr - ok
01:01:02.0918 5028	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
01:01:02.0934 5028	volmgrx - ok
01:01:02.0981 5028	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
01:01:02.0996 5028	volsnap - ok
01:01:03.0043 5028	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
01:01:03.0059 5028	vsmraid - ok
01:01:03.0090 5028	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
01:01:03.0121 5028	vwifibus - ok
01:01:03.0168 5028	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
01:01:03.0215 5028	vwififlt - ok
01:01:03.0261 5028	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
01:01:03.0277 5028	WacomPen - ok
01:01:03.0324 5028	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:03.0371 5028	WANARP - ok
01:01:03.0371 5028	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:01:03.0402 5028	Wanarpv6 - ok
01:01:03.0464 5028	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
01:01:03.0480 5028	Wd - ok
01:01:03.0527 5028	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:01:03.0542 5028	Wdf01000 - ok
01:01:03.0589 5028	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
01:01:03.0636 5028	WfpLwf - ok
01:01:03.0667 5028	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
01:01:03.0667 5028	WIMMount - ok
01:01:03.0745 5028	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
01:01:03.0792 5028	WinUsb - ok
01:01:03.0823 5028	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
01:01:03.0870 5028	WmiAcpi - ok
01:01:03.0917 5028	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
01:01:03.0963 5028	ws2ifsl - ok
01:01:04.0010 5028	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
01:01:04.0057 5028	WudfPf - ok
01:01:04.0104 5028	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:01:04.0151 5028	WUDFRd - ok
01:01:04.0229 5028	X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
01:01:04.0244 5028	X10Hid - ok
01:01:04.0291 5028	XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys
01:01:04.0307 5028	XUIF - ok
01:01:04.0338 5028	MBR (0x1B8)     (7827ce22d5b6a2e3fa5111270dd20242) \Device\Harddisk0\DR0
01:01:06.0693 5028	\Device\Harddisk0\DR0 - ok
01:01:06.0725 5028	Boot (0x1200)   (b0d5a8fbf3d19023aa16814c187ebafb) \Device\Harddisk0\DR0\Partition0
01:01:06.0725 5028	\Device\Harddisk0\DR0\Partition0 - ok
01:01:06.0740 5028	Boot (0x1200)   (94a25f0864972491b870d83b6c2142c2) \Device\Harddisk0\DR0\Partition1
01:01:06.0740 5028	\Device\Harddisk0\DR0\Partition1 - ok
01:01:06.0771 5028	Boot (0x1200)   (e07850f3d6af56e0d1116a7339a3b2db) \Device\Harddisk0\DR0\Partition2
01:01:06.0771 5028	\Device\Harddisk0\DR0\Partition2 - ok
01:01:06.0771 5028	============================================================
01:01:06.0771 5028	Scan finished
01:01:06.0771 5028	============================================================
01:01:06.0787 4280	Detected object count: 2
01:01:06.0787 4280	Actual detected object count: 2
01:01:27.0223 4280	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:27.0223 4280	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:01:27.0223 4280	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
01:01:27.0223 4280	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 22.02.2012, 11:08   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2012, 17:07   #12
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-22.01 - Mark 22.02.2012  16:36:28.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3253.2019 [GMT 1:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\users\Mark\AppData\Local\Minibar
c:\users\Mark\AppData\Local\Minibar\chrome\background.html
c:\users\Mark\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Mark\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Mark\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Mark\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Mark\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Mark\AppData\Local\Minibar\chrome\main.js
c:\users\Mark\AppData\Local\Minibar\chrome\manifest.json
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Mark\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Mark\AppData\Local\Minibar\chrome\popup.html
c:\users\Mark\AppData\Local\Minibar\chrome\popup.js
c:\users\Mark\AppData\Local\Minibar\chrome\tab.html
c:\users\Mark\AppData\Local\Minibar\chrome\tab.js
c:\users\Mark\AppData\Local\Minibar\chrome_installer.js
c:\users\Mark\AppData\Local\Minibar\common.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Mark\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Mark\AppData\Local\Minibar\firefox\install.rdf
c:\users\Mark\AppData\Local\Minibar\firefox_installer.js
c:\users\Mark\AppData\Local\Minibar\ie_installer.js
c:\users\Mark\AppData\Local\Minibar\install.json
c:\users\Mark\AppData\Local\Minibar\minibar.crx
c:\users\Mark\AppData\Local\Minibar\minibar.xpi
c:\users\Mark\AppData\Local\Minibar\sqlite3.exe
c:\users\Mark\AppData\Local\Minibar\Uninstall.exe
c:\users\Mark\AppData\Roaming\toolplugin\toOLbar.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-22 15:45 . 2012-02-22 15:45	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-02-21 16:33 . 2012-02-21 16:34	--------	d-----w-	c:\program files\facebookJS
2012-02-18 13:39 . 2012-02-18 13:39	--------	d-----w-	c:\users\Mark\AppData\Local\ElevatedDiagnostics
2012-02-18 13:25 . 2012-02-18 13:25	--------	d-----w-	C:\_OTL
2012-02-17 14:40 . 2012-02-17 14:40	--------	d-----w-	c:\program files\ESET
2012-02-17 14:35 . 2012-01-17 03:39	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8472B2D-56E4-4918-9151-D32D199FCBAD}\mpengine.dll
