Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC slowing down because auf Babylon Search?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC slowing down because auf Babylon Search?

Unread postby Cyradon » January 6th, 2012, 2:08 pm

Hello!
My laptop has remarkably slowed down, although it's relatively new bought (from a special offer of my home-university with the operating system already installed - maybe that's why one could think that it is used for business affairs, but I can assure you: It is not, it's only in private use). One reason for this lowered speed (what I as a non-expert at all) is perhaps the babylon search program, which is still established on my PC (everytime I open a second explorer-window, the babylon-search-site appears), although I removed it from every place in the indexes I can think of. Since a short time, the PC also crashes sometimes when playing a youtube-video. The screen is frozen and I have to restart.
Can you perhaps help me? Thanks a lot for your work in general, and of course in particular if you are ready to look at my problem.
From Switzerland
Ph.

Now following the logs.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 11.10.2010 23:37:22
System Uptime: 06.01.2012 08:42:02 (11 hours ago)
.
Motherboard: Hewlett-Packard | | 30DB
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Intel(R) Genuine processor | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 48,309 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1,344 GiB free.
E: is CDROM (CDFS)
F: is FIXED (FAT32) - 1 GiB total, 0,972 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7-Zip 9.20
ActivClient 6.1 x86
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1) - Deutsch
Agere Systems HDA Modem
AOL Toolbar 5.0
Audacity 1.3.14 (Unicode)
AudioCon
AuthenTec Fingerprint System
Avira AntiVir Personal - Free Antivirus
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon iP4800 series Benutzerregistrierung
Canon iP4800 series Printer Driver
Canon My Printer
Canon Solution Menu EX
capella 7
CD-LabelPrint
Conduit Engine
Credential Manager for HP ProtectTools
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup
Drive Encryption for HP ProtectTools
Dropbox
ERUNT 1.1j
ESET Online Scanner v3
ESU for Microsoft Vista SP1
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP QuickLook 2
HP Software Setup 5.00.A.7
HP Update
HP User Guides 0098
HP Wallpaper
HP Webcam
HP Webcam Application
HP Wireless Assistant
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel® Active-Management-Technologie
Intel® Matrix Storage Manager
IrfanView (remove only)
Java(TM) 6 Update 24
Junk Mail filter update
Live Lite Alesis Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2003-Setup-Start
Microsoft Works 7.0
Microsoft Works Suite-Add-Ins für Microsoft Word
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDFCreator
Presto! BizCard 5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Segoe UI
Softonic Deutsch FF Toolbar
SoundMAX
Steuer 2010 11.0.1
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.4053
Vista Default Settings
VLC media player 1.1.4
VUPlayer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Works Suite-Betriebssystem-Pack
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Philipp at 18:56:26 on 2012-01-06
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.41.1031.18.2971.927 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
c:\Program Files\Fingerprint Sensor\AtService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\windows\system32\igfxsrvc.exe
C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://webmail.uzh.ch/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
mURLSearchHooks: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Softonic Deutsch FF Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - c:\program files\softonic_deutsch_ff\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\users\philipp\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\philipp\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\philipp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar-Suche - c:\programdata\aol\ietoolbar\resources\de-ch\local\search.html
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://idlmail08.lotus.uzh.ch/dwa85W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E69FD266-8496-4DC1-B24B-C0792CE34904} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\APSHook.dll APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-6 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-6 12928]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-6 12496]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-13 66616]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-3-27 224384]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-12-20 47616]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
.
=============== Created Last 30 ================
.
2012-01-06 14:42:07 -------- d-----w- c:\users\philipp\appdata\local\{12A9FEA5-386E-44E8-B930-05D15D69788A}
2012-01-06 14:41:54 -------- d-----w- c:\users\philipp\appdata\local\{C706285C-4A1F-4C80-939F-EDA70C72B341}
2012-01-05 11:26:22 -------- d-----w- c:\users\philipp\appdata\local\{F4DF812D-4714-42EA-9D27-5F81A894F183}
2012-01-05 11:26:09 -------- d-----w- c:\users\philipp\appdata\local\{C4FC283B-FAFC-45EA-A476-081C9BAB7F5D}
2012-01-04 22:22:59 -------- d-----w- c:\users\philipp\appdata\local\{322D3C69-1EAA-4BB1-80EF-5AB53C255015}
2012-01-04 22:22:49 -------- d-----w- c:\users\philipp\appdata\local\{9241E61E-B561-4076-AB16-8B3107C48134}
2012-01-04 11:46:07 -------- d-----w- c:\users\philipp\appdata\local\{7399D53B-42EA-423E-9E77-016ABFF20332}
2012-01-04 11:45:57 -------- d-----w- c:\users\philipp\appdata\local\{EA70005F-AFBB-44D7-976E-3A80F3ABDD4C}
2012-01-04 08:13:12 -------- d-----w- c:\users\philipp\appdata\local\{2AF6F130-34AD-4B79-B6A1-7D942B0B15E1}
2012-01-04 08:12:57 -------- d-----w- c:\users\philipp\appdata\local\{489DEC0D-65FC-4375-ABD5-293DAFEE5B86}
2012-01-03 21:15:32 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2012-01-03 10:53:08 -------- d-----w- c:\users\philipp\appdata\local\{0D6DF6E4-FABD-46C6-90B7-85A0E97C5A57}
