| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Notebook sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.07.2012, 13:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Notebook sehr langsam Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.07.2012, 15:11
| #17 |
 | Notebook sehr langsamCode:
ATTFilter OTL logfile created on: 7/8/2012 3:58:19 PM - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\G\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 64.64% Memory free 7.83 Gb Paging File | 5.87 Gb Available in Paging File | 75.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 404.00 Gb Total Space | 123.04 Gb Free Space | 30.46% Space Free | Partition Type: NTFS Drive D: | 38.83 Gb Total Space | 38.74 Gb Free Space | 99.77% Space Free | Partition Type: NTFS Computer Name: G-PC | User Name: G | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/27 10:39:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe PRC - [2012/05/08 20:46:41 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 20:46:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 20:46:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/01/18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/01/18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/20 15:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/05/05 14:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/05/05 14:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/05/04 23:01:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/01/11 08:31:34 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2011/01/04 15:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/12/23 08:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/11/29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/11/17 10:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/11/10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/10/25 19:06:01 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011/10/04 21:41:20 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2010/10/08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:64bit: - [2010/08/09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/06/21 23:14:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/08 20:46:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/08 20:46:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/01/18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/01/18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/26 22:29:24 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/05/05 14:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011/05/05 14:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011/05/04 23:01:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/08 20:46:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/08 20:46:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/19 13:44:24 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2012/01/18 17:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012/01/18 17:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012/01/18 17:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012/01/18 14:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012/01/18 14:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/12/28 21:41:52 | 000,207,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/12/01 22:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011/10/23 23:41:07 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011/08/29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011/08/08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/05/04 23:01:52 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011/04/22 12:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/20 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/10/08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/05/20 16:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010/03/30 08:27:30 | 000,069,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010/03/30 08:25:50 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2008/02/05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2011/08/05 11:09:29 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2010/03/31 00:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 23:14:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 11:41:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\extensions\firejump@firejump.net [2011/10/22 13:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\mozilla\Extensions [2012/07/05 22:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions [2012/01/29 15:01:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/05/30 18:35:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/06/18 11:41:25 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com [2011/12/19 15:47:23 | 000,000,933 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\11-suche.xml [2011/12/19 15:47:23 | 000,002,419 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\englische-ergebnisse.xml [2011/12/19 15:47:23 | 000,010,525 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\gmx-suche.xml [2011/12/19 15:47:23 | 000,002,457 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\lastminute.xml [2011/12/19 15:47:22 | 000,005,508 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\webde-suche.xml [2012/03/16 19:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/05 22:23:13 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BY9KKSW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/21 23:14:51 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/07 21:40:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/18 11:41:11 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/06/21 23:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/21 23:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/21 23:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/21 23:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/21 23:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/21 23:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/06/26 10:50:12 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15215 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uni-wuppertal.mobi/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B59B1-CBE5-4772-BCC3-722D5F5A4619}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/25 18:28:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell - "" = AutoRun O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell\AutoRun\command - "" = F:\setup.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BrStsMon00 - hkey= - key= - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {377AEFA0-3D2B-5B79-705D-A9D814743CA1} - Microsoft Windows Media Player ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5D97364F-A701-CDE8-EE4F-57278DDF81BF} - Offline Browsing Pack ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6A751455-C82C-4437-EB5A-FA80DDEA4006} - Internet Explorer ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6C0E39FC-DFCF-BC79-60BE-41542D75A4EE} - Themes Setup ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {70256904-FFA3-8809-3097-33B38B7D6B68} - Java (Sun) ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.VMnc - C:\windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\G\DownloadsContaine [2012/07/05 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/07/05 01:26:07 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Moxyu [2012/07/02 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/02 21:31:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/02 21:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/27 10:39:18 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe [2012/06/26 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\G\Desktop\Neuer Ordner (9) [2012/06/18 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\My Pictures [2012/06/18 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\My Music [2012/06/18 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft [2012/06/18 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Atari [2012/06/18 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\RCT3 [2012/06/18 21:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2012/06/18 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2012/06/18 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\loadtbs [2012/06/17 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2012/06/17 13:19:16 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\windows\ETDUninst.dll [2012/06/15 20:56:22 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Local\Macromedia [2012/06/11 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Local\Apple Computer [2012/06/11 13:33:11 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Apple Computer [2012/04/05 13:34:35 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\G\bootwizard.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/08 15:58:14 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/08 15:58:14 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/08 15:54:38 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/08 15:54:32 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/08 15:54:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/08 14:24:01 | 4202,893,312 | -HS- | M] () -- C:\hiberfil.sys [2012/07/08 14:23:59 | 000,359,747 | ---- | M] () -- C:\windows\SysNative\oodbs.lor [2012/07/01 23:26:32 | 000,008,235 | ---- | M] () -- C:\Users\G\Desktop\AVSCAN-20120701-214356-7469CF7D.rar [2012/06/27 10:41:48 | 000,000,168 | ---- | M] () -- C:\Users\G\defogger_reenable [2012/06/27 10:39:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe [2012/06/27 10:39:10 | 000,050,477 | ---- | M] () -- C:\Users\G\Desktop\Defogger.exe [2012/06/26 10:50:12 | 000,442,922 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/06/25 17:04:16 | 001,506,860 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/25 17:04:16 | 000,660,680 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/06/25 17:04:16 | 000,620,184 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/25 17:04:16 | 000,132,846 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/06/25 17:04:16 | 000,109,090 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/20 11:35:40 | 000,001,041 | ---- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/20 11:35:32 | 000,001,001 | ---- | M] () -- C:\Users\G\Desktop\Dropbox.lnk [2012/06/18 21:44:56 | 000,043,520 | ---- | M] () -- C:\windows\SysWow64\CmdLineExt03.dll [2012/06/18 18:32:48 | 004,365,200 | ---- | M] () -- C:\Users\G\Desktop\VIDEO0037.3gp [2012/06/18 00:40:10 | 000,387,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/10 11:33:09 | 000,017,914 | ---- | M] () -- C:\windows\SysNative\results.xml [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/01 23:26:32 | 000,008,235 | ---- | C] () -- C:\Users\G\Desktop\AVSCAN-20120701-214356-7469CF7D.rar [2012/06/27 10:41:48 | 000,000,168 | ---- | C] () -- C:\Users\G\defogger_reenable [2012/06/27 10:39:09 | 000,050,477 | ---- | C] () -- C:\Users\G\Desktop\Defogger.exe [2012/06/20 11:07:09 | 000,001,041 | ---- | C] () -- C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/18 21:40:54 | 000,197,120 | ---- | C] () -- C:\windows\patchw32.dll [2012/06/18 21:24:11 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2012/06/18 18:42:50 | 004,365,200 | ---- | C] () -- C:\Users\G\Desktop\VIDEO0037.3gp [2012/04/24 20:24:34 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/04/07 21:03:06 | 000,000,872 | ---- | C] () -- C:\Users\G\.recently-used.xbel [2012/03/22 01:27:45 | 022,259,528 | ---- | C] () -- C:\Users\G\vlc-2.0.1-win32.exe [2012/02/20 19:08:03 | 001,534,456 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/02/05 11:11:40 | 000,000,043 | ---- | C] () -- C:\windows\vidpidfix.INI [2012/01/28 15:43:32 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011/12/20 23:01:02 | 011,754,176 | ---- | C] () -- C:\Users\G\Navigon.v361.apk [2011/11/26 20:52:47 | 000,410,942 | ---- | C] () -- C:\windows\adb.exe [2011/11/26 20:52:47 | 000,401,408 | ---- | C] () -- C:\windows\wget.exe [2011/11/26 20:52:47 | 000,356,009 | ---- | C] () -- C:\windows\fastboot.exe [2011/11/26 20:52:47 | 000,063,488 | ---- | C] () -- C:\windows\md5sum.exe [2011/11/03 19:37:12 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI [2011/10/23 23:03:47 | 000,000,010 | ---- | C] () -- C:\windows\popcinfo.dat [2011/10/22 13:11:54 | 000,001,076 | ---- | C] () -- C:\Users\G\Ihre Meinung ist wichtig.lnk [2011/06/09 23:20:58 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/06/09 23:17:15 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/06/09 09:15:43 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/06/09 08:39:28 | 000,000,618 | ---- | C] () -- C:\windows\HotFixList.ini [2011/06/09 08:39:05 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe ========== LOP Check ========== [2011/12/20 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Android [2012/06/18 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Atari [2011/10/25 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Autodesk [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DAEMON Tools Lite [2011/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DeepBurner [2011/10/23 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon [2012/07/08 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Dropbox [2012/01/29 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoft [2012/01/29 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/07 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\gtk-2.0 [2012/04/28 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC [2011/12/21 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/07/08 15:57:30 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\ICQ [2011/10/27 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Juniper Networks [2012/06/18 11:41:26 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\loadtbs [2012/07/05 01:27:45 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Moxyu [2012/04/28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\MyPhoneExplorer [2011/10/23 