Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop sehr langsam und neuerdings mit Bluescreen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.12.2012, 15:57   #1
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Hallo,

ich habe vor einigen Monaten hier schonmal Hilfe erhalten, weil mein Laptop extrem langsam hochgefahren ist und ewig brauchte, bis man ihn voll benutzen konnte.
Mittlerweile ist er wieder sehr langsam und ich frage mich, ob ich evtl. irgendein Befall haben könnte. Vorhin ist er zu allem Überfluss plötzlich mit Bluescreen abgestürtzt. Er war aber zu schnell wieder weg, bevor ich den Code notieren konnte.

Ich habe wie gewünscht die entsprechenden Voruntersuchungen gemacht.

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:25 on 22/12/2012 (...)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL:
Code:
ATTFilter
OTL logfile created on: 12/22/2012 4:36:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.92 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 46.98% Memory free
5.83 Gb Paging File | 4.27 Gb Available in Paging File | 73.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 131.77 Gb Free Space | 55.14% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\SysWOW64\Rezip.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DgiVecp) -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes,DefaultScope = {35A4B224-DFD8-448A-A829-1BECF3CB13DD}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{35A4B224-DFD8-448A-A829-1BECF3CB13DD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_deDE433
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{82ED5619-C4B5-4119-A765-C5FE2D05CF02}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{C303320A-8899-463C-871E-78B7C7758687}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BFEAD5F6-FFC2-440E-8006-5A9080C3CA54&apn_sauid=6D07B03E-7F64-4502-8C6B-70EEE8F9E836
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/31 09:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 11:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 19:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 19:35:40 | 000,000,000 | ---D | M]
 
[2012/09/10 20:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2012/12/05 23:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\ifbr1quo.default\extensions
[2012/09/18 15:23:46 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ifbr1quo.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012/10/23 17:34:32 | 000,002,299 | ---- | M] () -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ifbr1quo.default\searchplugins\askcom.xml
[2012/09/10 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/09/12 11:31:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0A0EE2-169B-499B-8E48-FE34D7B9DA4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/22 16:22:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/19 18:10:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/05 11:09:44 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Neuer Ordner
[2012/11/23 08:55:46 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Diagnostics
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/22 16:25:24 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:22:26 | 000,302,592 | ---- | M] () -- C:\Users\...\Desktop\zesdcspm.exe
[2012/12/22 16:22:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/22 16:21:22 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 16:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/22 16:19:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/22 15:47:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/22 14:47:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/22 12:54:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/22 12:54:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/22 12:52:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/22 12:52:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/22 12:52:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/22 12:52:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/22 12:52:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 12:45:34 | 496,873,033 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/22 12:45:32 | 3131,219,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/22 12:14:35 | 004,976,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/22 16:25:24 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:22:25 | 000,302,592 | ---- | C] () -- C:\Users\...\Desktop\zesdcspm.exe
[2012/12/22 16:21:21 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 12:45:34 | 496,873,033 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/14 12:08:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012/09/12 11:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/12 11:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/12 11:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/12 11:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/12 11:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/05 17:47:54 | 000,000,600 | ---- | C] () -- C:\Users\...\AppData\Roaming\winscp.rnd
[2012/01/22 12:13:50 | 000,017,408 | ---- | C] () -- C:\Users\...\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/15 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/09 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DAEMON Tools Lite
[2012/09/06 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ICQ
[2011/09/07 10:36:38 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\klickTel
[2011/12/31 13:03:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Mp3tag
[2011/05/28 21:41:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Qlikworld
[2012/01/27 22:36:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
 
========== Purity Check ==========
 
 

< End of report >
         
Malwarebytes (Quick Scan):
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
...:: ...PC [Administrator]

22.12.2012 16:44:48
mbam-log-2012-12-22 (16-44-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231009
Laufzeit: 2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danke und Gruß

Alt 22.12.2012, 19:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Hallo und

Hast du noch weitere Logs? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten
__________________

__________________

Alt 22.12.2012, 22:34   #3
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Hallo,

die letzten vier Logdateien sind noch vom letzen Mal im August/September:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
... :: ...-PC [Administrator]

03.08.2012 12:52:45
mbam-log-2012-08-03 (12-52-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 398410
Laufzeit: 1 Stunde(n), 2 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
...-PC [Administrator]

31.08.2012 14:07:40
mbam-log-2012-08-31 (14-07-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399116
Laufzeit: 1 Stunde(n), 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
...-PC [Administrator]

07.09.2012 14:59:28
mbam-log-2012-09-07 (14-59-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395393
Laufzeit: 56 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
...-PC [Administrator]

14.09.2012 15:37:14
mbam-log-2012-09-14 (15-37-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389104
Laufzeit: 45 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich weiß leider nicht, ob und wo Avast Logs von Überprüfungen speichert.

Gruß
__________________

Alt 22.12.2012, 23:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 23.12.2012, 14:24   #5
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 14:49:39
-----------------------------
14:49:39.234    OS Version: Windows x64 6.1.7601 Service Pack 1
14:49:39.234    Number of processors: 4 586 0x2505
14:49:39.234    ComputerName: ...-PC  UserName: ...
14:49:41.262    Initialize success
14:49:41.918    AVAST engine defs: 12122300
14:51:55.766    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:51:55.766    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
14:51:55.797    Disk 0 MBR read successfully
14:51:55.797    Disk 0 MBR scan
14:51:55.797    Disk 0 Windows 7 default MBR code
14:51:55.813    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
14:51:55.828    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41945088
14:51:55.844    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       244736 MB offset 42149888
14:51:55.844    Disk 0 Partition - 00     0F Extended LBA             39927 MB offset 543369216
14:51:55.891    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        39926 MB offset 543371264
14:51:55.938    Disk 0 scanning C:\Windows\system32\drivers
14:52:05.377    Service scanning
14:52:24.580    Modules scanning
14:52:24.596    Disk 0 trace - called modules:
14:52:24.611    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:52:24.627    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800345b060]
14:52:24.643    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e29050]
14:52:25.173    AVAST engine scan C:\Windows
14:52:27.731    AVAST engine scan C:\Windows\system32
14:54:58.241    AVAST engine scan C:\Windows\system32\drivers
14:55:09.364    AVAST engine scan C:\Users\Tanja
15:14:12.224    AVAST engine scan C:\ProgramData
15:16:56.274    Scan finished successfully
15:17:16.945    Disk 0 MBR has been saved successfully to "C:\Users\...\Desktop\MBR.dat"
15:17:16.945    The log file has been saved successfully to "C:\Users\...\Desktop\aswMBR.txt"
         