2012-01-03 10:52:57 -------- d-----w- c:\users\philipp\appdata\local\{D5C3F6DD-442D-453A-A33F-A0E446137835}
2012-01-02 02:00:24 -------- d-----w- c:\users\philipp\appdata\local\{3998F65D-6316-4A11-8A4B-F01FD748FC8C}
2012-01-02 02:00:10 -------- d-----w- c:\users\philipp\appdata\local\{22DA2D2A-AC0D-4EE5-853D-507AA2B8120B}
2012-01-01 03:14:48 -------- d-----w- c:\users\philipp\appdata\local\{53599D04-D386-48FB-9AF2-548FB9072A66}
2012-01-01 03:14:37 -------- d-----w- c:\users\philipp\appdata\local\{7F0BB10F-EC46-4EFF-8EB8-B668D1051E6F}
2011-12-30 08:26:16 -------- d-----w- c:\users\philipp\appdata\local\{6CA49BFA-3A9B-4F29-AA42-C805CF51330F}
2011-12-30 08:26:05 -------- d-----w- c:\users\philipp\appdata\local\{026334C4-48E7-4C7B-9BAF-8B47D18DF1DB}
2011-12-29 07:28:24 -------- d-----w- c:\users\philipp\appdata\local\{082C855B-2C8E-4004-A1F7-4BA063150DA3}
2011-12-29 07:28:14 -------- d-----w- c:\users\philipp\appdata\local\{8486D5AB-5B7E-4EFC-8B11-F082E83FCFA2}
2011-12-28 09:24:16 -------- d-----w- c:\users\philipp\appdata\local\{4A87E10B-E25B-4B5E-8CAD-4FEC7A046EB0}
2011-12-28 09:24:04 -------- d-----w- c:\users\philipp\appdata\local\{64D72669-C3FD-4C6C-8A3E-91CB62D11C4C}
2011-12-27 15:59:09 -------- d-----w- c:\users\philipp\appdata\local\{147DBEEC-056A-49A0-9839-1A5FFCA4C463}
2011-12-27 15:58:56 -------- d-----w- c:\users\philipp\appdata\local\{A94EE76B-D24E-416C-8F8D-8BC47B5F47EE}
2011-12-26 12:58:18 -------- d-----w- c:\users\philipp\appdata\local\{C9845FDC-B593-4EC8-8B5E-0ED65649347B}
2011-12-26 12:58:08 -------- d-----w- c:\users\philipp\appdata\local\{7FF33556-F048-49B5-939F-90E82FB8218E}
2011-12-25 15:51:11 -------- d-----w- c:\users\philipp\appdata\local\{99C4E6D9-4D5C-49E4-BA10-E703E8D17C5F}
2011-12-25 15:50:58 -------- d-----w- c:\users\philipp\appdata\local\{341CF778-0EB4-4121-9497-CFCC64F4CA8D}
2011-12-23 16:27:49 -------- d-----w- c:\users\philipp\appdata\roaming\CD-LabelPrint
2011-12-23 15:38:23 -------- d-----w- c:\users\philipp\appdata\local\{577923A7-520B-4E4F-94DC-6C7D733112BF}
2011-12-23 15:38:12 -------- d-----w- c:\users\philipp\appdata\local\{046B9E8D-68CC-45D2-89CD-D610E849DFE7}
2011-12-22 15:33:00 -------- d-----w- c:\users\philipp\appdata\local\{061A7FC2-C572-4D95-8CE6-68DAD2A2B47D}
2011-12-22 15:32:46 -------- d-----w- c:\users\philipp\appdata\local\{56F85A82-14B0-447D-BEB5-D099812B7D4A}
2011-12-21 21:31:41 -------- d-----w- c:\users\philipp\appdata\local\{023DEA77-5B81-4615-8354-8DA3BD3BD1C8}
2011-12-21 21:31:17 -------- d-----w- c:\users\philipp\appdata\local\{1C30C29E-13FE-496E-99C5-9C65B106B1E8}
2011-12-20 13:57:13 -------- d-----w- c:\users\philipp\appdata\local\{8E402F3C-CDBE-4C6A-AD24-4B28A611C4D7}
2011-12-20 13:57:03 -------- d-----w- c:\users\philipp\appdata\local\{BF4B4285-8E70-4B6C-83CC-F58CA7BBF871}
2011-12-19 10:05:05 -------- d-----w- c:\users\philipp\appdata\local\{E7532DD0-2773-48DC-8FE4-907452F87B04}
2011-12-19 10:04:54 -------- d-----w- c:\users\philipp\appdata\local\{399AE9D0-863E-427C-B2B8-9E5CF0313E0B}
2011-12-18 13:42:50 -------- d-----w- c:\users\philipp\appdata\local\{AF1016CE-5E94-413D-A916-0EF49625F655}
2011-12-18 13:42:39 -------- d-----w- c:\users\philipp\appdata\local\{232A83B3-BE28-4F53-B0D5-CE9B2036E6BC}
2011-12-17 09:59:35 -------- d-----w- c:\users\philipp\appdata\local\{707587E6-644D-4F01-B18A-D7ADF3BF06FD}
2011-12-17 09:59:21 -------- d-----w- c:\users\philipp\appdata\local\{3BBED02E-93E8-4010-9CA3-05B460AAF52E}
2011-12-16 09:04:49 -------- d-----w- c:\users\philipp\appdata\local\{8A13B6C4-3FB3-4055-B57A-F7644ADDFEF5}
2011-12-16 09:04:37 -------- d-----w- c:\users\philipp\appdata\local\{9BCD71B9-6E03-414B-9F21-981D6AE0FB24}
2011-12-15 22:21:13 -------- d-----w- c:\users\philipp\appdata\local\{B4312DEF-EF83-41C5-8CE0-E0C6F181F30D}
2011-12-15 22:21:03 -------- d-----w- c:\users\philipp\appdata\local\{EB6D4C39-4627-4E25-8C1E-D1B9D058543D}
2011-12-15 08:31:14 -------- d-----w- c:\users\philipp\appdata\local\{BB542C50-7770-49AE-83CD-413577AE8B9B}
2011-12-15 08:31:03 -------- d-----w- c:\users\philipp\appdata\local\{16B4A539-8C85-498E-A646-B5C17CBBBB12}
2011-12-14 22:53:24 -------- d-----w- c:\users\philipp\appdata\local\{401B261D-9AAF-4E30-B277-80234C28EB7A}
2011-12-14 22:53:14 -------- d-----w- c:\users\philipp\appdata\local\{32450732-3C33-45AB-9260-41E72A09CB61}
2011-12-14 22:39:05 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 22:39:05 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:39:03 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:39:03 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:39:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-13 11:26:58 -------- d-----w- c:\users\philipp\appdata\local\{0BDAA2AB-B239-4AE5-A728-E952C55C3D83}
2011-12-13 11:26:48 -------- d-----w- c:\users\philipp\appdata\local\{B698C1C1-8165-4F0E-A807-1064FA6CF109}
2011-12-12 07:47:54 -------- d-----w- c:\users\philipp\appdata\local\{37CCF1FB-2F5A-49C7-9C64-AB998E9E2FC5}
2011-12-12 07:47:43 -------- d-----w- c:\users\philipp\appdata\local\{AC9F72E4-C9E8-4BD9-96E5-A0338702AD20}
2011-12-11 16:29:53 -------- d-----w- c:\users\philipp\appdata\local\{7C626581-F6BC-4204-B280-95ECBAD0EF1E}
2011-12-11 16:29:42 -------- d-----w- c:\users\philipp\appdata\local\{31654A59-2181-4CB4-9BB8-B14FCA1E9518}
2011-12-10 06:06:38 -------- d-----w- c:\users\philipp\appdata\local\{CC34673F-D8D3-41A1-911F-7013BDF83A12}
2011-12-10 06:06:27 -------- d-----w- c:\users\philipp\appdata\local\{28FAB492-5226-4CB2-877E-FB2A3570ED2C}
2011-12-09 08:40:06 -------- d-----w- c:\users\philipp\appdata\local\{CA3701CF-C0DE-4DBB-A130-F3C008B7F732}
2011-12-09 08:39:56 -------- d-----w- c:\users\philipp\appdata\local\{A5C61C9F-C34C-47BB-8510-CFE2609370A1}
2011-12-08 08:08:15 -------- d-----w- c:\users\philipp\appdata\local\{BA8D0DE4-4FBC-42E2-89B8-C9F682DD72FE}
2011-12-08 08:08:04 -------- d-----w- c:\users\philipp\appdata\local\{99A1BFCC-39C2-4710-AD58-708B4F709A64}
.
==================== Find3M ====================
.
2011-11-13 14:15:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 19:00:55,89 ===============
Cyradon
Active Member
 