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\OCS [2011/10/23 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Opera [2012/04/28 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PDroidPatcher [2011/10/27 18:42:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PlayFirst [2012/04/11 11:18:26 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/12/19 01:51:15 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Adobe [2011/12/20 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Android [2012/06/11 13:33:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Apple Computer [2012/06/18 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Atari [2011/10/25 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Autodesk [2011/10/22 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Avira [2012/02/29 20:57:56 | 000,000,000 | R--D | M] -- C:\Users\G\AppData\Roaming\Brother [2011/10/23 13:22:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\CyberLink [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DAEMON Tools Lite [2011/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DeepBurner [2011/10/23 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon [2012/07/08 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Dropbox [2012/01/29 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoft [2012/01/29 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/07 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\gtk-2.0 [2012/04/28 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC [2011/12/21 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/07/08 15:57:30 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\ICQ [2011/10/22 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Identities [2011/10/22 13:34:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\InstallShield [2011/10/27 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Juniper Networks [2012/06/18 11:41:26 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\loadtbs [2011/10/22 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Macromedia [2012/04/27 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Malwarebytes [2011/06/09 23:30:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Media Center Programs [2012/04/17 21:35:22 | 000,000,000 | --SD | M] -- C:\Users\G\AppData\Roaming\Microsoft [2012/07/05 01:27:45 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Moxyu [2011/10/22 13:39:52 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Mozilla [2012/04/28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\MyPhoneExplorer [2011/10/24 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\NVIDIA [2011/10/23 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\OCS [2011/10/23 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Opera [2012/04/28 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PDroidPatcher [2011/10/27 18:42:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PlayFirst [2012/05/24 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Skype [2012/05/24 08:34:49 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\skypePM [2012/07/06 01:00:21 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\vlc [2012/07/07 22:25:58 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\VMware [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Winamp [2011/10/23 23:58:44 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/12/20 00:13:21 | 000,163,840 | ---- | M] (Igor Pavlov) -- C:\Users\G\AppData\Roaming\Android\7z.exe [2011/12/20 00:13:21 | 005,441,083 | ---- | M] () -- C:\Users\G\AppData\Roaming\Android\aapt.exe [2011/10/23 12:40:58 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012/05/24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012/05/24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012/06/18 11:41:11 | 012,697,088 | ---- | M] () -- C:\Users\G\AppData\Roaming\loadtbs\ffmpeg.exe [2012/06/18 11:41:11 | 001,243,136 | ---- | M] (InfiniAd GmbH) -- C:\Users\G\AppData\Roaming\loadtbs\uninstall.exe [2012/06/18 11:41:11 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\G\AppData\Roaming\loadtbs\ytdl.exe [2012/04/28 10:23:52 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\G\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012/02/06 11:01:09 | 000,005,632 | R--- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Installer\{9EC14056-1A97-11D8-A8F3-0050DA519711}\IconEB7F0E66.exe [2012/02/06 11:01:09 | 000,005,120 | R--- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Installer\{9EC14056-1A97-11D8-A8F3-0050DA519711}\IconEB7F0E663.exe [2011/10/23 12:40:40 | 000,106,496 | ---- | M] (OCS) -- C:\Users\G\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2011/10/23 12:40:40 | 000,040,960 | ---- | M] () -- C:\Users\G\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe < %SYSTEMDRIVE%\*.exe > [2004/01/03 20:31:10 | 002,806,272 | ---- | M] () -- C:\Setup303de.exe < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 07:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\windows\SysNative\drivers\iaStor.sys [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
08.07.2012, 15:12
| #18 |
| | Notebook sehr langsam Edit: Doppelt
__________________ |
|
09.07.2012, 11:48
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsamCode:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.07.2012, 15:37
| #20 |
| | Notebook sehr langsam Diesen einen Punkt hatte ich übersehen. So jetzt nochmal hoffentlich richtig^^ Code:
ATTFilter OTL logfile created on: 7/9/2012 4:19:26 PM - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\G\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.10% Memory free 7.83 Gb Paging File | 5.83 Gb Available in Paging File | 74.43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 404.00 Gb Total Space | 122.04 Gb Free Space | 30.21% Space Free | Partition Type: NTFS Drive D: | 38.83 Gb Total Space | 38.74 Gb Free Space | 99.77% Space Free | Partition Type: NTFS Computer Name: G-PC | User Name: G | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/27 10:39:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe PRC - [2012/05/08 20:46:41 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 20:46:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 20:46:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/01/18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/01/18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/12/20 15:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/05/05 14:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/05/05 14:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/05/04 23:01:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/01/11 08:31:34 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2011/01/04 15:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/12/23 08:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/11/29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/11/17 10:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/11/10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/10/25 19:06:01 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011/10/04 21:41:20 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2010/10/08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:64bit: - [2010/08/09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/06/21 23:14:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/08 20:46:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/08 20:46:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/01/18 17:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/01/18 17:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/01/18 14:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/26 22:29:24 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/05/05 14:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011/05/05 14:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011/05/04 23:01:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/08 20:46:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/08 20:46:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/19 13:44:24 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2012/01/18 17:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012/01/18 17:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012/01/18 17:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012/01/18 14:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012/01/18 14:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/12/28 21:41:52 | 000,207,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/12/01 22:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011/10/23 23:41:07 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011/08/29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011/08/08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/05/04 23:01:52 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011/04/22 12:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/20 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/10/08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/05/20 16:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010/03/30 08:27:30 | 000,069,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010/03/30 08:25:50 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2008/02/05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2011/08/05 11:09:29 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2010/03/31 00:00:00 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 23:14:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 11:41:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\extensions\firejump@firejump.net [2011/10/22 13:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\mozilla\Extensions [2012/07/05 22:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions [2012/01/29 15:01:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/05/30 18:35:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/06/18 11:41:25 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com [2011/12/19 15:47:23 | 000,000,933 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\11-suche.xml [2011/12/19 15:47:23 | 000,002,419 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\englische-ergebnisse.xml [2011/12/19 15:47:23 | 000,010,525 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\gmx-suche.xml [2011/12/19 15:47:23 | 000,002,457 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\lastminute.xml [2011/12/19 15:47:22 | 000,005,508 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\searchplugins\webde-suche.xml [2012/03/16 19:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/05 22:23:13 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BY9KKSW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/21 23:14:51 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/07 21:40:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/18 11:41:11 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/06/21 23:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/21 23:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/21 23:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/21 23:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/21 23:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/21 23:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/06/26 10:50:12 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15215 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.uni-wuppertal.mobi/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B59B1-CBE5-4772-BCC3-722D5F5A4619}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/10/25 18:28:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell - "" = AutoRun O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell\AutoRun\command - "" = F:\setup.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BrStsMon00 - hkey= - key= - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {377AEFA0-3D2B-5B79-705D-A9D814743CA1} - Microsoft Windows Media Player ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5D97364F-A701-CDE8-EE4F-57278DDF81BF} - Offline Browsing Pack ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6A751455-C82C-4437-EB5A-FA80DDEA4006} - Internet Explorer ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6C0E39FC-DFCF-BC79-60BE-41542D75A4EE} - Themes Setup ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {70256904-FFA3-8809-3097-33B38B7D6B68} - Java (Sun) ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.VMnc - C:\windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/09 01:16:48 | 000,000,000 | ---D | C] -- C:\windows\Idle [2012/07/06 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\G\DownloadsContaine [2012/07/05 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/07/05 01:26:07 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Moxyu [2012/07/02 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/02 21:31:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/02 21:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/27 10:39:18 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe [2012/06/26 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\G\Desktop\Neuer Ordner (9) [2012/06/18 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\My Pictures [2012/06/18 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\My Music [2012/06/18 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft [2012/06/18 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Atari [2012/06/18 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\G\Documents\RCT3 [2012/06/18 21:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2012/06/18 21:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2012/06/18 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\loadtbs [2012/06/17 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2012/06/17 13:19:16 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\windows\ETDUninst.dll [2012/06/15 20:56:22 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Local\Macromedia [2012/06/11 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Local\Apple Computer [2012/06/11 13:33:11 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\Apple Computer [2012/04/05 13:34:35 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\G\bootwizard.