TDSS Killer:
Code:
ATTFilter
15:19:46.0405 4828  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:46.0561 4828  ============================================================
15:19:46.0561 4828  Current date / time: 2012/12/23 15:19:46.0561
15:19:46.0561 4828  SystemInfo:
15:19:46.0561 4828  
15:19:46.0561 4828  OS Version: 6.1.7601 ServicePack: 1.0
15:19:46.0561 4828  Product type: Workstation
15:19:46.0561 4828  ComputerName: ...-PC
15:19:46.0561 4828  UserName: ...
15:19:46.0561 4828  Windows directory: C:\Windows
15:19:46.0561 4828  System windows directory: C:\Windows
15:19:46.0561 4828  Running under WOW64
15:19:46.0561 4828  Processor architecture: Intel x64
15:19:46.0561 4828  Number of processors: 4
15:19:46.0561 4828  Page size: 0x1000
15:19:46.0561 4828  Boot type: Normal boot
15:19:46.0561 4828  ============================================================
15:19:46.0982 4828  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:46.0998 4828  ============================================================
15:19:46.0998 4828  \Device\Harddisk0\DR0:
15:19:46.0998 4828  MBR partitions:
15:19:46.0998 4828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
15:19:46.0998 4828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1DE00000
15:19:47.0029 4828  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20633000, BlocksNum 0x4DFB000
15:19:47.0029 4828  ============================================================
15:19:47.0076 4828  C: <-> \Device\Harddisk0\DR0\Partition2
15:19:47.0123 4828  D: <-> \Device\Harddisk0\DR0\Partition3
15:19:47.0123 4828  ============================================================
15:19:47.0123 4828  Initialize success
15:19:47.0123 4828  ============================================================
15:20:46.0138 5956  ============================================================
15:20:46.0138 5956  Scan started
15:20:46.0138 5956  Mode: Manual; SigCheck; TDLFS; 
15:20:46.0138 5956  ============================================================
15:20:46.0933 5956  ================ Scan system memory ========================
15:20:46.0933 5956  System memory - ok
15:20:46.0933 5956  ================ Scan services =============================
15:20:47.0027 5956  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:20:47.0245 5956  !SASCORE - ok
15:20:47.0401 5956  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:20:47.0511 5956  1394ohci - ok
15:20:47.0573 5956  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:20:47.0604 5956  ACPI - ok
15:20:47.0635 5956  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:20:47.0745 5956  AcpiPmi - ok
15:20:47.0916 5956  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:20:47.0932 5956  AdobeARMservice - ok
15:20:48.0353 5956  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:20:48.0369 5956  AdobeFlashPlayerUpdateSvc - ok
15:20:48.0431 5956  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:20:48.0462 5956  adp94xx - ok
15:20:48.0493 5956  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:20:48.0509 5956  adpahci - ok
15:20:48.0525 5956  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:20:48.0540 5956  adpu320 - ok
15:20:48.0571 5956  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:20:48.0727 5956  AeLookupSvc - ok
15:20:48.0790 5956  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:20:48.0868 5956  AFD - ok
15:20:48.0899 5956  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:20:48.0915 5956  agp440 - ok
15:20:48.0946 5956  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:20:49.0024 5956  ALG - ok
15:20:49.0086 5956  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:20:49.0117 5956  aliide - ok
15:20:49.0149 5956  [ 0642A7B1C4B119AE2AAF1AA61CF69668 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:20:49.0211 5956  AMD External Events Utility - ok
15:20:49.0242 5956  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:20:49.0258 5956  amdide - ok
15:20:49.0289 5956  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:20:49.0367 5956  AmdK8 - ok
15:20:49.0539 5956  [ C6C0F73A038FF38EBBD9C16F79F8D3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:20:49.0741 5956  amdkmdag - ok
15:20:49.0773 5956  [ 4647D713CFF04FAE4F862B3144725BC1 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:20:49.0804 5956  amdkmdap - ok
15:20:49.0819 5956  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:20:49.0851 5956  AmdPPM - ok
15:20:49.0882 5956  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:20:49.0913 5956  amdsata - ok
15:20:49.0944 5956  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:20:49.0975 5956  amdsbs - ok
15:20:50.0007 5956  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:20:50.0022 5956  amdxata - ok
15:20:50.0069 5956  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:20:50.0241 5956  AppID - ok
15:20:50.0272 5956  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:20:50.0334 5956  AppIDSvc - ok
15:20:50.0459 5956  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:20:50.0553 5956  Appinfo - ok
15:20:50.0677 5956  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:20:50.0709 5956  Apple Mobile Device - ok
15:20:50.0802 5956  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:20:50.0818 5956  arc - ok
15:20:50.0849 5956  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:20:50.0865 5956  arcsas - ok
15:20:50.0896 5956  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
15:20:50.0927 5956  aswFsBlk - ok
15:20:50.0974 5956  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:20:51.0005 5956  aswMonFlt - ok
15:20:51.0036 5956  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
15:20:51.0052 5956  aswRdr - ok
15:20:51.0099 5956  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:20:51.0130 5956  aswSnx - ok
15:20:51.0161 5956  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:20:51.0177 5956  aswSP - ok
15:20:51.0208 5956  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
15:20:51.0223 5956  aswTdi - ok
15:20:51.0255 5956  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:51.0333 5956  AsyncMac - ok
15:20:51.0379 5956  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:20:51.0395 5956  atapi - ok
15:20:51.0442 5956  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
15:20:51.0489 5956  AtiHdmiService - ok
15:20:51.0629 5956  [ C6C0F73A038FF38EBBD9C16F79F8D3E3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:20:51.0816 5956  atikmdag - ok
15:20:51.0879 5956  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:20:51.0988 5956  AudioEndpointBuilder - ok
15:20:51.0988 5956  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:20:52.0035 5956  AudioSrv - ok
15:20:52.0097 5956  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:20:52.0113 5956  avast! Antivirus - ok
15:20:52.0159 5956  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:20:52.0269 5956  AxInstSV - ok
15:20:52.0315 5956  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:20:52.0409 5956  b06bdrv - ok
15:20:52.0456 5956  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:20:52.0518 5956  b57nd60a - ok
15:20:52.0659 5956  [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:20:52.0830 5956  BCM43XX - ok
15:20:52.0893 5956  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:20:53.0033 5956  BDESVC - ok
15:20:53.0111 5956  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:20:53.0205 5956  Beep - ok
15:20:53.0329 5956  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:20:53.0439 5956  BFE - ok
15:20:53.0485 5956  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:20:53.0595 5956  BITS - ok
15:20:53.0641 5956  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:53.0673 5956  blbdrive - ok
15:20:53.0735 5956  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:20:53.0766 5956  Bonjour Service - ok
15:20:53.0829 5956  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:20:53.0875 5956  bowser - ok
15:20:53.0907 5956  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:20:53.0985 5956  BrFiltLo - ok
15:20:54.0000 5956  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:20:54.0047 5956  BrFiltUp - ok
15:20:54.0078 5956  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:20:54.0141 5956  BridgeMP - ok
15:20:54.0172 5956  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:20:54.0219 5956  Browser - ok
15:20:54.0250 5956  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:20:54.0297 5956  Brserid - ok
15:20:54.0297 5956  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:54.0343 5956  BrSerWdm - ok
15:20:54.0343 5956  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:54.0406 5956  BrUsbMdm - ok
15:20:54.0406 5956  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:54.0437 5956  BrUsbSer - ok
15:20:54.0453 5956  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:20:54.0577 5956  BthEnum - ok
15:20:54.0609 5956  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:20:54.0640 5956  BTHMODEM - ok
15:20:54.0671 5956  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:20:54.0702 5956  BthPan - ok
15:20:54.0733 5956  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:20:54.0827 5956  BTHPORT - ok
15:20:54.0858 5956  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:20:54.0905 5956  bthserv - ok
15:20:54.0936 5956  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:20:54.0999 5956  BTHUSB - ok
15:20:55.0030 5956  [ EE215AC3C16F00667D0FC391D018C8FD ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
15:20:55.0061 5956  btwampfl - ok
15:20:55.0092 5956  [ EBC9E33C13CDD6C51C1134EAE46466A1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:20:55.0108 5956  btwaudio - ok
15:20:55.0108 5956  [ 43FB7FA896D87AA5A9F3E743D7E2303F ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:20:55.0123 5956  btwavdt - ok
15:20:55.0201 5956  [ 0D86D2C7659588DB97BDB1AE74D95875 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:20:55.0248 5956  btwdins - ok
15:20:55.0264 5956  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:20:55.0279 5956  btwl2cap - ok
15:20:55.0295 5956  [ 1AED551A8CB2F2343EDA09109EEF4807 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:20:55.0295 5956  btwrchid - ok
15:20:55.0389 5956  catchme - ok
15:20:55.0420 5956  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:20:55.0498 5956  cdfs - ok
15:20:55.0576 5956  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:20:55.0623 5956  cdrom - ok
15:20:55.0685 5956  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:20:55.0810 5956  CertPropSvc - ok
15:20:55.0872 5956  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:20:55.0919 5956  circlass - ok
15:20:55.0950 5956  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:20:55.0966 5956  CLFS - ok
15:20:56.0028 5956  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:20:56.0044 5956  clr_optimization_v2.0.50727_32 - ok
15:20:56.0106 5956  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:20:56.0137 5956  clr_optimization_v2.0.50727_64 - ok
15:20:56.0200 5956  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:56.0293 5956  clr_optimization_v4.0.30319_32 - ok
15:20:56.0340 5956  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:56.0371 5956  clr_optimization_v4.0.30319_64 - ok
15:20:56.0387 5956  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:56.0418 5956  CmBatt - ok
15:20:56.0449 5956  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:20:56.0481 5956  cmdide - ok
15:20:56.0512 5956  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:20:56.0574 5956  CNG - ok
15:20:56.0621 5956  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:20:56.0652 5956  Compbatt - ok
15:20:56.0683 5956  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:20:56.0730 5956  CompositeBus - ok
15:20:56.0746 5956  COMSysApp - ok
15:20:56.0761 5956  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:56.0777 5956  crcdisk - ok
15:20:56.0824 5956  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:20:56.0902 5956  CryptSvc - ok
15:20:56.0949 5956  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:20:56.0964 5956  CVirtA - ok
15:20:57.0058 5956  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:20:57.0105 5956  CVPND - ok
15:20:57.0120 5956  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:20:57.0151 5956  CVPNDRVA - ok
15:20:57.0214 5956  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:20:57.0276 5956  DcomLaunch - ok
15:20:57.0323 5956  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:20:57.0385 5956  defragsvc - ok