Posts: 5
Joined: January 4th, 2012, 3:00 pm
Advertisement
Register to Remove

Re: PC slowing down because auf Babylon Search?

Unread postby pgmigg » January 9th, 2012, 11:48 am

Hello Cyradon,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC slowing down because auf Babylon Search?

Unread postby pgmigg » January 10th, 2012, 2:37 pm

Hello Cyradon,

Thank you for your patience... :)

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of OTL.txt log file
  4. Contents of Extras.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC slowing down because auf Babylon Search?

Unread postby Cyradon » January 12th, 2012, 5:53 am

Hello pgmigg,
thanks a lot for your help! I was able to do all the steps you described, during the OTL Scan it seemed, that my PC stucked (the window signed "no answer"), but after a while the process went on. (I answer in two replies, because the forum automatics says to me, that the maximum number of allowed characters is reached).


Following the logs:

10:23:55.0220 3396 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
10:23:55.0340 3396 ============================================================
10:23:55.0340 3396 Current date / time: 2012/01/12 10:23:55.0340
10:23:55.0340 3396 SystemInfo:
10:23:55.0340 3396
10:23:55.0340 3396 OS Version: 6.0.6002 ServicePack: 2.0
10:23:55.0340 3396 Product type: Workstation
10:23:55.0340 3396 ComputerName: PHILIPP-PC
10:23:55.0341 3396 UserName: Philipp
10:23:55.0341 3396 Windows directory: C:\windows
10:23:55.0341 3396 System windows directory: C:\windows
10:23:55.0341 3396 Processor architecture: Intel x86
10:23:55.0341 3396 Number of processors: 2
10:23:55.0341 3396 Page size: 0x1000
10:23:55.0341 3396 Boot type: Normal boot
10:23:55.0341 3396 ============================================================
10:23:56.0287 3396 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
10:23:56.0376 3396 Initialize success
10:23:58.0304 5968 ============================================================
10:23:58.0304 5968 Scan started
10:23:58.0304 5968 Mode: Manual;
10:23:58.0304 5968 ============================================================
10:23:58.0844 5968 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
10:23:58.0854 5968 Accelerometer - ok
10:23:58.0912 5968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
10:23:58.0917 5968 ACPI - ok
10:23:58.0960 5968 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
10:23:58.0968 5968 ADIHdAudAddService - ok
10:23:59.0007 5968 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
10:23:59.0039 5968 adp94xx - ok
10:23:59.0067 5968 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
10:23:59.0109 5968 adpahci - ok
10:23:59.0135 5968 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
10:23:59.0149 5968 adpu160m - ok
10:23:59.0164 5968 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
10:23:59.0183 5968 adpu320 - ok
10:23:59.0248 5968 AFD (3911b972b55fea0478476b2e777b29fa) C:\windows\system32\drivers\afd.sys
10:23:59.0278 5968 AFD - ok
10:23:59.0376 5968 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
10:23:59.0487 5968 AgereSoftModem - ok
10:23:59.0516 5968 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
10:23:59.0530 5968 agp440 - ok
10:23:59.0544 5968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
10:23:59.0563 5968 aic78xx - ok
10:23:59.0587 5968 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
10:23:59.0597 5968 aliide - ok
10:23:59.0639 5968 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
10:23:59.0652 5968 amdagp - ok
10:23:59.0662 5968 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
10:23:59.0674 5968 amdide - ok
10:23:59.0738 5968 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
10:23:59.0749 5968 AmdK7 - ok
10:23:59.0805 5968 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
10:23:59.0817 5968 AmdK8 - ok
10:23:59.0913 5968 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
10:23:59.0932 5968 arc - ok
10:23:59.0976 5968 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
10:23:59.0991 5968 arcsas - ok
10:24:00.0120 5968 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
10:24:00.0127 5968 AsyncMac - ok
10:24:00.0145 5968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\windows\system32\drivers\atapi.sys
10:24:00.0158 5968 atapi - ok
10:24:00.0201 5968 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\windows\system32\Drivers\ATSwpWDF.sys
10:24:00.0239 5968 ATSwpWDF - ok
10:24:00.0288 5968 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
10:24:00.0301 5968 avgntflt - ok
10:24:00.0343 5968 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
10:24:00.0361 5968 avipbb - ok
10:24:00.0390 5968 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
10:24:00.0405 5968 b57nd60x - ok
10:24:00.0437 5968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
10:24:00.0445 5968 Beep - ok
10:24:00.0484 5968 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
10:24:00.0495 5968 blbdrive - ok
10:24:00.0540 5968 bowser (35f376253f687bde63976ccb3f2108ca) C:\windows\system32\DRIVERS\bowser.sys
10:24:00.0552 5968 bowser - ok
10:24:00.0591 5968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
10:24:00.0598 5968 BrFiltLo - ok
10:24:00.0624 5968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
10:24:00.0630 5968 BrFiltUp - ok
10:24:00.0667 5968 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
10:24:00.0680 5968 Brserid - ok
10:24:00.0699 5968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
10:24:00.0710 5968 BrSerWdm - ok
10:24:00.0742 5968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
10:24:00.0748 5968 BrUsbMdm - ok
10:24:00.0770 5968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
10:24:00.0778 5968 BrUsbSer - ok
10:24:00.0811 5968 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\windows\system32\DRIVERS\BthEnum.sys
10:24:00.0819 5968 BthEnum - ok
10:24:00.0847 5968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
10:24:00.0857 5968 BTHMODEM - ok
10:24:00.0898 5968 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
10:24:00.0910 5968 BthPan - ok
10:24:00.0945 5968 BTHPORT (671134053d59e23704f08db19f11e10b) C:\windows\system32\Drivers\BTHport.sys
10:24:00.0971 5968 BTHPORT - ok
10:24:00.0995 5968 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\windows\system32\Drivers\BTHUSB.sys
10:24:01.0003 5968 BTHUSB - ok
10:24:01.0028 5968 catchme - ok
10:24:01.0056 5968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
10:24:01.0067 5968 cdfs - ok
10:24:01.0129 5968 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
10:24:01.0141 5968 cdrom - ok
10:24:01.0174 5968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
10:24:01.0186 5968 circlass - ok
10:24:01.0231 5968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
10:24:01.0306 5968 CLFS - ok
10:24:01.0372 5968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
10:24:01.0381 5968 CmBatt - ok
10:24:01.0410 5968 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
10:24:01.0420 5968 cmdide - ok
10:24:01.0455 5968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
10:24:01.0467 5968 Compbatt - ok
10:24:01.0556 5968 cpuz132 - ok
10:24:01.0568 5968 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
10:24:01.0579 5968 crcdisk - ok
10:24:01.0610 5968 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
10:24:01.0623 5968 Crusoe - ok
10:24:01.0669 5968 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\windows\system32\drivers\csc.sys
10:24:01.0704 5968 CSC - ok
10:24:01.0766 5968 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\windows\system32\Drivers\dfsc.sys
10:24:01.0779 5968 DfsC - ok
10:24:01.0830 5968 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
10:24:01.0845 5968 disk - ok
10:24:01.0901 5968 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\windows\system32\DRIVERS\Dot4.sys
10:24:01.0923 5968 Dot4 - ok
10:24:01.0969 5968 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\windows\system32\DRIVERS\Dot4Prt.sys
10:24:01.0977 5968 Dot4Print - ok
10:24:02.0007 5968 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\windows\system32\DRIVERS\dot4usb.sys
10:24:02.0021 5968 dot4usb - ok
10:24:02.0098 5968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
10:24:02.0104 5968 drmkaud - ok
10:24:02.0164 5968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys
10:24:02.0182 5968 DXGKrnl - ok
10:24:02.0223 5968 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
10:24:02.0239 5968 E1G60 - ok
10:24:02.0303 5968 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\windows\system32\DRIVERS\e1y6032.sys
10:24:02.0327 5968 e1yexpress - ok
10:24:02.0376 5968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
10:24:02.0400 5968 Ecache - ok
10:24:02.0447 5968 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
10:24:02.0471 5968 elxstor - ok
10:24:02.0509 5968 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
10:24:02.0519 5968 ErrDev - ok
10:24:02.0562 5968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
10:24:02.0579 5968 exfat - ok
10:24:02.0605 5968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
10:24:02.0627 5968 fastfat - ok
10:24:02.0662 5968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
10:24:02.0671 5968 fdc - ok
10:24:02.0713 5968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
10:24:02.0726 5968 FileInfo - ok
10:24:02.0746 5968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
10:24:02.0755 5968 Filetrace - ok
10:24:02.0779 5968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
10:24:02.0789 5968 flpydisk - ok
10:24:02.0820 5968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
10:24:02.0840 5968 FltMgr - ok
10:24:02.0883 5968 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
10:24:02.0890 5968 Fs_Rec - ok
10:24:02.0927 5968 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
10:24:02.0939 5968 gagp30kx - ok
10:24:03.0018 5968 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
10:24:03.0026 5968 HBtnKey - ok
10:24:03.0105 5968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
10:24:03.0132 5968 HdAudAddService - ok
10:24:03.0177 5968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
10:24:03.0194 5968 HDAudBus - ok
10:24:03.0229 5968 HECI (2df64415a28ce036ac6acec7645a996f) C:\windows\system32\DRIVERS\HECI.sys