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/09 16:13:06 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/09 16:13:06 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/09 16:10:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/09 16:06:26 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/09 16:04:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/09 16:04:38 | 4202,893,312 | -HS- | M] () -- C:\hiberfil.sys [2012/07/09 16:04:37 | 000,361,022 | ---- | M] () -- C:\windows\SysNative\oodbs.lor [2012/07/01 23:26:32 | 000,008,235 | ---- | M] () -- C:\Users\G\Desktop\AVSCAN-20120701-214356-7469CF7D.rar [2012/06/27 10:41:48 | 000,000,168 | ---- | M] () -- C:\Users\G\defogger_reenable [2012/06/27 10:39:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe [2012/06/27 10:39:10 | 000,050,477 | ---- | M] () -- C:\Users\G\Desktop\Defogger.exe [2012/06/26 10:50:12 | 000,442,922 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/06/25 17:04:16 | 001,506,860 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/25 17:04:16 | 000,660,680 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/06/25 17:04:16 | 000,620,184 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/25 17:04:16 | 000,132,846 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/06/25 17:04:16 | 000,109,090 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/20 11:35:40 | 000,001,041 | ---- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/20 11:35:32 | 000,001,001 | ---- | M] () -- C:\Users\G\Desktop\Dropbox.lnk [2012/06/18 21:44:56 | 000,043,520 | ---- | M] () -- C:\windows\SysWow64\CmdLineExt03.dll [2012/06/18 18:32:48 | 004,365,200 | ---- | M] () -- C:\Users\G\Desktop\VIDEO0037.3gp [2012/06/18 00:40:10 | 000,387,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/10 11:33:09 | 000,017,914 | ---- | M] () -- C:\windows\SysNative\results.xml [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/01 23:26:32 | 000,008,235 | ---- | C] () -- C:\Users\G\Desktop\AVSCAN-20120701-214356-7469CF7D.rar [2012/06/27 10:41:48 | 000,000,168 | ---- | C] () -- C:\Users\G\defogger_reenable [2012/06/27 10:39:09 | 000,050,477 | ---- | C] () -- C:\Users\G\Desktop\Defogger.exe [2012/06/20 11:07:09 | 000,001,041 | ---- | C] () -- C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/18 21:40:54 | 000,197,120 | ---- | C] () -- C:\windows\patchw32.dll [2012/06/18 21:24:11 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2012/06/18 18:42:50 | 004,365,200 | ---- | C] () -- C:\Users\G\Desktop\VIDEO0037.3gp [2012/04/24 20:24:34 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/04/07 21:03:06 | 000,000,872 | ---- | C] () -- C:\Users\G\.recently-used.xbel [2012/03/22 01:27:45 | 022,259,528 | ---- | C] () -- C:\Users\G\vlc-2.0.1-win32.exe [2012/02/20 19:08:03 | 001,534,456 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/02/05 11:11:40 | 000,000,043 | ---- | C] () -- C:\windows\vidpidfix.INI [2012/01/28 15:43:32 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011/12/20 23:01:02 | 011,754,176 | ---- | C] () -- C:\Users\G\Navigon.v361.apk [2011/11/26 20:52:47 | 000,410,942 | ---- | C] () -- C:\windows\adb.exe [2011/11/26 20:52:47 | 000,401,408 | ---- | C] () -- C:\windows\wget.exe [2011/11/26 20:52:47 | 000,356,009 | ---- | C] () -- C:\windows\fastboot.exe [2011/11/26 20:52:47 | 000,063,488 | ---- | C] () -- C:\windows\md5sum.exe [2011/11/03 19:37:12 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI [2011/10/23 23:03:47 | 000,000,010 | ---- | C] () -- C:\windows\popcinfo.dat [2011/10/22 13:11:54 | 000,001,076 | ---- | C] () -- C:\Users\G\Ihre Meinung ist wichtig.lnk [2011/06/09 23:20:58 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/06/09 23:17:15 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/06/09 09:15:43 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/06/09 08:39:28 | 000,000,618 | ---- | C] () -- C:\windows\HotFixList.ini [2011/06/09 08:39:05 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe ========== LOP Check ========== [2011/12/20 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Android [2012/06/18 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Atari [2011/10/25 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Autodesk [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DAEMON Tools Lite [2011/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DeepBurner [2011/10/23 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon [2012/07/09 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Dropbox [2012/01/29 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoft [2012/01/29 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/07 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\gtk-2.0 [2012/04/28 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC [2011/12/21 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/07/09 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\ICQ [2011/10/27 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Juniper Networks [2012/06/18 11:41:26 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\loadtbs [2012/07/05 01:27:45 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Moxyu [2012/04/28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\MyPhoneExplorer [2011/10/23 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\OCS [2011/10/23 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Opera [2012/04/28 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PDroidPatcher [2011/10/27 18:42:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PlayFirst [2012/06/07 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WildTangent [2012/04/11 11:18:26 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/12/19 01:51:15 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Adobe [2011/12/20 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Android [2012/06/11 13:33:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Apple Computer [2012/06/18 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Atari [2011/10/25 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Autodesk [2011/10/22 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Avira [2012/02/29 20:57:56 | 000,000,000 | R--D | M] -- C:\Users\G\AppData\Roaming\Brother [2011/10/23 13:22:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\CyberLink [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DAEMON Tools Lite [2011/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DeepBurner [2011/10/23 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon [2012/07/09 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Dropbox [2012/01/29 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoft [2012/01/29 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/07 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\gtk-2.0 [2012/04/28 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC [2011/12/21 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/07/09 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\ICQ [2011/10/22 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Identities [2011/10/22 13:34:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\InstallShield [2011/10/27 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Juniper Networks [2012/06/18 11:41:26 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\loadtbs [2011/10/22 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Macromedia [2012/04/27 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Malwarebytes [2011/06/09 23:30:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Media Center Programs [2012/04/17 21:35:22 | 000,000,000 | --SD | M] -- C:\Users\G\AppData\Roaming\Microsoft [2012/07/05 01:27:45 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Moxyu [2011/10/22 13:39:52 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Mozilla [2012/04/28 14:45:51 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\MyPhoneExplorer [2011/10/24 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\NVIDIA [2011/10/23 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\OCS [2011/10/23 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Opera [2012/04/28 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PDroidPatcher [2011/10/27 18:42:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\PlayFirst [2012/05/24 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Skype [2012/05/24 08:34:49 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\skypePM [2012/07/09 01:43:25 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\vlc [2012/07/08 22:54:29 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\VMware [2012/07/01 21:41:37 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Winamp [2011/10/23 23:58:44 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/12/20 00:13:21 | 000,163,840 | ---- | M] (Igor Pavlov) -- C:\Users\G\AppData\Roaming\Android\7z.exe [2011/12/20 00:13:21 | 005,441,083 | ---- | M] () -- C:\Users\G\AppData\Roaming\Android\aapt.exe [2011/10/23 12:40:58 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\G\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012/05/24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012/05/24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\G\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012/06/18 11:41:11 | 012,697,088 | ---- | M] () -- C:\Users\G\AppData\Roaming\loadtbs\ffmpeg.exe [2012/06/18 11:41:11 | 001,243,136 | ---- | M] (InfiniAd GmbH) -- C:\Users\G\AppData\Roaming\loadtbs\uninstall.exe [2012/06/18 11:41:11 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\G\AppData\Roaming\loadtbs\ytdl.exe [2012/04/28 10:23:52 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\G\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012/02/06 11:01:09 | 000,005,632 | R--- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Installer\{9EC14056-1A97-11D8-A8F3-0050DA519711}\IconEB7F0E66.exe [2012/02/06 11:01:09 | 000,005,120 | R--- | M] () -- C:\Users\G\AppData\Roaming\Microsoft\Installer\{9EC14056-1A97-11D8-A8F3-0050DA519711}\IconEB7F0E663.exe [2011/10/23 12:40:40 | 000,106,496 | ---- | M] (OCS) -- C:\Users\G\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2011/10/23 12:40:40 | 000,040,960 | ---- | M] () -- C:\Users\G\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe < %SYSTEMDRIVE%\*.exe > [2004/01/03 20:31:10 | 002,806,272 | ---- | M] () -- C:\Setup303de.exe < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 07:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\windows\SysNative\drivers\iaStor.sys [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
09.07.2012, 18:24
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Notebook sehr langsam |
|
09.07.2012, 18:32
| #22 |
| | Notebook sehr langsamCode:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/09/2012 at 19:30:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : G - G-PC
# Running from : C:\Users\G\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\boost_interprocess
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\G\AppData\RoaminG\Mozilla\Firefox\Profiles\8by9kksw.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [738 octets] - [09/07/2012 19:30:56]
########## EOF - C:\AdwCleaner[R1].txt - [865 octets] ##########
|
|
10.07.2012, 09:32
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012/06/18 11:41:25 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2363513811-1566349318-2052125673-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/25 18:28:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\Shell\AutoRun\command - "" = F:\setup.EXE
:Files
C:\Users\G\AppData\Roaming\Moxyu
C:\Users\G\AppData\Roaming\loadtbs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.07.2012, 14:55
| #24 |
| | Notebook sehr langsamCode:
ATTFilter All processes killed
========== OTL ==========
C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\G\AppData\Roaming\mozilla\Firefox\Profiles\8by9kksw.default\extensions\software@loadtubes.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully.
C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2363513811-1566349318-2052125673-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\G\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2363513811-1566349318-2052125673-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2363513811-1566349318-2052125673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2363513811-1566349318-2052125673-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0289fd7-fda1-11e0-8cb0-e811329a6ad0}\ not found.
File F:\setup.EXE not found.
========== FILES ==========
C:\Users\G\AppData\Roaming\Moxyu folder moved successfully.
C:\Users\G\AppData\Roaming\loadtbs\chrome@loadtubes.com folder moved successfully.
C:\Users\G\AppData\Roaming\loadtbs folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: G
->Temp folder emptied: 2004978 bytes
->Temporary Internet Files folder emptied: 27588828 bytes
->Java cache emptied: 3336500 bytes
->FireFox cache emptied: 652923397 bytes
->Flash cache emptied: 64070 bytes
User: Gast
->Temp folder emptied: 411583 bytes
->Temporary Internet Files folder emptied: 417386 bytes
->FireFox cache emptied: 289665909 bytes
->Flash cache emptied: 58128 bytes
User: Lucia
->Temp folder emptied: 32799 bytes
->Temporary Internet Files folder emptied: 290908 bytes
->FireFox cache emptied: 72417275 bytes
->Flash cache emptied: 56958 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 650142 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 34288620 bytes
Total Files Cleaned = 1,034.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: G
->Flash cache emptied: 0 bytes
User: Gast
->Flash cache emptied: 0 bytes
User: Lucia
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 07102012_154435
Files\Folders moved on Reboot...
C:\Users\G\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1856.log moved successfully.
PendingFileRenameOperations files...
File C:\Users\G\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/10 15:51:02 | 000,000,000 | ---- | M] () C:\windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1856.log not found!
Registry entries deleted on Reboot...