15:20:57.0432 5956  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:20:57.0510 5956  DfsC - ok
15:20:57.0573 5956  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
15:20:57.0588 5956  DgiVecp - ok
15:20:57.0619 5956  [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:20:57.0651 5956  dg_ssudbus - ok
15:20:57.0697 5956  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:20:57.0760 5956  Dhcp - ok
15:20:57.0791 5956  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:20:57.0869 5956  discache - ok
15:20:57.0900 5956  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:20:57.0916 5956  Disk - ok
15:20:58.0025 5956  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:20:58.0087 5956  DNE - ok
15:20:58.0197 5956  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:20:58.0321 5956  Dnscache - ok
15:20:58.0368 5956  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:20:58.0462 5956  dot3svc - ok
15:20:58.0509 5956  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:20:58.0602 5956  DPS - ok
15:20:58.0633 5956  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:20:58.0680 5956  drmkaud - ok
15:20:58.0711 5956  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:20:58.0758 5956  DXGKrnl - ok
15:20:58.0774 5956  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:20:58.0836 5956  EapHost - ok
15:20:58.0930 5956  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:20:59.0055 5956  ebdrv - ok
15:20:59.0070 5956  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:20:59.0133 5956  EFS - ok
15:20:59.0195 5956  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:20:59.0273 5956  ehRecvr - ok
15:20:59.0304 5956  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:20:59.0351 5956  ehSched - ok
15:20:59.0413 5956  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:20:59.0445 5956  elxstor - ok
15:20:59.0476 5956  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:20:59.0507 5956  ErrDev - ok
15:20:59.0554 5956  [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:20:59.0616 5956  ETD - ok
15:20:59.0663 5956  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:20:59.0741 5956  EventSystem - ok
15:20:59.0772 5956  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:20:59.0835 5956  exfat - ok
15:20:59.0866 5956  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:20:59.0944 5956  fastfat - ok
15:21:00.0006 5956  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:21:00.0100 5956  Fax - ok
15:21:00.0115 5956  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:21:00.0147 5956  fdc - ok
15:21:00.0178 5956  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:21:00.0225 5956  fdPHost - ok
15:21:00.0240 5956  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:21:00.0287 5956  FDResPub - ok
15:21:00.0318 5956  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:21:00.0349 5956  FileInfo - ok
15:21:00.0349 5956  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:21:00.0412 5956  Filetrace - ok
15:21:00.0412 5956  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:21:00.0443 5956  flpydisk - ok
15:21:00.0474 5956  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:21:00.0505 5956  FltMgr - ok
15:21:00.0708 5956  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:21:00.0802 5956  FontCache - ok
15:21:00.0880 5956  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:21:00.0895 5956  FontCache3.0.0.0 - ok
15:21:00.0942 5956  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:21:00.0973 5956  FsDepends - ok
15:21:01.0020 5956  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:21:01.0051 5956  fssfltr - ok
15:21:01.0145 5956  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:21:01.0176 5956  fsssvc - ok
15:21:01.0207 5956  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:21:01.0223 5956  Fs_Rec - ok
15:21:01.0270 5956  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:21:01.0301 5956  fvevol - ok
15:21:01.0332 5956  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:21:01.0363 5956  gagp30kx - ok
15:21:01.0395 5956  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:21:01.0410 5956  GEARAspiWDM - ok
15:21:01.0441 5956  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:21:01.0504 5956  gpsvc - ok
15:21:01.0613 5956  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:21:01.0644 5956  gupdate - ok
15:21:01.0660 5956  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:21:01.0675 5956  gupdatem - ok
15:21:01.0722 5956  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:21:01.0738 5956  gusvc - ok
15:21:01.0769 5956  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:21:01.0831 5956  hcw85cir - ok
15:21:01.0878 5956  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:21:01.0909 5956  HdAudAddService - ok
15:21:01.0972 5956  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:21:02.0019 5956  HDAudBus - ok
15:21:02.0034 5956  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:21:02.0065 5956  HidBatt - ok
15:21:02.0081 5956  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:21:02.0112 5956  HidBth - ok
15:21:02.0128 5956  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:21:02.0143 5956  HidIr - ok
15:21:02.0175 5956  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:21:02.0221 5956  hidserv - ok
15:21:02.0299 5956  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:21:02.0315 5956  HidUsb - ok
15:21:02.0377 5956  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:21:02.0455 5956  hkmsvc - ok
15:21:02.0502 5956  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:21:02.0580 5956  HomeGroupListener - ok
15:21:02.0627 5956  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:21:02.0658 5956  HomeGroupProvider - ok
15:21:02.0705 5956  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:21:02.0736 5956  HpSAMD - ok
15:21:02.0799 5956  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:21:02.0877 5956  HTTP - ok
15:21:02.0908 5956  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:21:02.0939 5956  hwpolicy - ok
15:21:02.0986 5956  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:21:03.0017 5956  i8042prt - ok
15:21:03.0048 5956  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:21:03.0064 5956  iaStor - ok
15:21:03.0111 5956  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:21:03.0157 5956  iaStorV - ok
15:21:03.0360 5956  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:21:03.0407 5956  idsvc - ok
15:21:03.0875 5956  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:21:04.0062 5956  igfx - ok
15:21:04.0093 5956  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:21:04.0109 5956  iirsp - ok
15:21:04.0156 5956  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:21:04.0234 5956  IKEEXT - ok
15:21:04.0281 5956  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:21:04.0327 5956  Impcd - ok
15:21:04.0421 5956  [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:21:04.0499 5956  IntcAzAudAddService - ok
15:21:04.0546 5956  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:21:04.0577 5956  intelide - ok
15:21:04.0624 5956  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:21:04.0686 5956  intelppm - ok
15:21:04.0717 5956  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:21:04.0780 5956  IPBusEnum - ok
15:21:04.0811 5956  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:04.0873 5956  IpFilterDriver - ok
15:21:04.0920 5956  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:21:04.0998 5956  iphlpsvc - ok
15:21:05.0029 5956  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:21:05.0076 5956  IPMIDRV - ok
15:21:05.0107 5956  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:21:05.0170 5956  IPNAT - ok
15:21:05.0217 5956  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:21:05.0248 5956  iPod Service - ok
15:21:05.0295 5956  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:21:05.0357 5956  IRENUM - ok
15:21:05.0419 5956  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:21:05.0435 5956  isapnp - ok
15:21:05.0482 5956  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:21:05.0513 5956  iScsiPrt - ok
15:21:05.0560 5956  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:21:05.0591 5956  kbdclass - ok
15:21:05.0622 5956  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:21:05.0653 5956  kbdhid - ok
15:21:05.0669 5956  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:21:05.0685 5956  KeyIso - ok
15:21:05.0731 5956  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:21:05.0763 5956  KSecDD - ok
15:21:05.0794 5956  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:21:05.0825 5956  KSecPkg - ok
15:21:05.0887 5956  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:21:05.0965 5956  ksthunk - ok
15:21:06.0028 5956  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:21:06.0121 5956  KtmRm - ok
15:21:06.0215 5956  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:21:06.0309 5956  LanmanServer - ok
15:21:06.0355 5956  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:21:06.0402 5956  LanmanWorkstation - ok
15:21:06.0433 5956  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:21:06.0480 5956  lltdio - ok
15:21:06.0511 5956  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:21:06.0574 5956  lltdsvc - ok
15:21:06.0589 5956  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:21:06.0636 5956  lmhosts - ok
15:21:06.0667 5956  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:21:06.0683 5956  LSI_FC - ok
15:21:06.0683 5956  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:21:06.0699 5956  LSI_SAS - ok
15:21:06.0714 5956  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:21:06.0730 5956  LSI_SAS2 - ok
15:21:06.0730 5956  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:21:06.0745 5956  LSI_SCSI - ok
15:21:06.0761 5956  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:21:06.0808 5956  luafv - ok
15:21:06.0855 5956  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:21:06.0886 5956  Mcx2Svc - ok
15:21:06.0886 5956  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:21:06.0901 5956  megasas - ok
15:21:06.0933 5956  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:21:06.0948 5956  MegaSR - ok
15:21:07.0026 5956  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:21:07.0057 5956  Microsoft Office Groove Audit Service - ok
15:21:07.0073 5956  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:21:07.0167 5956  MMCSS - ok
15:21:07.0182 5956  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:21:07.0245 5956  Modem - ok
15:21:07.0276 5956  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:21:07.0307 5956  monitor - ok
15:21:07.0369 5956  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:21:07.0385 5956  mouclass - ok
15:21:07.0416 5956  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:21:07.0463 5956  mouhid - ok
15:21:07.0510 5956  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:21:07.0541 5956  mountmgr - ok
15:21:07.0588 5956  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:21:07.0619 5956  MozillaMaintenance - ok
15:21:07.0650 5956  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:21:07.0681 5956  mpio - ok
15:21:07.0697 5956  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:21:07.0759 5956  mpsdrv - ok
15:21:07.0822 5956  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:21:07.0915 5956  MpsSvc - ok
15:21:07.0947 5956  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:21:08.0009 5956  MRxDAV - ok
15:21:08.0040 5956  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:08.0103 5956  mrxsmb - ok
15:21:08.0134 5956  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:08.0181 5956  mrxsmb10 - ok
15:21:08.0196 5956  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:08.0243 5956  mrxsmb20 - ok
15:21:08.0274 5956  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:21:08.0290 5956  msahci - ok
15:21:08.0368 5956  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:21:08.0399 5956  msdsm - ok
15:21:08.0446 5956  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:21:08.0508 5956  MSDTC - ok
15:21:08.0586 5956  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:21:08.0664 5956  Msfs - ok
15:21:08.0711 5956  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:21:08.0773 5956  mshidkmdf - ok
15:21:08.0820 5956  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:21:08.0836 5956  msisadrv - ok
15:21:08.0883 5956  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:21:08.0961 5956  MSiSCSI - ok
15:21:08.0961 5956  msiserver - ok