10:24:03.0239 5968 HECI - ok
10:24:03.0270 5968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
10:24:03.0284 5968 HidBth - ok
10:24:03.0301 5968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
10:24:03.0310 5968 HidIr - ok
10:24:03.0352 5968 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
10:24:03.0359 5968 HidUsb - ok
10:24:03.0402 5968 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
10:24:03.0413 5968 HpCISSs - ok
10:24:03.0440 5968 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
10:24:03.0449 5968 hpdskflt - ok
10:24:03.0473 5968 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
10:24:03.0483 5968 HpqKbFiltr - ok
10:24:03.0545 5968 HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
10:24:03.0578 5968 HTTP - ok
10:24:03.0609 5968 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
10:24:03.0620 5968 i2omp - ok
10:24:03.0662 5968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
10:24:03.0676 5968 i8042prt - ok
10:24:03.0741 5968 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\windows\system32\drivers\iastor.sys
10:24:03.0748 5968 iaStor - ok
10:24:03.0774 5968 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
10:24:03.0795 5968 iaStorV - ok
10:24:03.0906 5968 igfx (6fb1858d1f0923d122b0331865695041) C:\windows\system32\DRIVERS\igdkmd32.sys
10:24:04.0004 5968 igfx - ok
10:24:04.0024 5968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
10:24:04.0035 5968 iirsp - ok
10:24:04.0107 5968 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
10:24:04.0117 5968 intelide - ok
10:24:04.0136 5968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
10:24:04.0138 5968 intelppm - ok
10:24:04.0173 5968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:24:04.0183 5968 IpFilterDriver - ok
10:24:04.0206 5968 IpInIp - ok
10:24:04.0228 5968 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
10:24:04.0242 5968 IPMIDRV - ok
10:24:04.0272 5968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
10:24:04.0286 5968 IPNAT - ok
10:24:04.0310 5968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
10:24:04.0317 5968 IRENUM - ok
10:24:04.0330 5968 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
10:24:04.0347 5968 isapnp - ok
10:24:04.0386 5968 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
10:24:04.0390 5968 iScsiPrt - ok
10:24:04.0412 5968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
10:24:04.0424 5968 iteatapi - ok
10:24:04.0440 5968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
10:24:04.0453 5968 iteraid - ok
10:24:04.0472 5968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
10:24:04.0484 5968 kbdclass - ok
10:24:04.0523 5968 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
10:24:04.0531 5968 kbdhid - ok
10:24:04.0598 5968 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
10:24:04.0638 5968 KSecDD - ok
10:24:04.0702 5968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
10:24:04.0716 5968 lltdio - ok
10:24:04.0768 5968 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
10:24:04.0786 5968 LSI_FC - ok
10:24:04.0803 5968 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
10:24:04.0819 5968 LSI_SAS - ok
10:24:04.0841 5968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
10:24:04.0856 5968 LSI_SCSI - ok
10:24:04.0876 5968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
10:24:04.0878 5968 luafv - ok
10:24:04.0904 5968 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
10:24:04.0915 5968 megasas - ok
10:24:04.0949 5968 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
10:24:04.0985 5968 MegaSR - ok
10:24:05.0032 5968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
10:24:05.0034 5968 Modem - ok
10:24:05.0062 5968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
10:24:05.0064 5968 monitor - ok
10:24:05.0079 5968 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
10:24:05.0092 5968 mouclass - ok
10:24:05.0136 5968 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
10:24:05.0143 5968 mouhid - ok
10:24:05.0158 5968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
10:24:05.0172 5968 MountMgr - ok
10:24:05.0196 5968 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
10:24:05.0214 5968 mpio - ok
10:24:05.0239 5968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
10:24:05.0251 5968 mpsdrv - ok
10:24:05.0268 5968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
10:24:05.0283 5968 Mraid35x - ok
10:24:05.0314 5968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
10:24:05.0332 5968 MRxDAV - ok
10:24:05.0379 5968 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\windows\system32\DRIVERS\mrxsmb.sys
10:24:05.0392 5968 mrxsmb - ok
10:24:05.0436 5968 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:24:05.0460 5968 mrxsmb10 - ok
10:24:05.0476 5968 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:24:05.0488 5968 mrxsmb20 - ok
10:24:05.0501 5968 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
10:24:05.0515 5968 msahci - ok
10:24:05.0534 5968 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
10:24:05.0551 5968 msdsm - ok
10:24:05.0587 5968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
10:24:05.0596 5968 Msfs - ok
10:24:05.0618 5968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
10:24:05.0629 5968 msisadrv - ok
10:24:05.0671 5968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
10:24:05.0678 5968 MSKSSRV - ok
10:24:05.0704 5968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
10:24:05.0711 5968 MSPCLOCK - ok
10:24:05.0738 5968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
10:24:05.0745 5968 MSPQM - ok
10:24:05.0783 5968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
10:24:05.0800 5968 MsRPC - ok
10:24:05.0823 5968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
10:24:05.0825 5968 mssmbios - ok
10:24:05.0851 5968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
10:24:05.0857 5968 MSTEE - ok
10:24:05.0890 5968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
10:24:05.0903 5968 Mup - ok
10:24:05.0938 5968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
10:24:05.0953 5968 NativeWifiP - ok
10:24:06.0005 5968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
10:24:06.0015 5968 NDIS - ok
10:24:06.0038 5968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
10:24:06.0047 5968 NdisTapi - ok
10:24:06.0100 5968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
10:24:06.0109 5968 Ndisuio - ok
10:24:06.0131 5968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
10:24:06.0148 5968 NdisWan - ok
10:24:06.0163 5968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
10:24:06.0174 5968 NDProxy - ok
10:24:06.0227 5968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
10:24:06.0237 5968 NetBIOS - ok
10:24:06.0264 5968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
10:24:06.0284 5968 netbt - ok
10:24:06.0457 5968 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\windows\system32\DRIVERS\NETw5v32.sys
10:24:06.0621 5968 NETw5v32 - ok
10:24:06.0636 5968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
10:24:06.0649 5968 nfrd960 - ok
10:24:06.0677 5968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
10:24:06.0688 5968 Npfs - ok
10:24:06.0710 5968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
10:24:06.0720 5968 nsiproxy - ok
10:24:06.0778 5968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
10:24:06.0857 5968 Ntfs - ok
10:24:06.0882 5968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
10:24:06.0890 5968 ntrigdigi - ok
10:24:06.0918 5968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
10:24:06.0924 5968 Null - ok
10:24:06.0942 5968 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
10:24:06.0960 5968 nvraid - ok
10:24:06.0983 5968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
10:24:06.0995 5968 nvstor - ok
10:24:07.0019 5968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
10:24:07.0039 5968 nv_agp - ok
10:24:07.0050 5968 NwlnkFlt - ok
10:24:07.0067 5968 NwlnkFwd - ok
10:24:07.0122 5968 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\windows\system32\DRIVERS\ohci1394.sys
10:24:07.0123 5968 ohci1394 - ok
10:24:07.0196 5968 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
10:24:07.0208 5968 Parport - ok
10:24:07.0238 5968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
10:24:07.0252 5968 partmgr - ok
10:24:07.0280 5968 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
10:24:07.0287 5968 Parvdm - ok
10:24:07.0327 5968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
10:24:07.0351 5968 pci - ok
10:24:07.0375 5968 pciide (1636d43f10416aeb483bc6001097b26c) C:\windows\system32\drivers\pciide.sys
10:24:07.0385 5968 pciide - ok
10:24:07.0431 5968 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\windows\system32\DRIVERS\pcmcia.sys
10:24:07.0453 5968 pcmcia - ok
10:24:07.0510 5968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
10:24:07.0581 5968 PEAUTH - ok
10:24:07.0688 5968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
10:24:07.0700 5968 PptpMiniport - ok
10:24:07.0726 5968 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
10:24:07.0738 5968 Processor - ok
10:24:07.0778 5968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
10:24:07.0791 5968 PSched - ok
10:24:07.0843 5968 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
10:24:07.0907 5968 ql2300 - ok
10:24:07.0923 5968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
10:24:07.0939 5968 ql40xx - ok
10:24:07.0971 5968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
10:24:07.0980 5968 QWAVEdrv - ok
10:24:08.0002 5968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
10:24:08.0010 5968 RasAcd - ok
10:24:08.0049 5968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
10:24:08.0063 5968 Rasl2tp - ok
10:24:08.0100 5968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
10:24:08.0111 5968 RasPppoe - ok
10:24:08.0131 5968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
10:24:08.0145 5968 RasSstp - ok
10:24:08.0175 5968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
10:24:08.0202 5968 rdbss - ok
10:24:08.0233 5968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
10:24:08.0240 5968 RDPCDD - ok
10:24:08.0287 5968 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\windows\system32\DRIVERS\rdpdr.sys
10:24:08.0310 5968 rdpdr - ok