|
|
10.07.2012, 20:27
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.07.2012, 21:32
| #26 |
| | Notebook sehr langsamCode:
ATTFilter 22:28:21.0109 0480 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
22:28:21.0308 0480 ============================================================
22:28:21.0308 0480 Current date / time: 2012/07/10 22:28:21.0308
22:28:21.0308 0480 SystemInfo:
22:28:21.0308 0480
22:28:21.0308 0480 OS Version: 6.1.7601 ServicePack: 1.0
22:28:21.0308 0480 Product type: Workstation
22:28:21.0308 0480 ComputerName: G-PC
22:28:21.0308 0480 UserName: G
22:28:21.0308 0480 Windows directory: C:\windows
22:28:21.0308 0480 System windows directory: C:\windows
22:28:21.0308 0480 Running under WOW64
22:28:21.0308 0480 Processor architecture: Intel x64
22:28:21.0308 0480 Number of processors: 8
22:28:21.0308 0480 Page size: 0x1000
22:28:21.0308 0480 Boot type: Normal boot
22:28:21.0308 0480 ============================================================
22:28:21.0869 0480 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:21.0873 0480 ============================================================
22:28:21.0873 0480 \Device\Harddisk0\DR0:
22:28:21.0873 0480 MBR partitions:
22:28:21.0873 0480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:28:21.0873 0480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x32800000
22:28:21.0902 0480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32833000, BlocksNum 0x4DA8800
22:28:21.0902 0480 ============================================================
22:28:21.0953 0480 C: <-> \Device\Harddisk0\DR0\Partition1
22:28:21.0992 0480 D: <-> \Device\Harddisk0\DR0\Partition2
22:28:21.0992 0480 ============================================================
22:28:21.0992 0480 Initialize success
22:28:21.0992 0480 ============================================================
22:30:17.0661 4600 ============================================================
22:30:17.0661 4600 Scan started
22:30:17.0661 4600 Mode: Manual; SigCheck; TDLFS;
22:30:17.0661 4600 ============================================================
22:30:18.0644 4600 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:30:18.0847 4600 1394ohci - ok
22:30:18.0925 4600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:30:18.0956 4600 ACPI - ok
22:30:19.0003 4600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:30:19.0112 4600 AcpiPmi - ok
22:30:19.0253 4600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:30:19.0284 4600 AdobeARMservice - ok
22:30:19.0424 4600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:30:19.0487 4600 adp94xx - ok
22:30:19.0565 4600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:30:19.0658 4600 adpahci - ok
22:30:19.0705 4600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:30:19.0736 4600 adpu320 - ok
22:30:19.0799 4600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:30:20.0033 4600 AeLookupSvc - ok
22:30:20.0126 4600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:30:20.0204 4600 AFD - ok
22:30:20.0251 4600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:30:20.0282 4600 agp440 - ok
22:30:20.0345 4600 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:30:20.0423 4600 ALG - ok
22:30:20.0485 4600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:30:20.0501 4600 aliide - ok
22:30:20.0516 4600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:30:20.0516 4600 amdide - ok
22:30:20.0579 4600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:30:20.0610 4600 AmdK8 - ok
22:30:20.0625 4600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:30:20.0641 4600 AmdPPM - ok
22:30:20.0719 4600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:30:20.0750 4600 amdsata - ok
22:30:20.0813 4600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:30:20.0844 4600 amdsbs - ok
22:30:20.0859 4600 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:30:20.0875 4600 amdxata - ok
22:30:21.0000 4600 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:30:21.0031 4600 AntiVirSchedulerService - ok
22:30:21.0062 4600 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:30:21.0078 4600 AntiVirService - ok
22:30:21.0171 4600 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:30:21.0405 4600 AppID - ok
22:30:21.0452 4600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:30:21.0530 4600 AppIDSvc - ok
22:30:21.0577 4600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:30:21.0671 4600 Appinfo - ok
22:30:21.0717 4600 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:30:21.0749 4600 arc - ok
22:30:21.0764 4600 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:30:21.0780 4600 arcsas - ok
22:30:21.0827 4600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:30:21.0905 4600 AsyncMac - ok
22:30:21.0967 4600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:30:21.0983 4600 atapi - ok
22:30:22.0092 4600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:30:22.0185 4600 AudioEndpointBuilder - ok
22:30:22.0201 4600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:30:22.0232 4600 AudioSrv - ok
22:30:22.0310 4600 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\windows\system32\DRIVERS\avgntflt.sys
22:30:22.0373 4600 avgntflt - ok
22:30:22.0419 4600 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\windows\system32\DRIVERS\avipbb.sys
22:30:22.0466 4600 avipbb - ok
22:30:22.0482 4600 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
22:30:22.0513 4600 avkmgr - ok
22:30:22.0591 4600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:30:22.0716 4600 AxInstSV - ok
22:30:22.0809 4600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:30:22.0887 4600 b06bdrv - ok
22:30:22.0965 4600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:30:23.0028 4600 b57nd60a - ok
22:30:23.0090 4600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:30:23.0137 4600 BDESVC - ok
22:30:23.0168 4600 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:30:23.0231 4600 Beep - ok
22:30:23.0371 4600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:30:23.0449 4600 BFE - ok
22:30:23.0543 4600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
22:30:23.0667 4600 BITS - ok
22:30:23.0761 4600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:30:23.0792 4600 blbdrive - ok
22:30:23.0886 4600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:30:23.0948 4600 bowser - ok
22:30:24.0011 4600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:30:24.0057 4600 BrFiltLo - ok
22:30:24.0057 4600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:30:24.0089 4600 BrFiltUp - ok
22:30:24.0151 4600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:30:24.0229 4600 Browser - ok
22:30:24.0276 4600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:30:24.0354 4600 Brserid - ok
22:30:24.0369 4600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:30:24.0401 4600 BrSerWdm - ok
22:30:24.0479 4600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:30:24.0525 4600 BrUsbMdm - ok
22:30:24.0541 4600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:30:24.0572 4600 BrUsbSer - ok
22:30:24.0697 4600 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
22:30:24.0713 4600 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
22:30:24.0713 4600 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
22:30:24.0775 4600 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
22:30:24.0837 4600 BthEnum - ok
22:30:24.0915 4600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:30:24.0962 4600 BTHMODEM - ok
22:30:25.0025 4600 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:30:25.0071 4600 BthPan - ok
22:30:25.0181 4600 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
22:30:25.0243 4600 BTHPORT - ok
22:30:25.0305 4600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:30:25.0352 4600 bthserv - ok
22:30:25.0383 4600 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
22:30:25.0415 4600 BTHUSB - ok
22:30:25.0477 4600 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:30:25.0586 4600 cdfs - ok
22:30:25.0649 4600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:30:25.0680 4600 cdrom - ok
22:30:25.0742 4600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:30:25.0805 4600 CertPropSvc - ok
22:30:25.0851 4600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:30:25.0898 4600 circlass - ok
22:30:25.0961 4600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:30:26.0007 4600 CLFS - ok
22:30:26.0070 4600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:26.0101 4600 clr_optimization_v2.0.50727_32 - ok
22:30:26.0148 4600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:30:26.0179 4600 clr_optimization_v2.0.50727_64 - ok
22:30:26.0288 4600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:30:26.0335 4600 clr_optimization_v4.0.30319_32 - ok
22:30:26.0351 4600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:30:26.0382 4600 clr_optimization_v4.0.30319_64 - ok
22:30:26.0444 4600 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
22:30:26.0507 4600 clwvd - ok
22:30:26.0538 4600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:30:26.0585 4600 CmBatt - ok
22:30:26.0600 4600 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:30:26.0616 4600 cmdide - ok
22:30:26.0709 4600 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:30:26.0756 4600 CNG - ok
22:30:26.0787 4600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:30:26.0803 4600 Compbatt - ok
22:30:26.0834 4600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:30:26.0897 4600 CompositeBus - ok
22:30:26.0912 4600 COMSysApp - ok
22:30:26.0943 4600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:30:26.0975 4600 crcdisk - ok
22:30:27.0068 4600 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:30:27.0162 4600 CryptSvc - ok
22:30:27.0224 4600 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
22:30:27.0255 4600 dc3d - ok
22:30:27.0365 4600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:30:27.0458 4600 DcomLaunch - ok
22:30:27.0552 4600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:30:27.0645 4600 defragsvc - ok
22:30:27.0708 4600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:30:27.0786 4600 DfsC - ok
22:30:27.0879 4600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:30:27.0957 4600 Dhcp - ok
22:30:28.0004 4600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:30:28.0051 4600 discache - ok
22:30:28.0129 4600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:30:28.0160 4600 Disk - ok
22:30:28.0207 4600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:30:28.0269 4600 Dnscache - ok
22:30:28.0316 4600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:30:28.0410 4600 dot3svc - ok
22:30:28.0441 4600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:30:28.0503 4600 DPS - ok
22:30:28.0566 4600 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:30:28.0613 4600 drmkaud - ok
22:30:28.0675 4600 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\windows\system32\DRIVERS\dtsoftbus01.sys
22:30:28.0722 4600 dtsoftbus01 - ok
22:30:28.0831 4600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:30:28.0878 4600 DXGKrnl - ok
22:30:28.0940 4600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:30:29.0018 4600 EapHost - ok
22:30:29.0252 4600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:30:29.0361 4600 ebdrv - ok
22:30:29.0517 4600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:30:29.0580 4600 EFS - ok
22:30:29.0720 4600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:30:29.0798 4600 ehRecvr - ok
22:30:29.0829 4600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:30:29.0861 4600 ehSched - ok
22:30:30.0017 4600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:30:30.0063 4600 elxstor - ok
22:30:30.0079 4600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:30:30.0095 4600 ErrDev - ok
22:30:30.0188 4600 ETD (3bb2c05d9a515601e85dbf353369e672) C:\windows\system32\DRIVERS\ETD.sys
22:30:30.0266 4600 ETD - ok
22:30:30.0344 4600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:30:30.0407 4600 EventSystem - ok
22:30:30.0516 4600 EverestDriver (13a2b915f6d93e52505656773d53096f) C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
22:30:30.0563 4600 EverestDriver - ok
22:30:30.0609 4600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:30:30.0687 4600 exfat - ok
22:30:30.0719 4600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:30:30.0765 4600 fastfat - ok
22:30:30.0890 4600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:30:30.0984 4600 Fax - ok
22:30:31.0031 4600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:30:31.0077 4600 fdc - ok