2012-02-16 16:56 . 2012-02-16 16:56	--------	d-----w-	c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-16 16:56 . 2012-02-16 16:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-16 16:56 . 2012-02-16 16:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-16 16:56 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-16 12:30 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 12:29 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 12:29 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 00:08 . 2012-02-20 19:58	--------	d-----w-	c:\program files\SpeedFan
2012-02-15 15:18 . 2011-12-13 08:35	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-02-15 15:18 . 2011-12-13 08:29	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-02-15 15:18 . 2011-12-13 08:29	29504	----a-w-	c:\windows\system32\uxtuneup.dll
2012-02-15 15:16 . 2012-02-15 15:19	--------	d-----w-	c:\program files\TuneUp Utilities 2011
2012-02-15 15:15 . 2012-02-15 15:15	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-02-05 15:38 . 2012-02-05 15:38	--------	d-----w-	c:\program files\SystemRequirementsLab
2012-02-05 15:37 . 2012-02-05 15:37	--------	d-----w-	c:\users\Mark\SystemRequirementsLab
2012-02-03 20:54 . 2012-02-03 20:54	11776	----a-w-	c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-02-03 20:54 . 2012-02-03 20:54	--------	d-----w-	c:\program files\Common Files\xing shared
2012-02-03 20:54 . 2012-02-03 20:54	150696	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-02-03 20:53 . 2012-02-03 20:53	108544	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-02-02 12:59 . 2012-02-15 15:17	--------	d-----w-	c:\users\Mark\AppData\Roaming\TuneUp Software
2012-02-02 12:57 . 2012-02-15 15:17	--------	d-----w-	c:\programdata\TuneUp Software
2012-02-02 12:57 . 2012-02-02 12:57	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-31 17:01 . 2012-01-31 17:01	--------	d-----w-	c:\program files\SweetIM
2012-01-31 17:01 . 2012-01-31 17:01	--------	d-----w-	c:\programdata\SweetIM
2012-01-28 16:58 . 2012-01-28 16:58	--------	d-----w-	c:\programdata\Caphyon
2012-01-28 16:58 . 2012-01-28 16:58	--------	d-----w-	c:\program files\SaferSurf-for-Free
2012-01-28 16:58 . 2012-01-28 16:58	--------	d-----w-	c:\programdata\Nutzwerk
2012-01-27 01:31 . 1998-10-29 15:45	306688	----a-w-	c:\windows\IsUninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 13:43 . 2010-11-01 19:24	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-09 13:43 . 2010-10-29 13:24	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-06 13:53 . 2010-10-29 13:25	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 13:53 . 2010-10-29 13:25	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 13:53 . 2010-12-25 12:04	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-03 20:53 . 2010-08-09 12:18	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-01-26 23:21 . 2010-07-06 21:02	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-26 19:52 . 2011-10-27 09:53	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-21 15:22 . 2010-11-01 19:25	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-21 17:04 . 2011-05-10 01:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27	1330480	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-02 9222760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-02 1481320]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SecureW2 Tray"="c:\program files\SecureW2\sw2_tray.exe" [2010-11-08 255368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 176408]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Valve\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"MobileBroadband"=c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\DRIVERS\vodafone_zte_cpo.sys [2011-05-20 9984]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1343400]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R4 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-11 249648]
R4 GlobRobProxyServices;GlobRobProxyServices;c:\program files\SaferSurf-for-Free\bin\GlobRobProxyServices.exe [2011-09-15 1325992]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-26 19656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-07-27 1620584]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SW2SVC;SecureW2 Service;c:\program files\SecureW2\sw2_service.exe [2010-11-08 107400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-10 2320920]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-07-08 10064]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952]
S3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [2011-05-20 67968]
S3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys [2011-05-20 52224]
S3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys [2011-05-20 47488]
S3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [2011-05-20 47488]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 16:56]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 16:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.imesh.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = local;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Mark\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mark\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\SaferSurf-for-Free\bin\wslsp.dll
TCP: Interfaces\{E26559E0-6842-4CEA-BEB2-774854E241BE}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0jgigkal.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://co109w.col109.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1960928614!fid=1&fav=1&n=121980293|www.facebook.com|https://webmail.tu-harburg.de/horde/imp/login.php
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-22  16:47:22
ComboFix-quarantined-files.txt  2012-02-22 15:47
.
Vor Suchlauf: 9 Verzeichnis(se), 313.791.270.912 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 313.886.969.856 Bytes frei
.
- - End Of File - - 9A9093F499140676284331EC63F5D1CA
         