10:24:08.0322 5968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
10:24:08.0330 5968 RDPENCDD - ok
10:24:08.0373 5968 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
10:24:08.0390 5968 RDPWD - ok
10:24:08.0438 5968 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\windows\system32\DRIVERS\rfcomm.sys
10:24:08.0448 5968 RFCOMM - ok
10:24:08.0480 5968 rimmptsk (1ae404944293c90ad690c5a0c4e9c75e) C:\windows\system32\DRIVERS\rimmptsk.sys
10:24:08.0490 5968 rimmptsk - ok
10:24:08.0521 5968 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\windows\system32\DRIVERS\rismc32.sys
10:24:08.0533 5968 rismc32 - ok
10:24:08.0572 5968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
10:24:08.0583 5968 rspndr - ok
10:24:08.0606 5968 RsvLock (c0ef0f85c03e57686973932b6e46b172) C:\windows\system32\drivers\RsvLock.sys
10:24:08.0616 5968 RsvLock - ok
10:24:08.0643 5968 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\windows\system32\drivers\SafeBoot.sys
10:24:08.0643 5968 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
10:24:08.0644 5968 SafeBoot ( LockedFile.Multi.Generic ) - warning
10:24:08.0644 5968 SafeBoot - detected LockedFile.Multi.Generic (1)
10:24:08.0675 5968 SbAlg (5f1a459d5dd0feafb430328123be2836) C:\windows\system32\drivers\SbAlg.sys
10:24:08.0692 5968 SbAlg - ok
10:24:08.0710 5968 SbFsLock (10cc92eab610dfe1e5bd68a38c76256b) C:\windows\system32\drivers\SbFsLock.sys
10:24:08.0718 5968 SbFsLock - ok
10:24:08.0737 5968 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
10:24:08.0753 5968 sbp2port - ok
10:24:08.0809 5968 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\windows\system32\DRIVERS\sdbus.sys
10:24:08.0822 5968 sdbus - ok
10:24:08.0843 5968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:24:08.0853 5968 secdrv - ok
10:24:08.0893 5968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\DRIVERS\serenum.sys
10:24:08.0901 5968 Serenum - ok
10:24:08.0941 5968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\DRIVERS\serial.sys
10:24:08.0956 5968 Serial - ok
10:24:08.0983 5968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
10:24:08.0992 5968 sermouse - ok
10:24:09.0040 5968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
10:24:09.0047 5968 sffdisk - ok
10:24:09.0071 5968 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
10:24:09.0080 5968 sffp_mmc - ok
10:24:09.0097 5968 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
10:24:09.0105 5968 sffp_sd - ok
10:24:09.0125 5968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
10:24:09.0133 5968 sfloppy - ok
10:24:09.0173 5968 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
10:24:09.0186 5968 sisagp - ok
10:24:09.0209 5968 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
10:24:09.0220 5968 SiSRaid2 - ok
10:24:09.0235 5968 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
10:24:09.0255 5968 SiSRaid4 - ok
10:24:09.0309 5968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
10:24:09.0321 5968 Smb - ok
10:24:09.0434 5968 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
10:24:09.0526 5968 SNP2UVC - ok
10:24:09.0557 5968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
10:24:09.0568 5968 spldr - ok
10:24:09.0634 5968 srv (41987f9fc0e61adf54f581e15029ad91) C:\windows\system32\DRIVERS\srv.sys
10:24:09.0660 5968 srv - ok
10:24:09.0687 5968 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\windows\system32\DRIVERS\srv2.sys
10:24:09.0704 5968 srv2 - ok
10:24:09.0720 5968 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\windows\system32\DRIVERS\srvnet.sys
10:24:09.0738 5968 srvnet - ok
10:24:09.0781 5968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
10:24:09.0791 5968 ssmdrv - ok
10:24:09.0825 5968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
10:24:09.0834 5968 swenum - ok
10:24:09.0857 5968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
10:24:09.0870 5968 Symc8xx - ok
10:24:09.0903 5968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
10:24:09.0914 5968 Sym_hi - ok
10:24:09.0937 5968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
10:24:09.0948 5968 Sym_u3 - ok
10:24:10.0000 5968 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
10:24:10.0020 5968 SynTP - ok
10:24:10.0110 5968 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\windows\system32\drivers\tcpip.sys
10:24:10.0182 5968 Tcpip - ok
10:24:10.0245 5968 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\windows\system32\DRIVERS\tcpip.sys
10:24:10.0260 5968 Tcpip6 - ok
10:24:10.0309 5968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
10:24:10.0318 5968 tcpipreg - ok
10:24:10.0348 5968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
10:24:10.0355 5968 TDPIPE - ok
10:24:10.0385 5968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
10:24:10.0394 5968 TDTCP - ok
10:24:10.0416 5968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
10:24:10.0430 5968 tdx - ok
10:24:10.0464 5968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
10:24:10.0476 5968 TermDD - ok
10:24:10.0527 5968 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
10:24:10.0539 5968 TPM - ok
10:24:10.0575 5968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
10:24:10.0583 5968 tssecsrv - ok
10:24:10.0618 5968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
10:24:10.0626 5968 tunmp - ok
10:24:10.0646 5968 tunnel (119b8184e106baedc83fce5ddf3950da) C:\windows\system32\DRIVERS\tunnel.sys
10:24:10.0649 5968 tunnel - ok
10:24:10.0679 5968 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
10:24:10.0692 5968 uagp35 - ok
10:24:10.0735 5968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
10:24:10.0760 5968 udfs - ok
10:24:10.0805 5968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
10:24:10.0820 5968 uliagpkx - ok
10:24:10.0849 5968 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
10:24:10.0874 5968 uliahci - ok
10:24:10.0897 5968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
10:24:10.0913 5968 UlSata - ok
10:24:10.0934 5968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
10:24:10.0949 5968 ulsata2 - ok
10:24:10.0973 5968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
10:24:10.0984 5968 umbus - ok
10:24:11.0044 5968 usbaudio (32db9517628ff0d070682aab61e688f0) C:\windows\system32\drivers\usbaudio.sys
10:24:11.0056 5968 usbaudio - ok
10:24:11.0081 5968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
10:24:11.0093 5968 usbccgp - ok
10:24:11.0122 5968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
10:24:11.0140 5968 usbcir - ok
10:24:11.0181 5968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
10:24:11.0190 5968 usbehci - ok
10:24:11.0232 5968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
10:24:11.0250 5968 usbhub - ok
10:24:11.0281 5968 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
10:24:11.0289 5968 usbohci - ok
10:24:11.0324 5968 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
10:24:11.0326 5968 usbprint - ok
10:24:11.0363 5968 usbscan (a508c9bd8724980512136b039bba65e9) C:\windows\system32\DRIVERS\usbscan.sys
10:24:11.0373 5968 usbscan - ok
10:24:11.0397 5968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:24:11.0399 5968 USBSTOR - ok
10:24:11.0425 5968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
10:24:11.0434 5968 usbuhci - ok
10:24:11.0455 5968 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
10:24:11.0470 5968 usbvideo - ok
10:24:11.0508 5968 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
10:24:11.0518 5968 vga - ok
10:24:11.0542 5968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
10:24:11.0550 5968 VgaSave - ok
10:24:11.0581 5968 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
10:24:11.0594 5968 viaagp - ok
10:24:11.0614 5968 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
10:24:11.0626 5968 ViaC7 - ok
10:24:11.0660 5968 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
10:24:11.0671 5968 viaide - ok
10:24:11.0702 5968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
10:24:11.0715 5968 volmgr - ok
10:24:11.0757 5968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
10:24:11.0783 5968 volmgrx - ok
10:24:11.0806 5968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
10:24:11.0828 5968 volsnap - ok
10:24:11.0856 5968 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
10:24:11.0876 5968 vsmraid - ok
10:24:11.0921 5968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
10:24:11.0931 5968 WacomPen - ok
10:24:11.0954 5968 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
10:24:11.0965 5968 Wanarp - ok
10:24:11.0976 5968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
10:24:11.0978 5968 Wanarpv6 - ok
10:24:12.0019 5968 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
10:24:12.0030 5968 Wd - ok
10:24:12.0067 5968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
10:24:12.0103 5968 Wdf01000 - ok
10:24:12.0237 5968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
10:24:12.0239 5968 WmiAcpi - ok
10:24:12.0298 5968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
10:24:12.0308 5968 WpdUsb - ok
10:24:12.0338 5968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
10:24:12.0346 5968 ws2ifsl - ok
10:24:12.0404 5968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
10:24:12.0416 5968 WUDFRd - ok
10:24:12.0466 5968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:24:12.0521 5968 \Device\Harddisk0\DR0 - ok
10:24:12.0528 5968 Boot (0x1200) (a1876755f2c5fdc3d1673befecfcabb7) \Device\Harddisk0\DR0\Partition0
10:24:12.0530 5968 \Device\Harddisk0\DR0\Partition0 - ok
10:24:12.0566 5968 Boot (0x1200) (9c104b37f03739f336649c8408073c9d) \Device\Harddisk0\DR0\Partition1
10:24:12.0567 5968 \Device\Harddisk0\DR0\Partition1 - ok
10:24:12.0583 5968 Boot (0x1200) (9b0db22242526e384824e068da039056) \Device\Harddisk0\DR0\Partition2
10:24:12.0584 5968 \Device\Harddisk0\DR0\Partition2 - ok
10:24:12.0588 5968 ============================================================
10:24:12.0588 5968 Scan finished
10:24:12.0588 5968 ============================================================
10:24:12.0608 2616 Detected object count: 1
10:24:12.0608 2616 Actual detected object count: 1
10:24:52.0663 2616 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
10:24:52.0663 2616 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
10:25:02.0155 3864 Deinitialize success