22:30:31.0124 4600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:30:31.0218 4600 fdPHost - ok
22:30:31.0233 4600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:30:31.0265 4600 FDResPub - ok
22:30:31.0327 4600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:30:31.0343 4600 FileInfo - ok
22:30:31.0374 4600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:30:31.0467 4600 Filetrace - ok
22:30:31.0670 4600 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:30:31.0733 4600 FLEXnet Licensing Service 64 - ok
22:30:31.0889 4600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:30:31.0920 4600 flpydisk - ok
22:30:31.0982 4600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:30:32.0013 4600 FltMgr - ok
22:30:32.0138 4600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:30:32.0232 4600 FontCache - ok
22:30:32.0310 4600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:30:32.0341 4600 FontCache3.0.0.0 - ok
22:30:32.0403 4600 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:30:32.0435 4600 FsDepends - ok
22:30:32.0497 4600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:30:32.0513 4600 Fs_Rec - ok
22:30:32.0591 4600 FTDIBUS (281a153b01d414f894506026c08a6adb) C:\windows\system32\drivers\ftdibus.sys
22:30:32.0606 4600 FTDIBUS - ok
22:30:32.0653 4600 FTSER2K (cc4801e9eeeeff877229db0796cdf5a6) C:\windows\system32\drivers\ftser2k.sys
22:30:32.0669 4600 FTSER2K - ok
22:30:32.0762 4600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:30:32.0793 4600 fvevol - ok
22:30:32.0840 4600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:30:32.0871 4600 gagp30kx - ok
22:30:32.0981 4600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:30:33.0043 4600 gpsvc - ok
22:30:33.0168 4600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:33.0183 4600 gupdate - ok
22:30:33.0230 4600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:33.0246 4600 gupdatem - ok
22:30:33.0308 4600 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
22:30:33.0355 4600 hcmon - ok
22:30:33.0402 4600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:30:33.0464 4600 hcw85cir - ok
22:30:33.0542 4600 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:30:33.0605 4600 HdAudAddService - ok
22:30:33.0651 4600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:30:33.0714 4600 HDAudBus - ok
22:30:33.0729 4600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:30:33.0761 4600 HidBatt - ok
22:30:33.0792 4600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:30:33.0823 4600 HidBth - ok
22:30:33.0854 4600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:30:33.0885 4600 HidIr - ok
22:30:33.0901 4600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:30:33.0963 4600 hidserv - ok
22:30:34.0041 4600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:30:34.0057 4600 HidUsb - ok
22:30:34.0135 4600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:30:34.0213 4600 hkmsvc - ok
22:30:34.0260 4600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:30:34.0338 4600 HomeGroupListener - ok
22:30:34.0385 4600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:30:34.0431 4600 HomeGroupProvider - ok
22:30:34.0494 4600 hotcore3 (c227dfcf703d02ead4d7e44b0ba7c181) C:\windows\system32\DRIVERS\hotcore3.sys
22:30:34.0556 4600 hotcore3 - ok
22:30:34.0619 4600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:30:34.0650 4600 HpSAMD - ok
22:30:34.0728 4600 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys
22:30:34.0790 4600 HTCAND64 - ok
22:30:34.0868 4600 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\windows\system32\DRIVERS\htcnprot.sys
22:30:34.0931 4600 htcnprot - ok
22:30:35.0055 4600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:30:35.0133 4600 HTTP - ok
22:30:35.0180 4600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:30:35.0211 4600 hwpolicy - ok
22:30:35.0274 4600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:30:35.0305 4600 i8042prt - ok
22:30:35.0383 4600 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\windows\system32\DRIVERS\iaStor.sys
22:30:35.0445 4600 iaStor - ok
22:30:35.0523 4600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:30:35.0539 4600 iaStorV - ok
22:30:35.0711 4600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:30:35.0742 4600 idsvc - ok
22:30:36.0413 4600 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\windows\system32\DRIVERS\igdkmd64.sys
22:30:36.0849 4600 igfx - ok
22:30:37.0021 4600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:30:37.0037 4600 iirsp - ok
22:30:37.0146 4600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:30:37.0224 4600 IKEEXT - ok
22:30:37.0489 4600 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\windows\system32\drivers\RTKVHD64.sys
22:30:37.0614 4600 IntcAzAudAddService - ok
22:30:37.0817 4600 IntcDAud (ae594cc17c33ac146739494615e14851) C:\windows\system32\DRIVERS\IntcDAud.sys
22:30:37.0895 4600 IntcDAud - ok
22:30:37.0941 4600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:30:37.0957 4600 intelide - ok
22:30:38.0019 4600 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:30:38.0066 4600 intelppm - ok
22:30:38.0144 4600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:30:38.0222 4600 IPBusEnum - ok
22:30:38.0269 4600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:30:38.0331 4600 IpFilterDriver - ok
22:30:38.0472 4600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:30:38.0550 4600 iphlpsvc - ok
22:30:38.0581 4600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:30:38.0612 4600 IPMIDRV - ok
22:30:38.0643 4600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:30:38.0737 4600 IPNAT - ok
22:30:38.0784 4600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:30:38.0831 4600 IRENUM - ok
22:30:38.0877 4600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:30:38.0909 4600 isapnp - ok
22:30:38.0940 4600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:30:38.0971 4600 iScsiPrt - ok
22:30:39.0002 4600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:30:39.0033 4600 kbdclass - ok
22:30:39.0080 4600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:30:39.0127 4600 kbdhid - ok
22:30:39.0174 4600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:39.0205 4600 KeyIso - ok
22:30:39.0221 4600 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:30:39.0236 4600 KSecDD - ok
22:30:39.0267 4600 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:30:39.0283 4600 KSecPkg - ok
22:30:39.0345 4600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:30:39.0423 4600 ksthunk - ok
22:30:39.0501 4600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:30:39.0564 4600 KtmRm - ok
22:30:39.0626 4600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:30:39.0704 4600 LanmanServer - ok
22:30:39.0720 4600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:30:39.0782 4600 LanmanWorkstation - ok
22:30:39.0845 4600 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:30:39.0923 4600 lltdio - ok
22:30:39.0969 4600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:30:40.0001 4600 lltdsvc - ok
22:30:40.0032 4600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:30:40.0110 4600 lmhosts - ok
22:30:40.0219 4600 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:30:40.0266 4600 LMS - ok
22:30:40.0328 4600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:30:40.0344 4600 LSI_FC - ok
22:30:40.0406 4600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:30:40.0437 4600 LSI_SAS - ok
22:30:40.0453 4600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:30:40.0469 4600 LSI_SAS2 - ok
22:30:40.0500 4600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:30:40.0515 4600 LSI_SCSI - ok
22:30:40.0562 4600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:30:40.0656 4600 luafv - ok
22:30:40.0749 4600 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
22:30:40.0812 4600 MBAMProtector - ok
22:30:40.0983 4600 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:30:41.0015 4600 MBAMService - ok
22:30:41.0077 4600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:30:41.0124 4600 Mcx2Svc - ok
22:30:41.0155 4600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:30:41.0171 4600 megasas - ok
22:30:41.0249 4600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:30:41.0280 4600 MegaSR - ok
22:30:41.0342 4600 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:30:41.0389 4600 MEIx64 - ok
22:30:41.0451 4600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:30:41.0529 4600 MMCSS - ok
22:30:41.0545 4600 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:30:41.0607 4600 Modem - ok
22:30:41.0670 4600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:30:41.0717 4600 monitor - ok
22:30:41.0779 4600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:30:41.0795 4600 mouclass - ok
22:30:41.0841 4600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:30:41.0888 4600 mouhid - ok
22:30:41.0919 4600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:30:41.0935 4600 mountmgr - ok
22:30:42.0091 4600 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:30:42.0122 4600 MozillaMaintenance - ok
22:30:42.0185 4600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:30:42.0231 4600 mpio - ok
22:30:42.0278 4600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:30:42.0325 4600 mpsdrv - ok
22:30:42.0465 4600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:30:42.0559 4600 MpsSvc - ok
22:30:42.0590 4600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:30:42.0621 4600 MRxDAV - ok
22:30:42.0668 4600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:30:42.0715 4600 mrxsmb - ok
22:30:42.0762 4600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:30:42.0793 4600 mrxsmb10 - ok
22:30:42.0809 4600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:30:42.0824 4600 mrxsmb20 - ok
22:30:42.0840 4600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:30:42.0855 4600 msahci - ok
22:30:42.0887 4600 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:30:42.0918 4600 msdsm - ok
22:30:42.0965 4600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:30:43.0027 4600 MSDTC - ok
22:30:43.0074 4600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:30:43.0152 4600 Msfs - ok
22:30:43.0183 4600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:30:43.0261 4600 mshidkmdf - ok
22:30:43.0261 4600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:30:43.0277 4600 msisadrv - ok
22:30:43.0323 4600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:30:43.0370 4600 MSiSCSI - ok
22:30:43.0370 4600 msiserver - ok
22:30:43.0417 4600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:30:43.0479 4600 MSKSSRV - ok
22:30:43.0526 4600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:30:43.0589 4600 MSPCLOCK - ok
22:30:43.0635 4600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:30:43.0713 4600 MSPQM - ok
22:30:43.0760 4600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:30:43.0791 4600 MsRPC - ok
22:30:43.0807 4600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:30:43.0823 4600 mssmbios - ok
22:30:43.0838 4600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:30:43.0901 4600 MSTEE - ok
22:30:43.0916 4600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:30:43.0963 4600 MTConfig - ok
22:30:43.0994 4600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:30:44.0010 4600 Mup - ok
22:30:44.0072 4600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:30:44.0181 4600 napagent - ok
22:30:44.0228 4600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:30:44.0291 4600 NativeWifiP - ok
22:30:44.0415 4600 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
22:30:44.0462 4600 NDIS - ok
22:30:44.0478 4600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:30:44.0540 4600 NdisCap - ok
22:30:44.0587 4600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:30:44.0634 4600 NdisTapi - ok
22:30:44.0681 4600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:30:44.0743 4600 Ndisuio - ok
22:30:44.0759 4600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:30:44.0790 4600 NdisWan - ok
22:30:44.0837 4600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:30:44.0883 4600 NDProxy - ok
22:30:44.0915 4600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:30:44.0993 4600 NetBIOS - ok
22:30:45.0039 4600 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:30:45.0102 4600 NetBT - ok
22:30:45.0117 4600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:45.0133 4600 Netlogon - ok
22:30:45.0211 4600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:30:45.0273 4600 Netman - ok
22:30:45.0336 4600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:30:45.0398 4600 netprofm - ok