15:21:08.0992 5956  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:21:09.0039 5956  MSKSSRV - ok
15:21:09.0054 5956  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:09.0101 5956  MSPCLOCK - ok
15:21:09.0117 5956  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:21:09.0163 5956  MSPQM - ok
15:21:09.0195 5956  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:21:09.0241 5956  MsRPC - ok
15:21:09.0273 5956  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:21:09.0288 5956  mssmbios - ok
15:21:09.0304 5956  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:21:09.0351 5956  MSTEE - ok
15:21:09.0366 5956  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:21:09.0397 5956  MTConfig - ok
15:21:09.0429 5956  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:21:09.0444 5956  Mup - ok
15:21:09.0475 5956  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:21:09.0522 5956  napagent - ok
15:21:09.0585 5956  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:21:09.0631 5956  NativeWifiP - ok
15:21:09.0678 5956  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:21:09.0725 5956  NDIS - ok
15:21:09.0741 5956  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:09.0787 5956  NdisCap - ok
15:21:09.0834 5956  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:09.0897 5956  NdisTapi - ok
15:21:09.0928 5956  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:10.0006 5956  Ndisuio - ok
15:21:10.0037 5956  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:10.0115 5956  NdisWan - ok
15:21:10.0162 5956  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:21:10.0224 5956  NDProxy - ok
15:21:10.0349 5956  [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:21:10.0411 5956  Nero BackItUp Scheduler 4.0 - ok
15:21:10.0427 5956  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:21:10.0489 5956  NetBIOS - ok
15:21:10.0521 5956  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:21:10.0599 5956  NetBT - ok
15:21:10.0614 5956  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:21:10.0630 5956  Netlogon - ok
15:21:10.0661 5956  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:21:10.0723 5956  Netman - ok
15:21:10.0786 5956  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:21:10.0879 5956  netprofm - ok
15:21:10.0911 5956  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:21:10.0942 5956  NetTcpPortSharing - ok
15:21:11.0004 5956  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:21:11.0035 5956  nfrd960 - ok
15:21:11.0067 5956  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:21:11.0113 5956  NlaSvc - ok
15:21:11.0145 5956  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:21:11.0191 5956  Npfs - ok
15:21:11.0207 5956  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:21:11.0285 5956  nsi - ok
15:21:11.0301 5956  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:21:11.0347 5956  nsiproxy - ok
15:21:11.0425 5956  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:21:11.0472 5956  Ntfs - ok
15:21:11.0503 5956  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:21:11.0550 5956  Null - ok
15:21:11.0566 5956  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:21:11.0581 5956  nvraid - ok
15:21:11.0613 5956  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:21:11.0613 5956  nvstor - ok
15:21:11.0659 5956  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:21:11.0691 5956  nv_agp - ok
15:21:11.0784 5956  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:21:11.0815 5956  odserv - ok
15:21:11.0847 5956  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:21:11.0893 5956  ohci1394 - ok
15:21:11.0940 5956  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:21:11.0971 5956  ose - ok
15:21:12.0018 5956  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:21:12.0081 5956  p2pimsvc - ok
15:21:12.0096 5956  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:21:12.0143 5956  p2psvc - ok
15:21:12.0190 5956  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:21:12.0237 5956  Parport - ok
15:21:12.0283 5956  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:21:12.0299 5956  partmgr - ok
15:21:12.0330 5956  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:21:12.0361 5956  PcaSvc - ok
15:21:12.0408 5956  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:21:12.0424 5956  pci - ok
15:21:12.0455 5956  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:21:12.0471 5956  pciide - ok
15:21:12.0486 5956  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:21:12.0502 5956  pcmcia - ok
15:21:12.0517 5956  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:21:12.0533 5956  pcw - ok
15:21:12.0564 5956  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:21:12.0658 5956  PEAUTH - ok
15:21:12.0736 5956  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:21:12.0783 5956  PerfHost - ok
15:21:12.0861 5956  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:21:12.0970 5956  pla - ok
15:21:13.0017 5956  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:21:13.0110 5956  PlugPlay - ok
15:21:13.0141 5956  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:21:13.0204 5956  PNRPAutoReg - ok
15:21:13.0219 5956  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:21:13.0251 5956  PNRPsvc - ok
15:21:13.0375 5956  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:21:13.0469 5956  PolicyAgent - ok
15:21:13.0531 5956  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:21:13.0625 5956  Power - ok
15:21:13.0703 5956  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:21:13.0765 5956  PptpMiniport - ok
15:21:13.0797 5956  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:21:13.0843 5956  Processor - ok
15:21:13.0875 5956  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:21:13.0921 5956  ProfSvc - ok
15:21:13.0937 5956  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:21:13.0968 5956  ProtectedStorage - ok
15:21:14.0015 5956  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:21:14.0077 5956  Psched - ok
15:21:14.0171 5956  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
15:21:14.0187 5956  PSI - ok
15:21:14.0249 5956  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:21:14.0296 5956  ql2300 - ok
15:21:14.0327 5956  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:21:14.0358 5956  ql40xx - ok
15:21:14.0389 5956  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:21:14.0421 5956  QWAVE - ok
15:21:14.0436 5956  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:21:14.0499 5956  QWAVEdrv - ok
15:21:14.0499 5956  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:21:14.0545 5956  RasAcd - ok
15:21:14.0592 5956  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:14.0655 5956  RasAgileVpn - ok
15:21:14.0686 5956  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:21:14.0733 5956  RasAuto - ok
15:21:14.0764 5956  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:14.0811 5956  Rasl2tp - ok
15:21:14.0857 5956  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:21:14.0920 5956  RasMan - ok
15:21:14.0935 5956  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:14.0998 5956  RasPppoe - ok
15:21:15.0013 5956  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:21:15.0076 5956  RasSstp - ok
15:21:15.0123 5956  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:21:15.0185 5956  rdbss - ok
15:21:15.0185 5956  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:15.0216 5956  rdpbus - ok
15:21:15.0232 5956  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:15.0279 5956  RDPCDD - ok
15:21:15.0294 5956  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:21:15.0357 5956  RDPENCDD - ok
15:21:15.0357 5956  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:21:15.0435 5956  RDPREFMP - ok
15:21:15.0497 5956  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:21:15.0575 5956  RdpVideoMiniport - ok
15:21:15.0606 5956  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:21:15.0684 5956  RDPWD - ok
15:21:15.0731 5956  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:21:15.0762 5956  rdyboost - ok
15:21:15.0809 5956  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:21:15.0887 5956  RemoteAccess - ok
15:21:15.0965 5956  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:21:16.0043 5956  RemoteRegistry - ok
15:21:16.0059 5956  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\Windows\SysWOW64\Rezip.exe
15:21:16.0074 5956  Rezip ( UnsignedFile.Multi.Generic ) - warning
15:21:16.0074 5956  Rezip - detected UnsignedFile.Multi.Generic (1)
15:21:16.0090 5956  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:21:16.0121 5956  RFCOMM - ok
15:21:16.0152 5956  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:21:16.0215 5956  RpcEptMapper - ok
15:21:16.0230 5956  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:21:16.0261 5956  RpcLocator - ok
15:21:16.0293 5956  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:21:16.0355 5956  RpcSs - ok
15:21:16.0371 5956  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:21:16.0417 5956  rspndr - ok
15:21:16.0433 5956  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:21:16.0449 5956  RTL8167 - ok
15:21:16.0495 5956  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\Windows\SysWOW64\drivers\rtport.sys
15:21:16.0527 5956  rtport - ok
15:21:16.0573 5956  [ 2BE978B0347C9586F6F665B96B6BD115 ] S3XXx64         C:\Windows\system32\DRIVERS\S3XXx64.sys
15:21:16.0605 5956  S3XXx64 - ok
15:21:16.0636 5956  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
15:21:16.0683 5956  SABI - ok
15:21:16.0698 5956  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:21:16.0714 5956  SamSs - ok
15:21:16.0792 5956  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:21:16.0807 5956  SASDIFSV - ok
15:21:16.0839 5956  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:21:16.0854 5956  SASKUTIL - ok
15:21:16.0885 5956  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:21:16.0901 5956  sbp2port - ok
15:21:16.0932 5956  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:21:16.0979 5956  SCardSvr - ok
15:21:17.0010 5956  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:21:17.0057 5956  scfilter - ok
15:21:17.0104 5956  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:21:17.0182 5956  Schedule - ok
15:21:17.0229 5956  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:21:17.0260 5956  SCPolicySvc - ok
15:21:17.0291 5956  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:21:17.0353 5956  SDRSVC - ok
15:21:17.0385 5956  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:21:17.0463 5956  secdrv - ok
15:21:17.0494 5956  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:21:17.0556 5956  seclogon - ok
15:21:17.0619 5956  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:21:17.0665 5956  Secunia PSI Agent - ok
15:21:17.0728 5956  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:21:17.0775 5956  Secunia Update Agent - ok
15:21:17.0821 5956  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:21:17.0884 5956  SENS - ok
15:21:17.0899 5956  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:21:17.0962 5956  SensrSvc - ok
15:21:18.0071 5956  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:21:18.0102 5956  Serenum - ok
15:21:18.0149 5956  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:21:18.0196 5956  Serial - ok
15:21:18.0243 5956  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:21:18.0305 5956  sermouse - ok
15:21:18.0352 5956  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:21:18.0445 5956  SessionEnv - ok
15:21:18.0477 5956  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:21:18.0555 5956  sffdisk - ok
15:21:18.0570 5956  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:21:18.0601 5956  sffp_mmc - ok
15:21:18.0617 5956  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:21:18.0648 5956  sffp_sd - ok
15:21:18.0664 5956  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:21:18.0695 5956  sfloppy - ok
15:21:18.0726 5956  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:21:18.0789 5956  SharedAccess - ok
15:21:18.0835 5956  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:21:18.0882 5956  ShellHWDetection - ok
15:21:18.0913 5956  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:21:18.0929 5956  SiSRaid2 - ok
15:21:18.0976 5956  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:21:18.0991 5956  SiSRaid4 - ok
15:21:19.0038 5956  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:21:19.0101 5956  Smb - ok