======================================================================

OTL-TXT:
OTL logfile created on: 12.01.2012 10:30:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,90 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 60,20% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 48,32 Gb Free Space | 21,68% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,34 Gb Free Space | 14,93% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 995,36 Mb Free Space | 97,58% Space Free | Partition Type: FAT32

Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.12 10:26:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.07.21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.06.29 05:53:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 14:12:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.08 20:17:46 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.04 06:59:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.21 00:37:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.06.21 00:37:24 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.06.10 19:21:16 | 000,238,896 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008.06.10 19:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.06.06 01:07:52 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.06.03 03:38:36 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008.06.03 03:38:30 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2008.06.02 21:11:34 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.15 23:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) -- c:\Programme\Fingerprint Sensor\AtService.exe
PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2007.12.11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 16:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.13 15:38:05 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 15:33:41 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 15:33:12 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.08 20:18:26 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.12.08 20:17:46 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.03.29 20:42:14 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.06.29 05:53:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:12:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.21 00:37:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.10 19:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.06.06 01:07:52 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.06.03 03:38:36 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008.06.03 03:38:30 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008.06.02 21:06:56 | 000,112,400 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.06.02 21:06:50 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.15 23:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Programme\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 16:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)


========== Driver Services (SafeList) ==========

DRV - [2011.06.29 05:53:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 05:53:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.06 01:08:44 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.06.06 01:08:42 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.06.06 01:08:40 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.06.06 01:08:38 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.15 21:29:32 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008.05.08 08:32:14 | 000,046,080 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.08 03:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.08 03:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.27 20:39:58 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008.03.26 23:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 03:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.12.20 10:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.uzh.ch/
IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Users\Philipp\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011.05.19 12:38:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://idlmail08.lotus.uzh.ch/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E69FD266-8496-4DC1-B24B-C0792CE34904}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) -C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) -C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) -C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Philipp\Pictures\Wochenende 1. Advent 2006 001.jpg
O24 - Desktop BackupWallPaper: C:\Users\Philipp\Pictures\Wochenende 1. Advent 2006 001.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.12 10:26:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.01.12 10:23:23 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe
[2012.01.12 09:34:19 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9D45000C-BC89-4257-A0FF-4D1F6C3CE714}
[2012.01.12 09:34:07 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{7AC9C94C-A860-4C9A-8EC7-6B6A1482E767}
[2012.01.11 11:11:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciseq.dll
[2012.01.11 11:10:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012.01.11 11:09:37 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012.01.11 11:08:31 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012.01.11 11:08:30 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012.01.11 09:31:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{DD7007BA-92FB-48C9-A048-879C003B6DE2}
[2012.01.11 09:31:05 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{2A69B9B7-312F-41E4-B760-FEBEAF4C6AEE}
[2012.01.10 15:36:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{44277C99-5F8A-4A37-BC91-CB352205E9DE}
[2012.01.10 15:36:36 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{591E7677-F28F-4806-B0E0-5B54A784CB96}
[2012.01.10 09:16:44 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{DFEDA5D9-50D0-4BD8-A77B-6FDE4D2DFDE2}
[2012.01.10 09:16:33 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{B5CF66B8-2BC4-4FAD-8490-65D5AC1D7659}
[2012.01.09 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{244CC470-BF60-446A-AAD9-4E565A47E866}
[2012.01.09 12:32:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9D0A0169-905D-4F29-9BE1-B1C3C255DA55}
[2012.01.08 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{75174F22-5541-4D7B-8553-1AF545E9CF7B}
[2012.01.08 19:31:12 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9A2FEEA4-DEDC-4F7E-BBBE-A67F06625237}
[2012.01.08 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\MFchi
[2012.01.07 08:43:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{ED1214F5-B794-4586-9171-A04E238038CD}
[2012.01.07 08:43:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{8DB5A7A5-6CED-4779-8D91-915AC7C6912A}
[2012.01.06 15:42:07 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{12A9FEA5-386E-44E8-B930-05D15D69788A}
[2012.01.06 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{C706285C-4A1F-4C80-939F-EDA70C72B341}
[2012.01.05 12:26:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{F4DF812D-4714-42EA-9D27-5F81A894F183}
[2012.01.05 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{C4FC283B-FAFC-45EA-A476-081C9BAB7F5D}
[2012.01.04 23:22:59 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{322D3C69-1EAA-4BB1-80EF-5AB53C255015}
[2012.01.04 23:22:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9241E61E-B561-4076-AB16-8B3107C48134}
[2012.01.04 19:53:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\dds.scr
[2012.01.04 12:46:07 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{7399D53B-42EA-423E-9E77-016ABFF20332}
[2012.01.04 12:45:57 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{EA70005F-AFBB-44D7-976E-3A80F3ABDD4C}
[2012.01.04 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{2AF6F130-34AD-4B79-B6A1-7D942B0B15E1}
[2012.01.04 09:12:57 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{489DEC0D-65FC-4375-ABD5-293DAFEE5B86}
[2012.01.04 00:06:36 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Tim Bendzko - Nur Noch Kurz Die Welt Retten (Official Video)_data
[2012.01.03 22:16:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Audacity
[2012.01.03 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2012.01.03 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{0D6DF6E4-FABD-46C6-90B7-85A0E97C5A57}
[2012.01.03 11:52:57 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{D5C3F6DD-442D-453A-A33F-A0E446137835}
[2012.01.02 03:00:24 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{3998F65D-6316-4A11-8A4B-F01FD748FC8C}
[2012.01.02 03:00:10 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{22DA2D2A-AC0D-4EE5-853D-507AA2B8120B}
[2012.01.01 04:14:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{53599D04-D386-48FB-9AF2-548FB9072A66}
[2012.01.01 04:14:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{7F0BB10F-EC46-4EFF-8EB8-B668D1051E6F}
[2011.12.30 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Brandhölzler
[2011.12.30 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{6CA49BFA-3A9B-4F29-AA42-C805CF51330F}
[2011.12.30 09:26:05 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{026334C4-48E7-4C7B-9BAF-8B47D18DF1DB}
[2011.12.30 08:24:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\capella
[2011.12.29 08:28:24 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{082C855B-2C8E-4004-A1F7-4BA063150DA3}
[2011.12.29 08:28:14 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{8486D5AB-5B7E-4EFC-8B11-F082E83FCFA2}
[2011.12.28 10:24:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{4A87E10B-E25B-4B5E-8CAD-4FEC7A046EB0}
[2011.12.28 10:24:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{64D72669-C3FD-4C6C-8A3E-91CB62D11C4C}
[2011.12.27 16:59:09 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{147DBEEC-056A-49A0-9839-1A5FFCA4C463}
[2011.12.27 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{A94EE76B-D24E-416C-8F8D-8BC47B5F47EE}
[2011.12.26 13:58:18 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{C9845FDC-B593-4EC8-8B5E-0ED65649347B}
[2011.12.26 13:58:08 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{7FF33556-F048-49B5-939F-90E82FB8218E}
[2011.12.25 16:51:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{99C4E6D9-4D5C-49E4-BA10-E703E8D17C5F}
[2011.12.25 16:50:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{341CF778-0EB4-4121-9497-CFCC64F4CA8D}
[2011.12.23 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\CD-LabelPrint
[2011.12.23 16:38:23 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{577923A7-520B-4E4F-94DC-6C7D733112BF}
[2011.12.23 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{046B9E8D-68CC-45D2-89CD-D610E849DFE7}
[2011.12.22 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{061A7FC2-C572-4D95-8CE6-68DAD2A2B47D}
[2011.12.22 16:32:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{56F85A82-14B0-447D-BEB5-D099812B7D4A}
[2011.12.21 22:31:41 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{023DEA77-5B81-4615-8354-8DA3BD3BD1C8}
[2011.12.21 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{1C30C29E-13FE-496E-99C5-9C65B106B1E8}
[2011.12.20 14:57:13 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{8E402F3C-CDBE-4C6A-AD24-4B28A611C4D7}
[2011.12.20 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{BF4B4285-8E70-4B6C-83CC-F58CA7BBF871}
[2011.12.19 11:05:05 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{E7532DD0-2773-48DC-8FE4-907452F87B04}
[2011.12.19 11:04:54 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{399AE9D0-863E-427C-B2B8-9E5CF0313E0B}
[2011.12.18 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{AF1016CE-5E94-413D-A916-0EF49625F655}
[2011.12.18 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{232A83B3-BE28-4F53-B0D5-CE9B2036E6BC}
[2011.12.17 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{707587E6-644D-4F01-B18A-D7ADF3BF06FD}
[2011.12.17 10:59:21 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{3BBED02E-93E8-4010-9CA3-05B460AAF52E}
[2011.12.16 10:04:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{8A13B6C4-3FB3-4055-B57A-F7644ADDFEF5}
[2011.12.16 10:04:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9BCD71B9-6E03-414B-9F21-981D6AE0FB24}
[2011.12.15 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{B4312DEF-EF83-41C5-8CE0-E0C6F181F30D}
[2011.12.15 23:21:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{EB6D4C39-4627-4E25-8C1E-D1B9D058543D}
[2011.12.15 09:31:14 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{BB542C50-7770-49AE-83CD-413577AE8B9B}
[2011.12.15 09:31:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{16B4A539-8C85-498E-A646-B5C17CBBBB12}
[2011.12.14 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{401B261D-9AAF-4E30-B277-80234C28EB7A}
[2011.12.14 23:53:14 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{32450732-3C33-45AB-9260-41E72A09CB61}
[2011.12.14 23:39:05 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011.12.14 23:39:05 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011.12.14 23:39:03 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011.12.14 23:39:03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll
[2011.12.14 23:38:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2011.12.14 23:38:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011.12.14 23:38:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011.12.14 23:38:21 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011.12.14 23:38:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011.12.14 23:38:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011.12.14 23:38:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011.12.14 23:38:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011.12.14 23:38:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011.12.14 23:38:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011.12.14 23:38:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011.12.14 23:38:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011.12.14 23:38:19 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011.12.14 23:38:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011.12.14 23:38:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011.12.14 23:38:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011.12.14 23:38:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011.12.14 23:38:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011.12.14 23:38:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011.12.14 23:38:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011.12.13 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{0BDAA2AB-B239-4AE5-A728-E952C55C3D83}
[2011.12.13 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{B698C1C1-8165-4F0E-A807-1064FA6CF109}
[2010.10.11 22:48:07 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.10.11 22:48:06 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[122 C:\Users\Philipp\Desktop\*.tmp files -> C:\Users\Philipp\Desktop\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Philipp\Documents\*.tmp files -> C:\Users\Philipp\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.12 10:26:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.01.12 10:23:29 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe
[2012.01.12 10:14:08 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.12 10:13:07 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 10:13:07 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.12 10:12:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.12 10:12:37 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 09:07:02 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.12 00:41:19 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.01.11 17:19:00 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{CB254BC6-AF58-410C-B621-B7AA08168421}.job
[2012.01.04 19:53:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\dds.scr
[2012.01.04 00:06:38 | 000,011,623 | ---- | M] () -- C:\Users\Philipp\Desktop\Tim Bendzko - Nur Noch Kurz Die Welt Retten (Official Video).aup
[2012.01.03 22:16:33 | 000,000,941 | ---- | M] () -- C:\Users\Philipp\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012.01.03 22:16:26 | 006,110,720 | ---- | M] () -- C:\Users\Philipp\Desktop\Tim Bendzko - Nur Noch Kurz Die Welt Retten (Official Video).mp3
[2011.12.30 09:59:49 | 000,030,208 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.18 03:20:46 | 000,000,680 | ---- | M] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat
[2011.12.15 15:22:55 | 000,383,424 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[122 C:\Users\Philipp\Desktop\*.tmp files -> C:\Users\Philipp\Desktop\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Philipp\Documents\*.tmp files -> C:\Users\Philipp\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.04 00:06:36 | 000,011,623 | ---- | C] () -- C:\Users\Philipp\Desktop\Tim Bendzko - Nur Noch Kurz Die Welt Retten (Official Video).aup
[2012.01.03 22:16:33 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012.01.03 22:16:33 | 000,000,941 | ---- | C] () -- C:\Users\Philipp\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012.01.03 22:16:18 | 006,110,720 | ---- | C] () -- C:\Users\Philipp\Desktop\Tim Bendzko - Nur Noch Kurz Die Welt Retten (Official Video).mp3
[2011.12.17 17:24:25 | 000,000,680 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat
[2011.05.21 06:31:31 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011.05.19 11:50:23 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011.05.19 11:50:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011.05.19 11:50:23 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011.05.19 11:50:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011.05.19 11:50:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011.04.06 11:16:55 | 000,000,553 | ---- | C] () -- C:\windows\capella.INI
[2011.04.06 11:16:03 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.09 18:51:21 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
[2010.10.14 07:45:26 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010.10.13 11:00:31 | 000,030,208 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 09:39:36 | 000,062,976 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2010.10.13 09:39:28 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010.10.13 09:39:01 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2010.10.12 21:36:26 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2010.10.12 05:58:28 | 000,022,720 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2010.10.11 22:48:06 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.10.11 22:48:06 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.10.11 22:48:06 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009.08.21 20:05:50 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2008.06.13 03:59:22 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1502.dll
[2008.06.13 03:41:20 | 000,492,496 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2008.06.13 03:41:18 | 002,192,024 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2008.06.13 03:41:18 | 000,147,172 | ---- | C] () -- C:\windows\System32\igfcg550.bin
[2008.06.06 01:08:38 | 000,109,184 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.04.15 21:22:46 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2008.04.15 21:22:45 | 000,151,614 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2008.04.15 21:22:45 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2008.04.15 21:22:45 | 000,000,000 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006.11.02 13:47:43 | 000,383,424 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,629,760 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,115,516 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006.03.09 18:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.04 07:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998.05.07 12:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