--- --- ---

Alt 22.02.2012, 19:48   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.02.2012, 00:51   #14
jonnyfoka
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Log GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-22 23:18:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1
Running: oqjqq6vl.exe; Driver: C:\Users\Mark\AppData\Local\Temp\pwldypoc.sys


---- System - GMER 1.0.15 ----

SSDT            91BB0ACE                                                                                                                                                                                                                                    ZwCreateSection
SSDT            91BB0AD3                                                                                                                                                                                                                                    ZwSetContextThread
SSDT            91BB0A6F                                                                                                                                                                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                                                                                                                               82E82369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                                      82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                                                         82EC2EAC 4 Bytes  [CE, 0A, BB, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                                                         82EC324C 4 Bytes  [D3, 0A, BB, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                                                                                                                                                         82EC3324 4 Bytes  [6F, 0A, BB, 91]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004f                                                                                                                                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                                                                                          0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                                                                                          0x46 0x47 0x15 0xB0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                                                                                          0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                                                                                          0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                                                                                          0xCD 0x44 0xCD 0xB9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                                                                                          0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                                                                                          0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                                                                                          0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                                                                                          0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                                                                                          0xB1 0xCD 0x45 0x5A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                                                                                          0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                                                                                           
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                                                                                            Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                                                                                          C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                                                                                          0xFA 0xEA 0x66 0x7F ...
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Mark\Desktop\Spiele\Sniper[bna]\x2122Uploadz - Plants vs Zombies - GOTY Edition\Plants.vs.Zombies.GOTY.Edition.Sniper[bna].exe  1