15:21:19.0147 5956  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:21:19.0194 5956  SNMPTRAP - ok
15:21:19.0210 5956  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:21:19.0225 5956  spldr - ok
15:21:19.0257 5956  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:21:19.0319 5956  Spooler - ok
15:21:19.0413 5956  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:21:19.0506 5956  sppsvc - ok
15:21:19.0553 5956  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:21:19.0615 5956  sppuinotify - ok
15:21:19.0631 5956  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:21:19.0678 5956  srv - ok
15:21:19.0693 5956  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:21:19.0709 5956  srv2 - ok
15:21:19.0725 5956  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:21:19.0756 5956  srvnet - ok
15:21:19.0787 5956  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:21:19.0834 5956  SSDPSRV - ok
15:21:19.0896 5956  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:21:19.0912 5956  SSPORT - ok
15:21:19.0943 5956  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:21:20.0005 5956  SstpSvc - ok
15:21:20.0037 5956  [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:21:20.0052 5956  ssudmdm - ok
15:21:20.0068 5956  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:21:20.0083 5956  stexstor - ok
15:21:20.0146 5956  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:21:20.0177 5956  stisvc - ok
15:21:20.0208 5956  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:21:20.0224 5956  swenum - ok
15:21:20.0255 5956  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:21:20.0317 5956  swprv - ok
15:21:20.0364 5956  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:21:20.0427 5956  SysMain - ok
15:21:20.0473 5956  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:21:20.0520 5956  TabletInputService - ok
15:21:20.0520 5956  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:21:20.0567 5956  TapiSrv - ok
15:21:20.0598 5956  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:21:20.0661 5956  TBS - ok
15:21:20.0910 5956  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:21:20.0973 5956  Tcpip - ok
15:21:21.0066 5956  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:21:21.0129 5956  TCPIP6 - ok
15:21:21.0175 5956  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:21:21.0207 5956  tcpipreg - ok
15:21:21.0238 5956  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:21:21.0285 5956  TDPIPE - ok
15:21:21.0331 5956  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:21:21.0363 5956  TDTCP - ok
15:21:21.0394 5956  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:21:21.0472 5956  tdx - ok
15:21:21.0503 5956  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:21:21.0519 5956  TermDD - ok
15:21:21.0565 5956  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:21:21.0612 5956  TermService - ok
15:21:21.0643 5956  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:21:21.0675 5956  Themes - ok
15:21:21.0690 5956  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:21:21.0737 5956  THREADORDER - ok
15:21:21.0753 5956  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:21:21.0799 5956  TrkWks - ok
15:21:21.0877 5956  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:21:21.0955 5956  TrustedInstaller - ok
15:21:21.0987 5956  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:22.0033 5956  tssecsrv - ok
15:21:22.0065 5956  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:21:22.0096 5956  TsUsbFlt - ok
15:21:22.0143 5956  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:21:22.0221 5956  tunnel - ok
15:21:22.0236 5956  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:21:22.0252 5956  uagp35 - ok
15:21:22.0283 5956  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:21:22.0377 5956  udfs - ok
15:21:22.0392 5956  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:21:22.0439 5956  UI0Detect - ok
15:21:22.0470 5956  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:21:22.0486 5956  uliagpkx - ok
15:21:22.0517 5956  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:21:22.0564 5956  umbus - ok
15:21:22.0579 5956  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:21:22.0595 5956  UmPass - ok
15:21:22.0611 5956  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:21:22.0689 5956  upnphost - ok
15:21:22.0720 5956  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:21:22.0767 5956  USBAAPL64 - ok
15:21:22.0813 5956  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:22.0860 5956  usbccgp - ok
15:21:22.0891 5956  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:21:22.0923 5956  usbcir - ok
15:21:22.0954 5956  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:21:22.0985 5956  usbehci - ok
15:21:23.0016 5956  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:21:23.0063 5956  usbhub - ok
15:21:23.0094 5956  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:21:23.0125 5956  usbohci - ok
15:21:23.0172 5956  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:21:23.0219 5956  usbprint - ok
15:21:23.0281 5956  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:21:23.0328 5956  usbscan - ok
15:21:23.0344 5956  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:23.0453 5956  USBSTOR - ok
15:21:23.0469 5956  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:21:23.0500 5956  usbuhci - ok
15:21:23.0547 5956  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:21:23.0578 5956  usbvideo - ok
15:21:23.0593 5956  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:21:23.0671 5956  UxSms - ok
15:21:23.0671 5956  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:21:23.0703 5956  VaultSvc - ok
15:21:23.0749 5956  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:21:23.0749 5956  vdrvroot - ok
15:21:23.0812 5956  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:21:23.0890 5956  vds - ok
15:21:23.0937 5956  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:23.0952 5956  vga - ok
15:21:23.0968 5956  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:21:24.0046 5956  VgaSave - ok
15:21:24.0077 5956  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:21:24.0124 5956  vhdmp - ok
15:21:24.0155 5956  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:21:24.0171 5956  viaide - ok
15:21:24.0202 5956  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:21:24.0233 5956  volmgr - ok
15:21:24.0280 5956  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:21:24.0311 5956  volmgrx - ok
15:21:24.0358 5956  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:21:24.0389 5956  volsnap - ok
15:21:24.0420 5956  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:21:24.0436 5956  vsmraid - ok
15:21:24.0498 5956  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:21:24.0576 5956  VSS - ok
15:21:24.0607 5956  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:21:24.0639 5956  vwifibus - ok
15:21:24.0654 5956  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:21:24.0685 5956  vwififlt - ok
15:21:24.0717 5956  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:21:24.0763 5956  W32Time - ok
15:21:24.0779 5956  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:21:24.0810 5956  WacomPen - ok
15:21:24.0857 5956  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:21:24.0919 5956  WANARP - ok
15:21:24.0919 5956  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:21:24.0966 5956  Wanarpv6 - ok
15:21:25.0029 5956  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:21:25.0122 5956  wbengine - ok
15:21:25.0153 5956  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:21:25.0169 5956  WbioSrvc - ok
15:21:25.0216 5956  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:21:25.0294 5956  wcncsvc - ok
15:21:25.0294 5956  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:21:25.0341 5956  WcsPlugInService - ok
15:21:25.0372 5956  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:21:25.0387 5956  Wd - ok
15:21:25.0419 5956  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:21:25.0450 5956  Wdf01000 - ok
15:21:25.0481 5956  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:21:26.0011 5956  WdiServiceHost - ok
15:21:26.0027 5956  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:21:26.0058 5956  WdiSystemHost - ok
15:21:26.0089 5956  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:21:26.0136 5956  WebClient - ok
15:21:26.0167 5956  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:21:26.0230 5956  Wecsvc - ok
15:21:26.0245 5956  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:21:26.0292 5956  wercplsupport - ok
15:21:26.0323 5956  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:21:26.0370 5956  WerSvc - ok
15:21:26.0401 5956  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:26.0433 5956  WfpLwf - ok
15:21:26.0448 5956  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:21:26.0464 5956  WIMMount - ok
15:21:26.0495 5956  WinDefend - ok
15:21:26.0495 5956  WinHttpAutoProxySvc - ok
15:21:26.0557 5956  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:21:26.0651 5956  Winmgmt - ok
15:21:26.0729 5956  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:21:26.0823 5956  WinRM - ok
15:21:26.0885 5956  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
15:21:26.0932 5956  WinUsb - ok
15:21:26.0994 5956  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:21:27.0057 5956  Wlansvc - ok
15:21:27.0181 5956  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:21:27.0259 5956  wlidsvc - ok
15:21:27.0291 5956  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:21:27.0337 5956  WmiAcpi - ok
15:21:27.0369 5956  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:21:27.0400 5956  wmiApSrv - ok
15:21:27.0415 5956  WMPNetworkSvc - ok
15:21:27.0447 5956  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:21:27.0478 5956  WPCSvc - ok
15:21:27.0509 5956  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:21:27.0556 5956  WPDBusEnum - ok
15:21:27.0587 5956  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:21:27.0665 5956  ws2ifsl - ok
15:21:27.0696 5956  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:21:27.0712 5956  wscsvc - ok
15:21:27.0712 5956  WSearch - ok
15:21:27.0774 5956  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:21:27.0852 5956  wuauserv - ok
15:21:27.0883 5956  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:21:27.0930 5956  WudfPf - ok
15:21:27.0961 5956  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:28.0008 5956  WUDFRd - ok
15:21:28.0055 5956  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:21:28.0117 5956  wudfsvc - ok
15:21:28.0164 5956  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:21:28.0227 5956  WwanSvc - ok
15:21:28.0305 5956  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
15:21:28.0429 5956  yukonw7 - ok
15:21:28.0461 5956  ================ Scan global ===============================
15:21:28.0492 5956  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:21:28.0554 5956  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:21:28.0570 5956  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:21:28.0601 5956  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:21:28.0632 5956  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:21:28.0648 5956  [Global] - ok
15:21:28.0648 5956  ================ Scan MBR ==================================
15:21:28.0663 5956  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:21:29.0069 5956  \Device\Harddisk0\DR0 - ok
15:21:29.0069 5956  ================ Scan VBR ==================================
15:21:29.0100 5956  [ 50D44495A30E4369FB2F4F76B3CFC507 ] \Device\Harddisk0\DR0\Partition1
15:21:29.0100 5956  \Device\Harddisk0\DR0\Partition1 - ok
15:21:29.0147 5956  [ 00F82A785E07410F4811ED0512DD0225 ] \Device\Harddisk0\DR0\Partition2
15:21:29.0163 5956  \Device\Harddisk0\DR0\Partition2 - ok
15:21:29.0178 5956  [ B0C97E6C61063691564119B6F6B724DF ] \Device\Harddisk0\DR0\Partition3
15:21:29.0178 5956  \Device\Harddisk0\DR0\Partition3 - ok
15:21:29.0178 5956  ============================================================
15:21:29.0178 5956  Scan finished
15:21:29.0178 5956  ============================================================
15:21:29.0194 5424  Detected object count: 1
15:21:29.0194 5424  Actual detected object count: 1
15:21:41.0549 5424  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:41.0549 5424  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 23.12.2012, 18:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Laptop sehr langsam und neuerdings mit Bluescreen