< End of report >
======================================================================
Cyradon
Active Member
 
Posts: 5
Joined: January 4th, 2012, 3:00 pm

Re: PC slowing down because auf Babylon Search?

Unread postby Cyradon » January 12th, 2012, 5:56 am

OTL Extras logfile created on: 12.01.2012 10:30:13 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,90 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 60,20% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 48,32 Gb Free Space | 21,68% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,34 Gb Free Space | 14,93% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 995,36 Mb Free Space | 97,58% Space Free | Partition Type: FAT32

Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124D785A-05B1-4487-AB3C-9044421FBCED}" = rport=138 | protocol=17 | dir=out | app=system |
"{1499B292-6C9A-4B60-AC67-9A8F30CDDC46}" = rport=137 | protocol=17 | dir=out | app=system |
"{156D8CAF-DC64-46CC-A391-5F981623A286}" = lport=138 | protocol=17 | dir=in | app=system |
"{29E0E762-275A-4EF3-8F3B-023723A49EB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C408041B-BCC6-44F9-B9F8-80F78D6FFF43}" = lport=445 | protocol=6 | dir=in | app=system |
"{C739C380-F78A-4EF9-99A3-DCDA5612D092}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D190E348-0475-4C27-BF96-471FC93408C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D195E871-C135-4ED5-A5B8-1B6AA88C3063}" = lport=137 | protocol=17 | dir=in | app=system |
"{D85DB66E-3AE4-4DC1-BC6B-0C75B529BCCA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DB2FFF60-CDD2-48FE-8AD0-A660EF9CAA7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{DCA9A8C8-50E2-4C0A-9320-134A8CE7ADD0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E165645E-41B2-4E6A-8E5C-93587DE46205}" = rport=139 | protocol=6 | dir=out | app=system |
"{F47CFB83-988F-4395-B3F2-98CF7A2AF808}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05283FDD-4DA1-46CC-9992-4CC12E6923A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0755CBE4-D6B8-455E-B2DE-9725A93B1356}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B1A3730-577B-4351-B926-EA2A0DAF4143}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1A802570-57E2-4E1C-8E65-6BD14AD1841D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{249785C2-AA29-48C9-96B8-806A55434CA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{309B32B8-0395-47F0-9371-E2972C17CA65}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{333A884D-0563-4828-9C8C-D642D4F6B580}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{34AC7414-01C7-4E40-B8A8-BEB635E0A403}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3DFCEE33-CEE5-4500-A43F-66CF0B81B7C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{529E6635-E55C-4213-8414-2427F17179FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{757D0FD0-61E9-461D-A396-C43010E85D71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8383F0CB-DEBB-4818-9A66-A9A0FCA8A13D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{86AE5B07-56F5-4C3D-819B-FA2E2A6049F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{93AB0488-3721-4A85-82B0-D077F454907E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9855DDF9-4C41-4130-A0B2-6C743C105695}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{A74A0521-F018-4291-BDA0-213E146C2D85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{AA7CE3EB-722C-496D-9BA3-50F6C3A217DF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{B154E01F-CF4E-4CD6-A786-C6CB7F2C5B75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B18B32E1-EF13-40DE-9198-495D73CAD725}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B32A43A9-AB34-4FED-A43B-E2FB13E8B5CE}" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |
"{BDF8D788-1237-4E61-BA7B-ACB5DED0C6B0}" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF8C04C5-0577-4438-9C46-BE21016D52EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{C0D33533-7786-45B0-B8AA-8AE86FC42052}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C78418C0-E46E-4589-AAA0-09AEF378D17A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D13917C2-111C-4388-A4B8-CEC17BC81DBC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{E3C93E91-0CEC-42DB-9674-6E8555A125D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E49762BF-1C78-45F1-B709-BDF17F7C779B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{5AF47DC4-F596-4D02-98C4-2AE967003D01}C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5DE5BF8A-7FBB-440A-B4FE-E459A1677E85}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{A4049135-AB04-4847-9A7B-76242CDBED8E}C:\users\philipp\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{D4E8E0F3-F0FA-4940-823A-C73760E58531}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DE77423E-6DC2-49CC-9FC4-9804CEF5C6D3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{5C5E9FD2-D005-4DC7-8174-22C89CC048C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{600EE1D9-77F7-4475-AD7B-549C3DAFF749}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{68DFBD4F-A5CB-4A1C-A581-AB4F0EA2B5AC}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"UDP Query User{8A36BC46-7914-4453-960C-70DEFB61E313}C:\users\philipp\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{A8D58F22-727C-42C4-B8A9-FFF70775CFA7}C:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FCA0973-24C0-48EA-8CF6-71B53C135C09}" = Microsoft Office Communicator 2007
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}" = Presto! BizCard 5
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{48DC0314-8310-4D35-B52D-878B5255F26A}" = HP JavaCard for HP ProtectTools
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{583C712B-884A-424A-9DAC-F169C73FB275}" = Credential Manager for HP ProtectTools
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BABB0C8-90D8-4622-A073-18C710458031}" = capella 7
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A1F9988-F56D-4D70-B759-3189B56EB1B2}" = HP User Guides 0098
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43F0316-CAA1-45C3-AAA7-B2E52D7AE8CA}" = HP ProtectTools Security Manager
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F42A52C4-FCDE-4D9D-9FD4-D004B4E5F08D}" = Presto! BizCard 5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB05CD66-D5EC-4B2A-8C6C-D434133323F4}" = Drive Encryption for HP ProtectTools
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99461}" = AuthenTec Fingerprint System
"2782-5692-2498-9935" = Steuer 2010 11.0.1
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HP QuickLook 2_is1" = HP QuickLook 2
"IrfanView" = IrfanView (remove only)
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"VUPlayer" = VUPlayer
"WinLiveSuite" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003-Setup-Start

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-285388904-2522916759-3500499248-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
======================================================================


There are no changes, the "Babylon search" page is still showing when opening a second explorer window, the pace of the laptop ist still lowered, it seems to me.