22:30:45.0461 4600 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:30:45.0492 4600 NetTcpPortSharing - ok
22:30:46.0147 4600 NETwNs64 (b51e9ad4f4e4f8dbe0ab882756bc5dab) C:\windows\system32\DRIVERS\NETwNs64.sys
22:30:46.0506 4600 NETwNs64 - ok
22:30:46.0662 4600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:30:46.0693 4600 nfrd960 - ok
22:30:46.0771 4600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:30:46.0833 4600 NlaSvc - ok
22:30:46.0865 4600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:30:46.0880 4600 Npfs - ok
22:30:46.0896 4600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:30:46.0943 4600 nsi - ok
22:30:46.0974 4600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:30:47.0005 4600 nsiproxy - ok
22:30:47.0177 4600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:30:47.0255 4600 Ntfs - ok
22:30:47.0379 4600 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:30:47.0442 4600 Null - ok
22:30:48.0113 4600 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\windows\system32\DRIVERS\nvlddmkm.sys
22:30:48.0487 4600 nvlddmkm - ok
22:30:48.0627 4600 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\windows\system32\DRIVERS\nvpciflt.sys
22:30:48.0690 4600 nvpciflt - ok
22:30:48.0768 4600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:30:48.0799 4600 nvraid - ok
22:30:48.0861 4600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:30:48.0893 4600 nvstor - ok
22:30:49.0033 4600 NVSvc (147b0d17255fd796f990cc6f745605c5) C:\windows\system32\nvvsvc.exe
22:30:49.0080 4600 NVSvc - ok
22:30:49.0314 4600 nvUpdatusService (812bf9531c827e1d8029843cddb2b5d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:30:49.0439 4600 nvUpdatusService - ok
22:30:49.0626 4600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:30:49.0673 4600 nv_agp - ok
22:30:49.0813 4600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:30:49.0844 4600 odserv - ok
22:30:49.0891 4600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:30:49.0938 4600 ohci1394 - ok
22:30:50.0281 4600 OODefragAgent (c8db356061544e8d5aebb757adebf358) C:\Program Files\OO Software\Defrag\oodag.exe
22:30:50.0375 4600 OODefragAgent - ok
22:30:50.0437 4600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:30:50.0468 4600 ose - ok
22:30:50.0624 4600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:30:50.0687 4600 p2pimsvc - ok
22:30:50.0749 4600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:30:50.0796 4600 p2psvc - ok
22:30:50.0905 4600 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:30:50.0952 4600 Parport - ok
22:30:50.0999 4600 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:30:51.0030 4600 partmgr - ok
22:30:51.0123 4600 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
22:30:51.0139 4600 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
22:30:51.0139 4600 PassThru Service - detected UnsignedFile.Multi.Generic (1)
22:30:51.0201 4600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:30:51.0264 4600 PcaSvc - ok
22:30:51.0311 4600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:30:51.0357 4600 pci - ok
22:30:51.0389 4600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:30:51.0404 4600 pciide - ok
22:30:51.0435 4600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:30:51.0482 4600 pcmcia - ok
22:30:51.0482 4600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:30:51.0498 4600 pcw - ok
22:30:51.0560 4600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:30:51.0654 4600 PEAUTH - ok
22:30:51.0779 4600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:30:51.0825 4600 PerfHost - ok
22:30:52.0059 4600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:30:52.0169 4600 pla - ok
22:30:52.0247 4600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:30:52.0325 4600 PlugPlay - ok
22:30:52.0356 4600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:30:52.0387 4600 PNRPAutoReg - ok
22:30:52.0434 4600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:30:52.0465 4600 PNRPsvc - ok
22:30:52.0574 4600 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
22:30:52.0590 4600 Point64 - ok
22:30:52.0668 4600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:30:52.0730 4600 PolicyAgent - ok
22:30:52.0808 4600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:30:52.0886 4600 Power - ok
22:30:52.0949 4600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:30:53.0011 4600 PptpMiniport - ok
22:30:53.0042 4600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:30:53.0058 4600 Processor - ok
22:30:53.0151 4600 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:30:53.0229 4600 ProfSvc - ok
22:30:53.0261 4600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:53.0292 4600 ProtectedStorage - ok
22:30:53.0323 4600 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:30:53.0401 4600 Psched - ok
22:30:53.0588 4600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:30:53.0666 4600 ql2300 - ok
22:30:53.0791 4600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:30:53.0822 4600 ql40xx - ok
22:30:53.0885 4600 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:30:53.0931 4600 QWAVE - ok
22:30:53.0947 4600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:30:53.0994 4600 QWAVEdrv - ok
22:30:53.0994 4600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:30:54.0041 4600 RasAcd - ok
22:30:54.0087 4600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:30:54.0165 4600 RasAgileVpn - ok
22:30:54.0228 4600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:30:54.0290 4600 RasAuto - ok
22:30:54.0321 4600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:30:54.0399 4600 Rasl2tp - ok
22:30:54.0477 4600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:30:54.0555 4600 RasMan - ok
22:30:54.0587 4600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:30:54.0649 4600 RasPppoe - ok
22:30:54.0696 4600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:30:54.0774 4600 RasSstp - ok
22:30:54.0805 4600 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:30:54.0899 4600 rdbss - ok
22:30:54.0914 4600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:30:54.0946 4600 rdpbus - ok
22:30:54.0992 4600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:30:55.0070 4600 RDPCDD - ok
22:30:55.0102 4600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:30:55.0148 4600 RDPENCDD - ok
22:30:55.0195 4600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:30:55.0273 4600 RDPREFMP - ok
22:30:55.0320 4600 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:30:55.0414 4600 RDPWD - ok
22:30:55.0476 4600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:30:55.0523 4600 rdyboost - ok
22:30:55.0554 4600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:30:55.0648 4600 RemoteAccess - ok
22:30:55.0710 4600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:30:55.0788 4600 RemoteRegistry - ok
22:30:55.0850 4600 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:30:55.0913 4600 RFCOMM - ok
22:30:56.0006 4600 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:30:56.0038 4600 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:30:56.0038 4600 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:30:56.0116 4600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:30:56.0194 4600 RpcEptMapper - ok
22:30:56.0225 4600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:30:56.0240 4600 RpcLocator - ok
22:30:56.0287 4600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:30:56.0350 4600 RpcSs - ok
22:30:56.0412 4600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:30:56.0490 4600 rspndr - ok
22:30:56.0599 4600 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\windows\system32\DRIVERS\Rt64win7.sys
22:30:56.0677 4600 RTL8167 - ok
22:30:56.0833 4600 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
22:30:56.0896 4600 rtport - ok
22:30:56.0927 4600 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
22:30:56.0974 4600 SABI - ok
22:30:57.0005 4600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:57.0020 4600 SamSs - ok
22:30:57.0114 4600 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
22:30:57.0130 4600 Samsung UPD Service - ok
22:30:57.0176 4600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:30:57.0192 4600 sbp2port - ok
22:30:57.0301 4600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:30:57.0395 4600 SCardSvr - ok
22:30:57.0410 4600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:30:57.0473 4600 scfilter - ok
22:30:57.0598 4600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:30:57.0707 4600 Schedule - ok
22:30:57.0738 4600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:30:57.0800 4600 SCPolicySvc - ok
22:30:57.0832 4600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:30:57.0910 4600 SDRSVC - ok
22:30:58.0003 4600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:30:58.0081 4600 secdrv - ok
22:30:58.0112 4600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:30:58.0159 4600 seclogon - ok
22:30:58.0190 4600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:30:58.0268 4600 SENS - ok
22:30:58.0300 4600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:30:58.0346 4600 SensrSvc - ok
22:30:58.0409 4600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:30:58.0456 4600 Serenum - ok
22:30:58.0487 4600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:30:58.0534 4600 Serial - ok
22:30:58.0580 4600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:30:58.0627 4600 sermouse - ok
22:30:58.0674 4600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:30:58.0721 4600 SessionEnv - ok
22:30:58.0736 4600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:30:58.0768 4600 sffdisk - ok
22:30:58.0783 4600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:30:58.0799 4600 sffp_mmc - ok
22:30:58.0830 4600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:30:58.0846 4600 sffp_sd - ok
22:30:58.0877 4600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:30:58.0924 4600 sfloppy - ok
22:30:58.0986 4600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:30:59.0064 4600 SharedAccess - ok
22:30:59.0126 4600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:30:59.0189 4600 ShellHWDetection - ok
22:30:59.0236 4600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:30:59.0251 4600 SiSRaid2 - ok
22:30:59.0282 4600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:30:59.0298 4600 SiSRaid4 - ok
22:30:59.0329 4600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:30:59.0392 4600 Smb - ok
22:30:59.0454 4600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:30:59.0501 4600 SNMPTRAP - ok
22:30:59.0532 4600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:30:59.0563 4600 spldr - ok
22:30:59.0657 4600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:30:59.0704 4600 Spooler - ok
22:30:59.0938 4600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:31:00.0094 4600 sppsvc - ok
22:31:00.0218 4600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:31:00.0312 4600 sppuinotify - ok
22:31:00.0390 4600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:31:00.0484 4600 srv - ok
22:31:00.0515 4600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:31:00.0562 4600 srv2 - ok
22:31:00.0577 4600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:31:00.0608 4600 srvnet - ok
22:31:00.0686 4600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:31:00.0764 4600 SSDPSRV - ok
22:31:00.0780 4600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:31:00.0811 4600 SstpSvc - ok
22:31:00.0874 4600 Steam Client Service - ok
22:31:00.0920 4600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:31:00.0936 4600 stexstor - ok
22:31:01.0014 4600 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
22:31:01.0045 4600 StillCam - ok
22:31:01.0154 4600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:31:01.0232 4600 stisvc - ok
22:31:01.0248 4600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:31:01.0264 4600 swenum - ok
22:31:01.0342 4600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:31:01.0404 4600 swprv - ok
22:31:01.0576 4600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:31:01.0669 4600 SysMain - ok
22:31:01.0794 4600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:31:01.0856 4600 TabletInputService - ok
22:31:01.0903 4600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:31:01.0981 4600 TapiSrv - ok
22:31:02.0012 4600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:31:02.0059 4600 TBS - ok
22:31:02.0278 4600 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:31:02.0371 4600 Tcpip - ok
22:31:02.0714 4600 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:31:02.0761 4600 TCPIP6 - ok