Alt 23.12.2012, 19:38   #7
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Bitte sehr...es hat relativ lange gedauert, bis es fertig war.

Combofix:
Code:
ATTFilter
ComboFix 12-12-23.01 - ... 23.12.2012  19:47:34.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2986.1391 [GMT 1:00]
ausgeführt von:: c:\users\...\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 19:32 . 2012-12-23 19:32	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-12-23 19:32 . 2012-12-23 19:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 19:32 . 2012-12-23 19:32	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-12-21 12:27 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E5680ED-5BAC-41AE-9511-93E556D9E989}\mpengine.dll
2012-12-21 12:26 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 12:26 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 12:26 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 12:26 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-19 17:07 . 2012-11-12 14:20	9055744	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 17:12 . 2011-05-28 18:56	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 13:16 . 2012-07-20 21:34	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 13:16 . 2011-05-31 16:10	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-05-28 17:45	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-05-28 17:45	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-05-28 17:45	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-05-28 17:45	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-05-28 17:45	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-05-28 17:45	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-05-28 17:45	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-05-28 17:45	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-29 09:28	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 09:28	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 09:28	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-08-31 08:24	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 18:17 . 2012-11-15 17:30	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-15 17:30	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 17:30	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 17:30	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-19 17:08	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 17:31	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 17:31	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 17:31	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 17:31	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 17:31	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 17:31	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 17:31	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 17:31	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 17:31	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 17:31	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 17:31	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-01-27 18:58	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 17:30	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 17:30	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-21 14:25	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2009-10-25 67840]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-30 340520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-30 39464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 04498264
*Deregistered* - 04498264
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 13:16]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 09:54]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 09:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	------w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23  20:36:19
ComboFix-quarantined-files.txt  2012-12-23 19:36
ComboFix2.txt  2012-09-12 10:34
.
Vor Suchlauf: 12 Verzeichnis(se), 142.825.238.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 143.627.005.952 Bytes frei
.
- - End Of File - - BFB0F92968CD456B683D8D2113864730
         