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Log Osam:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:32:01 on 22.02.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Mark\AppData\Local\Temp\catchme.sys  (File not found)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"pwldypoc" (pwldypoc) - ? - C:\Users\Mark\AppData\Local\Temp\pwldypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"speedfan" (speedfan) - "Almico Software" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -   (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
<binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetPacks Browser Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"                                                                                                                                                                                                                        
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SecureW2 Tray" - "SecureW2 B.V." - C:\Program Files\SecureW2\sw2_tray.exe
"Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SecureW2 Service" (SW2SVC) - "SecureW2 B.V." - C:\Program Files\SecureW2\sw2_service.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Vodafone-Mobile-Broadband-Dienst" (VmbService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"GlobRob" - "alpha 2000 GmbH" - C:\Program Files\SaferSurf-for-Free\bin\wslsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

Ich konnte mit aswMBR.exe keinen erfolgreichen Scann durchführen. Das erste Mal ist es mitten Beim Scann abgestürzt, beim zweiten Mal habe ich auch die Antivirprogs deaktiviert und es ist trotzdem einfach so abgestürzt. Beide Mal nach einer längeren Zeit, weshalb ich es auch kein drittes Mal versucht habe. Am Laptop habe ich während des Scanns nicht gearbeitet.

Alt 23.02.2012, 09:54   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Standard

System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien



Konntest du denn erkennen, wie aswMBR den MBR einstuft?
Sowas wie "unknown MBR code" oder Windows 7 default MBR code" ?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien
abstürze, anfang, antivirus, anwendungen, auslastung, bild, cpu, cpu auslastung, cpu auslastung hoch, fehlermedungen, firefox, folge, gekauft, gen, gmer, grundlos, hack, hochfahren, hohe, logfiles, malware, musik, netzteil, probleme, programme, sekunden, system, systemabstürze, unflüssige wiedergabe, viren



Ähnliche Themen: System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien


  1. Win 10 system.exe sorgt für hohe Arbeitsspeicher-Auslastung + Adware Problem
    Log-Analyse und Auswertung - 12.09.2015 (22)
  2. Taskmanager, verschiedene Diensthoster, Dateipfad Win, system 32 , svchost hohe Auslastung
    Plagegeister aller Art und deren Bekämpfung - 25.08.2015 (24)
  3. Win7 System sehr träge, svchost.exe hohe Auslastung
    Log-Analyse und Auswertung - 12.01.2015 (13)
  4. System / Ntoskrnl verursachen sehr hohe HDD-Auslastung | Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (3)
  5. Hohe CPU/Ram-Auslastung
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (15)
  6. Hohe CPU/Ram-Auslastung
    Alles rund um Windows - 17.11.2012 (5)
  7. Hohe CPU Auslastung!
    Log-Analyse und Auswertung - 22.04.2011 (6)
  8. Hohe CPU Auslastung beim Prozess System
    Log-Analyse und Auswertung - 08.03.2011 (7)
  9. hohe cpu auslastung
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2010 (5)
  10. Hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 11.11.2009 (2)
  11. Prozess System hohe cpu auslastung
    Log-Analyse und Auswertung - 25.09.2009 (7)
  12. Hohe System-Auslastung! Bitte untersuchen!
    Log-Analyse und Auswertung - 01.07.2007 (2)
  13. Prozess "System" hohe auslastung bei Spielen
    Log-Analyse und Auswertung - 20.04.2007 (2)
  14. Hohe Auslastung
    Log-Analyse und Auswertung - 26.12.2006 (5)
  15. Hohe CPU-Auslastung..Help!!!
    Log-Analyse und Auswertung - 12.12.2006 (3)
  16. Prozess System hat hohe CPU Auslastung
    Log-Analyse und Auswertung - 20.09.2006 (10)
  17. PC hat hohe CPU Auslastung :<
    Log-Analyse und Auswertung - 28.05.2005 (10)

Zum Thema System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien - Hallo seit einiger Zeit habe ich Probleme mit meinem Laptop. Es ist ein Laptop der Marke Medion mit der Modelbezeichnung Akoya p6624. Ich habe es vor einem Jahr bei Aldi - System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien...
Archiv
Du betrachtest: System und Programmabstürze, hohe Cpu Auslastung und unflüssige Wiedergabe von Medien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.