22:31:02.0902 4600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:31:02.0964 4600 tcpipreg - ok
22:31:02.0995 4600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:31:03.0042 4600 TDPIPE - ok
22:31:03.0089 4600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:31:03.0120 4600 TDTCP - ok
22:31:03.0167 4600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:31:03.0245 4600 tdx - ok
22:31:03.0276 4600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:31:03.0276 4600 TermDD - ok
22:31:03.0370 4600 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:31:03.0463 4600 TermService - ok
22:31:03.0494 4600 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:31:03.0526 4600 Themes - ok
22:31:03.0557 4600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:31:03.0588 4600 THREADORDER - ok
22:31:03.0635 4600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:31:03.0728 4600 TrkWks - ok
22:31:03.0791 4600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:31:03.0884 4600 TrustedInstaller - ok
22:31:03.0900 4600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:31:03.0931 4600 tssecsrv - ok
22:31:03.0978 4600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:31:04.0040 4600 TsUsbFlt - ok
22:31:04.0072 4600 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:31:04.0118 4600 TsUsbGD - ok
22:31:04.0181 4600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:31:04.0274 4600 tunnel - ok
22:31:04.0321 4600 TurboB (48743b69ea47c020a792d8649f753f44) C:\windows\system32\DRIVERS\TurboB.sys
22:31:04.0368 4600 TurboB - ok
22:31:04.0493 4600 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:31:04.0524 4600 TurboBoost - ok
22:31:04.0555 4600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:31:04.0571 4600 uagp35 - ok
22:31:04.0602 4600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:31:04.0680 4600 udfs - ok
22:31:04.0711 4600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:31:04.0727 4600 UI0Detect - ok
22:31:04.0789 4600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:31:04.0820 4600 uliagpkx - ok
22:31:04.0883 4600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:31:04.0914 4600 umbus - ok
22:31:04.0961 4600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:31:05.0008 4600 UmPass - ok
22:31:05.0320 4600 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:31:05.0429 4600 UNS - ok
22:31:05.0585 4600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:31:05.0663 4600 upnphost - ok
22:31:05.0741 4600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:31:05.0803 4600 usbccgp - ok
22:31:05.0881 4600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:31:05.0944 4600 usbcir - ok
22:31:05.0990 4600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:31:06.0037 4600 usbehci - ok
22:31:06.0115 4600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:31:06.0178 4600 usbhub - ok
22:31:06.0209 4600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:31:06.0240 4600 usbohci - ok
22:31:06.0302 4600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:31:06.0349 4600 usbprint - ok
22:31:06.0396 4600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:31:06.0458 4600 USBSTOR - ok
22:31:06.0505 4600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:31:06.0536 4600 usbuhci - ok
22:31:06.0614 4600 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:31:06.0661 4600 usbvideo - ok
22:31:06.0739 4600 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
22:31:06.0786 4600 usb_rndisx - ok
22:31:06.0833 4600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:31:06.0895 4600 UxSms - ok
22:31:06.0958 4600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:31:06.0973 4600 VaultSvc - ok
22:31:07.0004 4600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:31:07.0020 4600 vdrvroot - ok
22:31:07.0098 4600 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:31:07.0160 4600 vds - ok
22:31:07.0207 4600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:31:07.0223 4600 vga - ok
22:31:07.0238 4600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:31:07.0285 4600 VgaSave - ok
22:31:07.0316 4600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:31:07.0348 4600 vhdmp - ok
22:31:07.0363 4600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:31:07.0363 4600 viaide - ok
22:31:07.0472 4600 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
22:31:07.0504 4600 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
22:31:07.0504 4600 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
22:31:07.0550 4600 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
22:31:07.0628 4600 vmci - ok
22:31:07.0660 4600 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\windows\system32\drivers\VMkbd.sys
22:31:07.0706 4600 vmkbd - ok
22:31:07.0816 4600 vmm (b2e25db5a6a178c056342abd747b7326) C:\windows\system32\Treiber\vmm.sys
22:31:07.0847 4600 vmm - ok
22:31:07.0925 4600 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
22:31:07.0972 4600 VMnetAdapter - ok
22:31:08.0018 4600 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
22:31:08.0081 4600 VMnetBridge - ok
22:31:08.0081 4600 VMnetDHCP - ok
22:31:08.0112 4600 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\windows\system32\drivers\vmnetuserif.sys
22:31:08.0159 4600 VMnetuserif - ok
22:31:08.0206 4600 vmusb (415b167695c4b5960a13098622ef3d80) C:\windows\system32\Drivers\vmusb.sys
22:31:08.0252 4600 vmusb - ok
22:31:08.0393 4600 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:31:08.0471 4600 VMUSBArbService - ok
22:31:08.0471 4600 VMware NAT Service - ok
22:31:08.0564 4600 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\windows\system32\drivers\vmx86.sys
22:31:08.0611 4600 vmx86 - ok
22:31:08.0674 4600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:31:08.0705 4600 volmgr - ok
22:31:08.0736 4600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:31:08.0783 4600 volmgrx - ok
22:31:08.0814 4600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:31:08.0814 4600 volsnap - ok
22:31:08.0892 4600 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\windows\system32\DRIVERS\vpchbus.sys
22:31:08.0939 4600 vpcbus - ok
22:31:09.0017 4600 VPCNetS2 (6bdca00fc57cc40da3c8e88b2cea21ab) C:\windows\system32\DRIVERS\VMNetSrv.sys
22:31:09.0032 4600 VPCNetS2 - ok
22:31:09.0079 4600 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\windows\system32\DRIVERS\vpcnfltr.sys
22:31:09.0110 4600 vpcnfltr - ok
22:31:09.0142 4600 vpcusb (31924e31bc315773e6d149b157db46d5) C:\windows\system32\DRIVERS\vpcusb.sys
22:31:09.0188 4600 vpcusb - ok
22:31:09.0266 4600 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\windows\system32\drivers\vpcvmm.sys
22:31:09.0298 4600 vpcvmm - ok
22:31:09.0376 4600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:31:09.0407 4600 vsmraid - ok
22:31:09.0563 4600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:31:09.0688 4600 VSS - ok
22:31:09.0812 4600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:31:09.0859 4600 vwifibus - ok
22:31:09.0906 4600 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
22:31:09.0953 4600 vwififlt - ok
22:31:10.0031 4600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:31:10.0093 4600 W32Time - ok
22:31:10.0140 4600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:31:10.0187 4600 WacomPen - ok
22:31:10.0249 4600 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:31:10.0312 4600 WANARP - ok
22:31:10.0343 4600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:31:10.0374 4600 Wanarpv6 - ok
22:31:10.0561 4600 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:31:10.0608 4600 WatAdminSvc - ok
22:31:10.0795 4600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:31:10.0904 4600 wbengine - ok
22:31:11.0045 4600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:31:11.0092 4600 WbioSrvc - ok
22:31:11.0138 4600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:31:11.0185 4600 wcncsvc - ok
22:31:11.0201 4600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:31:11.0216 4600 WcsPlugInService - ok
22:31:11.0263 4600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:31:11.0279 4600 Wd - ok
22:31:11.0357 4600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:31:11.0388 4600 Wdf01000 - ok
22:31:11.0419 4600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:31:11.0544 4600 WdiServiceHost - ok
22:31:11.0544 4600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:31:11.0560 4600 WdiSystemHost - ok
22:31:11.0591 4600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:31:11.0669 4600 WebClient - ok
22:31:11.0700 4600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:31:11.0778 4600 Wecsvc - ok
22:31:11.0809 4600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:31:11.0840 4600 wercplsupport - ok
22:31:11.0903 4600 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:31:11.0981 4600 WerSvc - ok
22:31:12.0059 4600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:31:12.0121 4600 WfpLwf - ok
22:31:12.0184 4600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:31:12.0199 4600 WIMMount - ok
22:31:12.0230 4600 WinDefend - ok
22:31:12.0246 4600 WinHttpAutoProxySvc - ok
22:31:12.0308 4600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:31:12.0386 4600 Winmgmt - ok
22:31:12.0589 4600 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:31:12.0683 4600 WinRM - ok
22:31:12.0854 4600 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:31:12.0917 4600 WinUsb - ok
22:31:13.0026 4600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:31:13.0088 4600 Wlansvc - ok
22:31:13.0151 4600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:31:13.0198 4600 WmiAcpi - ok
22:31:13.0276 4600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:31:13.0322 4600 wmiApSrv - ok
22:31:13.0385 4600 WMPNetworkSvc - ok
22:31:13.0447 4600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:31:13.0478 4600 WPCSvc - ok
22:31:13.0510 4600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:31:13.0525 4600 WPDBusEnum - ok
22:31:13.0556 4600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:31:13.0603 4600 ws2ifsl - ok
22:31:13.0634 4600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
22:31:13.0697 4600 wscsvc - ok
22:31:13.0697 4600 WSearch - ok
22:31:13.0915 4600 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:31:14.0009 4600 wuauserv - ok
22:31:14.0134 4600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:31:14.0180 4600 WudfPf - ok
22:31:14.0243 4600 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:31:14.0321 4600 WUDFRd - ok
22:31:14.0368 4600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:31:14.0461 4600 wudfsvc - ok
22:31:14.0492 4600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:31:14.0539 4600 WwanSvc - ok
22:31:14.0617 4600 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:31:15.0116 4600 \Device\Harddisk0\DR0 - ok
22:31:15.0116 4600 Boot (0x1200) (c121900f0c43fe69018b1adc1224ebff) \Device\Harddisk0\DR0\Partition0
22:31:15.0116 4600 \Device\Harddisk0\DR0\Partition0 - ok
22:31:15.0148 4600 Boot (0x1200) (c3e31a1e14401a75d10075b4725be163) \Device\Harddisk0\DR0\Partition1
22:31:15.0148 4600 \Device\Harddisk0\DR0\Partition1 - ok
22:31:15.0179 4600 Boot (0x1200) (33aedfe18bdebc145a2b9371da5d2b41) \Device\Harddisk0\DR0\Partition2
22:31:15.0194 4600 \Device\Harddisk0\DR0\Partition2 - ok
22:31:15.0194 4600 ============================================================
22:31:15.0194 4600 Scan finished
22:31:15.0194 4600 ============================================================
22:31:15.0210 4316 Detected object count: 4
22:31:15.0210 4316 Actual detected object count: 4
22:31:26.0832 4316 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:26.0832 4316 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:26.0832 4316 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:26.0832 4316 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:26.0832 4316 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:26.0832 4316 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:26.0848 4316 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:26.0848 4316 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.07.2012, 10:08
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.07.2012, 11:29
| #28 |
| | Notebook sehr langsamCode:
ATTFilter ComboFix 12-07-11.02 - G 11.07.2012 12:18:37.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4008.2496 [GMT 2:00]
ausgeführt von:: c:\users\G\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\G\vlc-2.0.1-win32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-11 bis 2012-07-11 ))))))))))))))))))))))))))))))
.
.