Alt 23.12.2012, 19:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Alt 23.12.2012, 20:36   #9
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



adwcleaner

Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 23/12/2012 um 21:33:23 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ...- ...PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\...\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\prefs.js

Gefunden : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R1].txt - [1002 octets] - [23/12/2012 21:33:23]
AdwCleaner[S1].txt - [2062 octets] - [10/09/2012 16:29:59]

########## EOF - C:\AdwCleaner[R1].txt - [1122 octets] ##########
         

Alt 23.12.2012, 20:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Alt 23.12.2012, 21:44   #11
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 23/12/2012 um 22:23:40 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ...- ...PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\...\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\ifbr1quo.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R1].txt - [1177 octets] - [23/12/2012 21:33:23]
AdwCleaner[S1].txt - [2062 octets] - [10/09/2012 16:29:59]
AdwCleaner[S2].txt - [1124 octets] - [23/12/2012 22:23:40]

########## EOF - C:\AdwCleaner[S2].txt - [1184 octets] ##########
         
OTL:
Code:
ATTFilter
OTL logfile created on: 12/23/2012 10:29:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 60.50% Memory free
5.83 Gb Paging File | 4.56 Gb Available in Paging File | 78.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 133.88 Gb Free Space | 56.02% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\SysWOW64\Rezip.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DgiVecp) -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{35A4B224-DFD8-448A-A829-1BECF3CB13DD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_deDE433
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{82ED5619-C4B5-4119-A765-C5FE2D05CF02}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\SearchScopes\{C303320A-8899-463C-871E-78B7C7758687}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BFEAD5F6-FFC2-440E-8006-5A9080C3CA54&apn_sauid=6D07B03E-7F64-4502-8C6B-70EEE8F9E836
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/23 15:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 11:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 19:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 19:35:40 | 000,000,000 | ---D | M]
 
[2012/09/10 20:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2012/12/05 23:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\ifbr1quo.default\extensions
[2012/09/18 15:23:46 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\ifbr1quo.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012/09/10 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/12/23 20:32:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2949563268-3681810927-3286423182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0A0EE2-169B-499B-8E48-FE34D7B9DA4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/23 20:40:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 20:36:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/23 19:42:17 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe
[2012/12/23 15:19:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2012/12/23 14:47:27 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2012/12/22 16:22:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/21 13:26:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 13:26:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 13:26:18 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 13:26:16 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 18:10:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/19 18:08:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/19 18:08:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/19 18:08:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/19 18:08:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/19 18:08:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/19 18:08:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/19 18:08:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/19 18:08:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/19 18:08:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/19 18:08:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/19 18:08:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/19 18:08:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/19 18:08:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/19 18:08:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/19 18:08:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/19 18:08:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/19 18:08:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/19 18:08:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/19 18:08:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/19 18:08:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/19 18:08:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/19 18:08:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/19 18:08:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/19 18:08:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/19 18:08:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/19 18:08:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/19 18:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/19 18:08:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/19 18:08:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/19 18:08:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/19 18:08:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/19 18:08:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/19 18:08:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/19 18:08:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/19 18:08:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/19 18:08:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/19 18:08:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/19 18:07:44 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/19 18:07:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/19 18:07:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/19 18:07:43 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/19 18:07:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/19 18:07:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/19 18:07:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/19 18:07:37 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/19 18:07:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/05 11:09:44 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Neuer Ordner
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/23 22:33:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 22:33:21 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 22:25:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/23 22:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 22:24:28 | 3131,219,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 22:22:43 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/23 22:22:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 21:32:26 | 000,547,175 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe
[2012/12/23 20:32:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/23 19:42:58 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe
[2012/12/23 15:26:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/23 15:19:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2012/12/23 14:48:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2012/12/22 16:25:24 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:22:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2012/12/22 16:21:22 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 12:52:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/22 12:52:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/22 12:52:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/22 12:52:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/22 12:52:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 12:45:34 | 496,873,033 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/22 12:14:35 | 004,976,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 14:16:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 14:16:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/23 21:32:21 | 000,547,175 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe
[2012/12/22 16:25:24 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable
[2012/12/22 16:21:21 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2012/12/22 12:45:34 | 496,873,033 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/14 12:08:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012/09/12 11:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/12 11:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/12 11:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/12 11:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/12 11:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/05 17:47:54 | 000,000,600 | ---- | C] () -- C:\Users\...\AppData\Roaming\winscp.rnd
[2012/01/22 12:13:50 | 000,017,408 | ---- | C] () -- C:\Users\...\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 12/23/2012 10:29:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 60.50% Memory free
5.83 Gb Paging File | 4.56 Gb Available in Paging File | 78.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.00 Gb Total Space | 133.88 Gb Free Space | 56.02% Space Free | Partition Type: NTFS
Drive D: | 38.99 Gb Total Space | 38.85 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02952D7A-436D-4884-AC9E-891A022195E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{19262199-7D1B-4E05-8CBA-06E6901D8ABA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1D43C71C-3914-45C7-A6F7-6D63957BB5D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28ECA04F-D2F3-4E3C-8D93-AFC517890EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{305E79B0-C0BD-490D-9DEB-02302ECC23D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36169228-B2E4-40AA-BB70-F0DB0C79EDA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40AAF8E7-DC4B-4A79-BEF1-67349C6A5F5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4102061F-1109-4606-8278-EDE353A9FE98}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43EEDD84-3F81-4982-8077-978FDF487F32}" = lport=138 | protocol=17 | dir=in | app=system | 
"{468725CD-125A-4C48-9354-3F3537253A99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D37C66F-4980-466F-9AFA-E4141A88D485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F10D64A-362A-483D-BBD9-6CC994675F12}" = lport=445 | protocol=6 | dir=in | app=system | 
"{680AEC5C-B1EB-421C-9ED0-F5124F88A170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8C881F73-446A-4300-ABC1-99CBD59CA1A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9088DCF9-17E9-45DA-8220-A1B89169B9E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9522DEE4-2A93-40C3-8072-E3C8B31B8CA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97B0BAAB-D419-4E7B-BBC5-513267364553}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A14D65C3-3404-4E36-B1C1-3DABA3DBEBE9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4F71C90-A0A1-4247-8D47-3832AC8452AE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AF9C1A2D-D935-4B69-BC5A-FD18E4066F83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BE02D507-5A01-4BDA-BB1D-A32D42AB87E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D9E1247D-60B5-45E1-8007-4C01D988DB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E155EDE9-776F-44AC-9ADA-54499D82191B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7636CC4-FF0A-4FC1-A627-70569F5F2CFB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EAFB19D7-B8D9-4A61-BCFA-1B2DE31ACD51}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FC482FB4-67C5-44D1-AA86-BAA32E9263F8}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1576762C-E97A-4C3B-81E0-D022F86744B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{17E622DC-34D5-400E-BA76-FDF1CC00ADD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A883AB7-E21C-42C1-BBA6-052C038511A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E798FB5-C538-4189-836F-0BA8A26E12B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28EE450B-52D0-40DA-9972-F7545CD4614C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{2EB4B6AE-E9D8-415C-ACFF-0F7227B5006F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5385519A-4EAA-48A2-9D5D-B9A18DCBA2D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63D8172E-C87E-45F7-A92A-DC3C9F254935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6732CF41-6DB8-4BEE-9DC7-1B2B914A5872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73A4E7A9-2DBE-4EEA-AA17-DA6ED7FEBBD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{798F8495-0E97-4318-8420-6D0ACE6F5D10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D6573C2-B6B7-4796-A529-BB3685F6A980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E3C5D28-5ED5-403A-8CFF-2989222184AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{852554F1-D12B-4550-A18B-E856DB20640C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D4368A9-EE48-4C70-A4B3-1A0120AB29C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DD25F88-3F1F-48D6-B915-371676DF18A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8E06D079-BD62-4EA5-B35C-543896733B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8FA87DD1-013B-4EB2-9986-8FF4B172D289}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{90F01D0D-4F8F-4729-96D0-B2B1DA340DFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9174FBF7-8C64-436F-9AB0-BC13438DE1FC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9197C549-4530-49D0-AB3A-805B5343402C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9DAB19AA-2074-4306-B31B-A7E9D3905D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A707831D-824E-47EB-BFC4-AEE257EEFB78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AF9FE5BA-184D-403D-A3D5-136C37A070AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B9237FBC-0FDA-4DB2-961C-1E007859B05A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B9571C6D-2E83-4BA5-8985-DAFE9CE31AD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1097537-CB0D-47AE-A5A5-8154E095755E}" = protocol=6 | dir=out | app=system | 
"{C57B7E4E-B8CE-451D-9F11-F509CA43304F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C956A1CD-69B2-4B18-8B12-B8D841C3A31E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C9735109-294D-492E-8556-59FF1BB02866}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CA526859-B833-4161-A03E-AE25DEC56CC1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E4AA7772-4726-4933-8944-5D7FC51D58AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E84E240F-2B41-48BE-88A4-AFB2D2AE410C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{EAFF4FED-39C0-4591-8C74-D84DCEA93DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F686B18A-0909-44E1-BFE7-772FC47BA8E1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F785A631-8D8B-4F3C-957B-A2336A2E0535}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2F254734-EDBD-4304-852F-A5AE101E38BC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{2F62D84D-2166-410B-B31B-0520EC4A8E81}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{0B5E5FDA-A086-4DB1-A30A-FE55CE0F3BD8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{14426EF6-5722-4358-A66D-92509DD3492C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Bayern München - NewsBox
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{2860cb46-199b-4226-a807-bd5c29652185}" = Nero 9
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{6DA99C69-0799-467E-9496-F37E1E452A4A}" = SCR3xxx Smart Card Reader
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{41DFDA2C-13E2-48C4-AB2F-F97A7A88A46F}" = Evangeliar Ottos III.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/15/2012 3:58:50 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 11/15/2012 4:00:29 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 11/23/2012 5:27:07 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/23/2012 5:27:41 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 11/23/2012 5:29:07 AM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 11/28/2012 2:12:15 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11/28/2012 2:12:53 PM | Computer Name = ...-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 11/28/2012 3:39:31 PM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
 Zeitstempel: 0x4fcee2f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e64f  ID des fehlerhaften
 Prozesses: 0x11b8  Startzeit der fehlerhaften Anwendung: 0x01cdcd83786906c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: 53da26b3-3993-11e2-aff1-001bb1d08b3f
 
Error - 11/28/2012 5:08:19 PM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
 Zeitstempel: 0x4fcee2f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e64f  ID des fehlerhaften
 Prozesses: 0x15cc  Startzeit der fehlerhaften Anwendung: 0x01cdcda102d6eb91  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: bb6f2a30-399f-11e2-aff1-001bb1d08b3f
 
Error - 11/29/2012 5:41:26 AM | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857,
 Zeitstempel: 0x4fcee2f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e64f  ID des fehlerhaften
 Prozesses: 0x14e4  Startzeit der fehlerhaften Anwendung: 0x01cdce158e0e131e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: f0f8b181-3a08-11e2-9a56-001bb1d08b3f
 
[ System Events ]
Error - 12/22/2012 3:28:00 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12/22/2012 3:28:01 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12/22/2012 3:28:01 PM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12/23/2012 11:21:12 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12/23/2012 11:21:13 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12/23/2012 11:21:14 AM | Computer Name = ...-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12/23/2012 3:23:46 PM | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 12/23/2012 3:31:27 PM | Computer Name = ...-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/23/2012 3:31:28 PM | Computer Name = ...-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/23/2012 3:32:28 PM | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         
Gruß

Alt 24.12.2012, 15:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 24.12.2012, 18:30   #13
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Malwarebytes war ok. ESET hat drei Funde, mit u.a. zwei Viren gefunden.

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
...:: ...PC [Administrator]

24.12.2012 17:08:51
mbam-log-2012-12-24 (17-08-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230762
Laufzeit: 3 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fcd2db771769ac41bc28217d13784a83
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-07 02:56:55
# local_time=2012-09-07 04:56:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 4012 98656498 0 0
# compatibility_mode=8192 67108863 100 0 173 173 0 0
# scanned=101837
# found=4
# cleaned=0
# scan_time=3166
C:\Users\...\AppData\Local\Temp\jar_cache2115030174530410498.tmp	Java/Exploit.Blacole.EO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\Local\Temp\jar_cache4388557868353243239.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\Local\Temp\jar_cache6236878318313135437.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\214f304c-62fdeadf	multiple threats (unable to clean)	00000000000000000000000000000000	I
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fcd2db771769ac41bc28217d13784a83
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-08 05:29:43
# local_time=2012-09-08 07:29:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 96956 98749442 0 0
# compatibility_mode=8192 67108863 100 0 93117 93117 0 0
# scanned=198377
# found=4
# cleaned=0
# scan_time=5790
C:\Users\...\AppData\Local\Temp\jar_cache2115030174530410498.tmp	Java/Exploit.Blacole.EO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\Local\Temp\jar_cache4388557868353243239.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\Local\Temp\jar_cache6236878318313135437.tmp	a variant of Java/Exploit.CVE-2012-1723.AM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\214f304c-62fdeadf	multiple threats (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=fcd2db771769ac41bc28217d13784a83
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-24 06:03:38
# local_time=2012-12-24 07:03:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 81606 133082090 0 0
# compatibility_mode=5893 16776573 100 94 282989 108002068 0 0
# scanned=197787
# found=3
# cleaned=0
# scan_time=6137
C:\Users\...\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WXU7DKY\firstload_com[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	ECED530909349740AC03B3774C98420587D6900F	I
C:\Users\...\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WXU7DKY\firstload_com[2].htm	HTML/ScrInject.B.Gen virus (unable to clean)	0CBF24739F8AFED9864C55A8F8D10360D3DADF85	I
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1b0cab45-6f05ab4f	multiple threats (unable to clean)	4740FD6F05302AAA7C5EFCE61CA58EEDDB886B98	I
         
Frohe Weihnachten und Gruß

Alt 26.12.2012, 20:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



Zitat:
...Content.IE5\1WXU7DKY\firstload_com[1].htm
Was machst du auf Firstload ich würde die Finger davon lassen!

Sieht soweit ok aus, nur noch Reste in Temp- und Cacheordnern, leeren bitte mit TFC:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Alt 27.12.2012, 10:39   #15
marble
 
Laptop sehr langsam und neuerdings mit Bluescreen - Standard

Laptop sehr langsam und neuerdings mit Bluescreen



TFC ausgeführt!

Auf Firstload mache ich garnichts. Ich werde nur ab und zu über Popups dahin weiter geleitet. Ich kann mit dieser Seite ebenfalls nichts anfangen.

Um was handelt es sich denn bei den von ESET gefundenen Bedrohungen? Sind dies lediglich falsch-positive Funde?

Ich werde den PC die nächsten Tage mal genauer Betrachten, in wie weit sich etwas getan hat. Evtl. ist die Performance unabhängig von Funden...

Gruß

Antwort

Themen zu Laptop sehr langsam und neuerdings mit Bluescreen
adobe, antivirus, autorun, avast, bho, bluescreen, bonjour, defender, explorer, firefox, flash player, format, frage, helper, home, langsam, logfile, mp3, nodrives, realtek, registry, scan, secunia psi, sehr langsam, software, superantispyware, windows



Ähnliche Themen: Laptop sehr langsam und neuerdings mit Bluescreen


  1. Laptop ist sehr langsam
    Alles rund um Windows - 22.06.2015 (5)
  2. Computer sehr langsam nach Bluescreen
    Alles rund um Windows - 06.03.2015 (1)
  3. Laptop sehr langsam und wird schnell heiß wenn man games zockt virus? internet spackt auch oft ab (nur laptop)
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  4. Laptop sehr langsam mit Grafikproblemen
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (1)
  5. Laptop ist immer sehr sehr langsam
    Alles rund um Windows - 30.10.2014 (14)
  6. Bluescreen,Deltasearch,Aufbau sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 20.08.2014 (11)
  7. Laptop ist sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 30.07.2014 (3)
  8. Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (21)
  9. Laptop sehr langsam / sehr wahrscheinlich verseucht / Anti Viren Programme updaten nicht mehr
    Log-Analyse und Auswertung - 05.02.2013 (9)
  10. Laptop sehr schnell, sehr langsam
    Log-Analyse und Auswertung - 15.10.2012 (27)
  11. (2x) Laptop hängt beim Systemaufbau, neuerdings auch Bluescreen
    Mülltonne - 09.09.2012 (1)
  12. PC sehr langsam / häufiger Absturz (+ Bluescreen)
    Log-Analyse und Auswertung - 12.02.2012 (1)
  13. PUP.BundleOffer.Downloader.S Laptop sehr träge und geht einfach aus - ohne Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (7)
  14. Problem laptop ist sehr langsam !!!
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (3)
  15. PC-Start neuerdings sehr langsam
    Log-Analyse und Auswertung - 01.12.2010 (1)
  16. Laptop sehr langsam
    Log-Analyse und Auswertung - 19.09.2010 (1)
  17. Laptop plötzlich sehr sehr langsam
    Log-Analyse und Auswertung - 24.09.2008 (1)

Zum Thema Laptop sehr langsam und neuerdings mit Bluescreen - Hallo, ich habe vor einigen Monaten hier schonmal Hilfe erhalten, weil mein Laptop extrem langsam hochgefahren ist und ewig brauchte, bis man ihn voll benutzen konnte. Mittlerweile ist er wieder - Laptop sehr langsam und neuerdings mit Bluescreen...
Archiv
Du betrachtest: Laptop sehr langsam und neuerdings mit Bluescreen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.