2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\_OTL
2012-07-08 23:16 . 2012-07-08 23:16 -------- d-----w- c:\windows\Idle
2012-07-06 17:11 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{276A51E6-2874-4185-ABCC-40EFEFDF05DE}\mpengine.dll
2012-07-05 22:15 . 2012-07-05 22:15 -------- d-----w- c:\users\G\DownloadsContaine
2012-07-05 20:22 . 2012-07-05 20:22 -------- d-----w- c:\program files (x86)\ESET
2012-07-02 19:31 . 2012-07-02 19:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 19:31 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 16:50 . 2012-07-05 18:21 -------- d-----w- c:\users\Lucia
2012-06-23 14:02 . 2012-06-23 14:02 -------- d-----w- c:\users\Gast\AppData\Local\Adobe
2012-06-22 17:48 . 2012-06-22 17:48 -------- d-----w- c:\users\Gast\AppData\Local\Macromedia
2012-06-21 21:14 . 2012-06-21 21:14 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 21:14 . 2012-06-21 21:14 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 10:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 10:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 10:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 10:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 10:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 10:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:31 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 10:31 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 19:40 . 2012-06-18 19:40 -------- d-----w- c:\program files (x86)\Common Files\PocketSoft
2012-06-18 19:40 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll
2012-06-18 19:27 . 2012-06-18 19:27 -------- d-----w- c:\users\G\AppData\Roaming\Atari
2012-06-18 19:24 . 2012-06-18 19:44 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-06-18 19:18 . 2012-06-18 19:18 -------- d-----w- c:\program files (x86)\Atari
2012-06-18 09:41 . 2012-06-18 09:41 378880 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npmieze.dll
2012-06-17 11:35 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 11:19 . 2011-09-01 01:03 252712 ----a-w- c:\windows\ETDUninst.dll
2012-06-15 18:56 . 2012-06-15 18:56 -------- d-----w- c:\users\G\AppData\Local\Macromedia
2012-06-11 11:33 . 2012-06-11 11:33 -------- d-----w- c:\users\G\AppData\Local\Apple Computer
2012-06-11 11:33 . 2012-06-11 11:33 -------- d-----w- c:\users\G\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 12:27 . 2012-04-04 07:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 12:27 . 2011-10-22 12:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 18:46 . 2011-10-22 11:35 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:46 . 2011-10-22 11:35 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 18:24 . 2012-04-24 18:24 53248 ----a-w- c:\windows\SysWow64\unrar.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-22 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
.
c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-25 1436424]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-20 37392]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-04 25960]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 270912]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-04 2009704]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-10-04 3271496]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-12-28 207656]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 14:55]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 14:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-19 11855976]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-10-04 3993416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\G\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\G\AppData\Roaming\Mozilla\Firefox\Profiles\8by9kksw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-loadtbs-2.1 - c:\users\G\AppData\Roaming\loadtbs\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="B0A617AFC356D0B77647B3FE1DE09AFB1A01322C9FB9F439A80BE260F9D5F826EE9E23F6D485453B89EA7F01462E4D41AD11B160870F7C7153C0686786A49F22ABD35B97BD8A2D05E001B960647DD478ACA2DF7C6A60D6623F84DDD2C15744206FC7556F01F8EE0841D71D0CC8FC47F2BBEAB9210411F4DD0C92A913F62FC996F762FB62968702FBA69E37F5377DD44CB28294F2882DD6010D8F049DE50DA64037EE8CD5EB14F05C3EE96C19E9F2BDDD9A68979B1DE114A54C7F7A6E40F8689AD01D1AB55F9DDD676C33746E8C77D6C8B57C3EC5DC80566F06CE6D802D9C2CE7217F08EE4547FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C8DE9F77861EBB7A5EC925E84024B3C8DB97A464A80F8E3780842AAE6ED94E3F51ADE08BA9CC006A80590934D0012C6F1B95B413DD0183BA6501A164587F6D861AB994C4BA4097757E7484A87C818B2461DF664B31EA5966C6CA074CE0F3B9816E353B9EC50D8E9332D159320B9650F0710667E626C374C60BD5271A04DAAE8E27988F8464E4BAF64801234E305035954D189136112682C39BA6DECBCDD13833AB57B67E09E7C91B42125A709AF8087F1B805572CBA5AF655EB777A08B14216AFF7B1142D96104914E1F11AA514F000472BBEB5A464B05F356D3861CB0B90C3FEB272457B5FA90695A9626C35E0E99FE0A6E14E8EE191117CF13D9DB6825322066B4B718273746BEE742635951506376DBA5E72125AA9A776BE545ED70369BAC53B1046DDA61E10FAD1ADBE0D09E489C20CE6A83C4828350E2D930726CCB28C6553D1250A9B57FE3A643205C16629CE565272AB7CF9413D552A5230FBF313092E736DA0EBCB56B64EE22ABABEA978B346D9BB6AA714AB3A8036AC231460F3160EF3FC824704542B7E1BD5C47325FED6D1054207F60B249768E802E1924DC20D953DE3C748648F43B569373C35FE6ACEDC454A5885AA6A388AE8F71E7B4AEE3E7CCD461F7C63C8D9044294EE38B06DA0EEA3D9E754124170877476C0B8BBED699CB90DEE5748463E992D775F1988BDCA34BD3C75C833F089A4DD296416D8B746F22666CE2E30D1B24FC52D42D7A6973CFBC10173295644BFC9080058C6AE49FDA14C430C3C0C39ED1FB9C9015883B9593BF5FA0823140C44846FAFA1DF1C242EEEFB57A61F9FCD1DA94DA2B96066E4F80931408DC7DC9A3C869E3075DAD34BE845969D52D90665DC2F59D13D1DEDE1E9A1E0AD128973C841A238BC4294DFC73531135278522A59C199C6B5111C8BF968E505625843EC72DF54F057A44E9AA68CE4FAF636534D87527015EFEFD2077CAB5731405830B6F5983612C3722FB3795C37ECD0DA8A845189E5D8E6"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-11 12:29:04
ComboFix-quarantined-files.txt 2012-07-11 10:29
.
Vor Suchlauf: 15 Verzeichnis(se), 133.060.792.320 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 132.528.529.408 Bytes frei
.
- - End Of File - - A8503DA2746A448E4D88208EC7940FF1
|
|
11.07.2012, 14:01
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Notebook sehr langsam Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.07.2012, 16:33
| #30 |
| | Notebook sehr langsam Gmer Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-11 15:36:31
Windows 6.1.7601 Service Pack 1
Running: m0fn5vw9.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971053aec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971053aec (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:48:56 on 11.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\windows\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "plotman.cpl" - "Autodesk, Inc." - C:\windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\windows\system32\styleman.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "rtport" (rtport) - "Windows (R) 2003 DDK 3790 provider" - C:\windows\SysWOW64\drivers\rtport.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\windows\system32\Treiber\vmm.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\windows\system32\drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\windows\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\windows\system32\drivers\vmnetuserif.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\windows\system32\drivers\vmx86.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {8A0BC933-7552-42E2-A228-3BE055777227} "{8A0BC933-7552-42E2-A228-3BE055777227}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~2\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MSOHEVI.DLL {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks, Inc." - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://webvpn.uni-wuppertal.mobi/dana-cached/sc/JuniperSetupClient.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.6" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.6\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\G\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4 -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "spd__ Langmon" - ? - C:\windows\system32\spd__l.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Program Files (x86)\Browny02\BrYNSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "FLEXnet Licensing Service 64" (FLEXnet Licensing Service 64) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "O&O Defrag" (OODefragAgent) - "O&O Software GmbH" - C:\Program Files\OO Software\Defrag\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Samsung UPD Service" (Samsung UPD Service) - "Samsung Electronics CO., LTD." - C:\windows\System32\SUPDSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - ? - C:\windows\system32\vmnetdhcp.exe (File not found) "VMware NAT Service" (VMware NAT Service) - ? - C:\windows\system32\vmnat.exe (File not found) "VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "VMCI sockets DGRAM" - "VMware, Inc." - C:\windows\system32\vsocklib.dll "VMCI sockets STREAM" - "VMware, Inc." - C:\windows\system32\vsocklib.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 16:50:54
-----------------------------
16:50:54.278 OS Version: Windows x64 6.1.7601 Service Pack 1
16:50:54.278 Number of processors: 8 586 0x2A07
16:50:54.278 ComputerName: G-PC UserName: G
16:50:56.353 Initialize success
17:00:09.880 AVAST engine defs: 12071101
17:01:41.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:01:41.109 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:01:41.109 Disk 0 MBR read successfully
17:01:41.125 Disk 0 MBR scan
17:01:41.125 Disk 0 unknown MBR code
17:01:41.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:01:41.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 413696 MB offset 206848
17:01:41.156 Disk 0 Partition - 00 0F Extended LBA 39762 MB offset 847456256
17:01:41.203 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23379 MB offset 928888832
17:01:41.234 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 39761 MB offset 847458304
17:01:41.296 Disk 0 scanning C:\windows\system32\drivers
17:01:55.196 Service scanning
17:02:31.653 Modules scanning
17:02:31.669 Disk 0 trace - called modules:
17:02:31.715 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:02:31.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a22790]
17:02:31.731 3 CLASSPNP.SYS[fffff88001b5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045ce050]
17:02:34.009 AVAST engine scan C:\windows
17:02:40.217 AVAST engine scan C:\windows\system32
17:07:04.950 AVAST engine scan C:\windows\system32\drivers
17:07:23.327 AVAST engine scan C:\Users\G
17:22:37.676 AVAST engine scan C:\ProgramData
17:24:11.369 Scan finished successfully
17:30:37.393 Disk 0 MBR has been saved successfully to "C:\Users\G\Desktop\Logs\MBR.dat"
17:30:37.393 The log file has been saved successfully to "C:\Users\G\Desktop\Logs\aswMBR.txt"
|
|
| Themen zu Notebook sehr langsam |
| antivir, avira, bho, boot-cd, call of duty, converter, diner dash, error, firefox, firefox 13.0.1, flash player, format, google earth, helper, home, install.exe, ip-adresse, jdownloader, langsam, logfile, microsoft office word, mozilla, mp3, netzwerk, nvidia update, nvpciflt.sys, office 2007, plug-in, realtek, registry, rundll, scan, searchscopes, security, sehr langsam, software, svchost.exe, usb, version=1.0, virus, windows, wscript.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