Thanks for looking at the logs!
Have a good day.

Phil
Cyradon
Active Member
 
Posts: 5
Joined: January 4th, 2012, 3:00 pm

Re: PC slowing down because auf Babylon Search?

Unread postby pgmigg » January 13th, 2012, 11:28 am

Hello Cyradon,

Good job! :D
Let continue our treatment...

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before each of my instructions sets...

Step 0.
Create System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click on Start -> Control Panel and depends on View by selection in upper right corner:
    • If Category - click on Uninstall Programs.
    • If Icons - click on Programs and Features.
  2. Locate the following program:
    Conduit Engine
    Java(TM) 6 Update 24
    Softonic Deutsch FF Toolbar
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled, please close Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-285388904-2522916759-3500499248-1003\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    
    :Files
    C:\Program Files\BabylonToolbar
    C:\Programme\ConduitEngine
    C:\Users\Philipp\Desktop\*.tmp
    C:\windows\System32\*.tmp
    C:\Users\Philipp\Documents\*.tmp
    C:\Users\Philipp\AppData\Local\{DD7007BA-92FB-48C9-A048-879C003B6DE2}
    C:\Users\Philipp\AppData\Local\{2A69B9B7-312F-41E4-B760-FEBEAF4C6AEE}
    C:\Users\Philipp\AppData\Local\{44277C99-5F8A-4A37-BC91-CB352205E9DE}
    C:\Users\Philipp\AppData\Local\{591E7677-F28F-4806-B0E0-5B54A784CB96}
    C:\Users\Philipp\AppData\Local\{DFEDA5D9-50D0-4BD8-A77B-6FDE4D2DFDE2}
    C:\Users\Philipp\AppData\Local\{B5CF66B8-2BC4-4FAD-8490-65D5AC1D7659}
    C:\Users\Philipp\AppData\Local\{244CC470-BF60-446A-AAD9-4E565A47E866}
    C:\Users\Philipp\AppData\Local\{9D0A0169-905D-4F29-9BE1-B1C3C255DA55}
    C:\Users\Philipp\AppData\Local\{75174F22-5541-4D7B-8553-1AF545E9CF7B}
    C:\Users\Philipp\AppData\Local\{9A2FEEA4-DEDC-4F7E-BBBE-A67F06625237}
    C:\Users\Philipp\AppData\Local\{ED1214F5-B794-4586-9171-A04E238038CD}
    C:\Users\Philipp\AppData\Local\{8DB5A7A5-6CED-4779-8D91-915AC7C6912A}
    C:\Users\Philipp\AppData\Local\{12A9FEA5-386E-44E8-B930-05D15D69788A}
    C:\Users\Philipp\AppData\Local\{C706285C-4A1F-4C80-939F-EDA70C72B341}
    C:\Users\Philipp\AppData\Local\{F4DF812D-4714-42EA-9D27-5F81A894F183}
    C:\Users\Philipp\AppData\Local\{C4FC283B-FAFC-45EA-A476-081C9BAB7F5D}
    C:\Users\Philipp\AppData\Local\{322D3C69-1EAA-4BB1-80EF-5AB53C255015}
    C:\Users\Philipp\AppData\Local\{9241E61E-B561-4076-AB16-8B3107C48134}
    C:\Users\Philipp\AppData\Local\{7399D53B-42EA-423E-9E77-016ABFF20332}
    C:\Users\Philipp\AppData\Local\{EA70005F-AFBB-44D7-976E-3A80F3ABDD4C}
    C:\Users\Philipp\AppData\Local\{2AF6F130-34AD-4B79-B6A1-7D942B0B15E1}
    C:\Users\Philipp\AppData\Local\{489DEC0D-65FC-4375-ABD5-293DAFEE5B86}
    C:\Users\Philipp\AppData\Local\{0D6DF6E4-FABD-46C6-90B7-85A0E97C5A57}
    C:\Users\Philipp\AppData\Local\{D5C3F6DD-442D-453A-A33F-A0E446137835}
    C:\Users\Philipp\AppData\Local\{3998F65D-6316-4A11-8A4B-F01FD748FC8C}
    C:\Users\Philipp\AppData\Local\{22DA2D2A-AC0D-4EE5-853D-507AA2B8120B}
    C:\Users\Philipp\AppData\Local\{53599D04-D386-48FB-9AF2-548FB9072A66}
    C:\Users\Philipp\AppData\Local\{7F0BB10F-EC46-4EFF-8EB8-B668D1051E6F}
    C:\Users\Philipp\AppData\Local\{6CA49BFA-3A9B-4F29-AA42-C805CF51330F}
    C:\Users\Philipp\AppData\Local\{026334C4-48E7-4C7B-9BAF-8B47D18DF1DB}
    C:\Users\Philipp\AppData\Local\{082C855B-2C8E-4004-A1F7-4BA063150DA3}
    C:\Users\Philipp\AppData\Local\{8486D5AB-5B7E-4EFC-8B11-F082E83FCFA2}
    C:\Users\Philipp\AppData\Local\{4A87E10B-E25B-4B5E-8CAD-4FEC7A046EB0}
    C:\Users\Philipp\AppData\Local\{64D72669-C3FD-4C6C-8A3E-91CB62D11C4C}
    C:\Users\Philipp\AppData\Local\{147DBEEC-056A-49A0-9839-1A5FFCA4C463}
    C:\Users\Philipp\AppData\Local\{A94EE76B-D24E-416C-8F8D-8BC47B5F47EE}
    C:\Users\Philipp\AppData\Local\{C9845FDC-B593-4EC8-8B5E-0ED65649347B}
    C:\Users\Philipp\AppData\Local\{7FF33556-F048-49B5-939F-90E82FB8218E}
    C:\Users\Philipp\AppData\Local\{99C4E6D9-4D5C-49E4-BA10-E703E8D17C5F}
    C:\Users\Philipp\AppData\Local\{341CF778-0EB4-4121-9497-CFCC64F4CA8D}
    C:\Users\Philipp\AppData\Local\{577923A7-520B-4E4F-94DC-6C7D733112BF}
    C:\Users\Philipp\AppData\Local\{046B9E8D-68CC-45D2-89CD-D610E849DFE7}
    C:\Users\Philipp\AppData\Local\{061A7FC2-C572-4D95-8CE6-68DAD2A2B47D}
    C:\Users\Philipp\AppData\Local\{56F85A82-14B0-447D-BEB5-D099812B7D4A}
    C:\Users\Philipp\AppData\Local\{023DEA77-5B81-4615-8354-8DA3BD3BD1C8}
    C:\Users\Philipp\AppData\Local\{1C30C29E-13FE-496E-99C5-9C65B106B1E8}
    C:\Users\Philipp\AppData\Local\{8E402F3C-CDBE-4C6A-AD24-4B28A611C4D7}
    C:\Users\Philipp\AppData\Local\{BF4B4285-8E70-4B6C-83CC-F58CA7BBF871}
    C:\Users\Philipp\AppData\Local\{E7532DD0-2773-48DC-8FE4-907452F87B04}
    C:\Users\Philipp\AppData\Local\{399AE9D0-863E-427C-B2B8-9E5CF0313E0B}
    C:\Users\Philipp\AppData\Local\{AF1016CE-5E94-413D-A916-0EF49625F655}
    C:\Users\Philipp\AppData\Local\{232A83B3-BE28-4F53-B0D5-CE9B2036E6BC}
    C:\Users\Philipp\AppData\Local\{707587E6-644D-4F01-B18A-D7ADF3BF06FD}
    C:\Users\Philipp\AppData\Local\{3BBED02E-93E8-4010-9CA3-05B460AAF52E}
    C:\Users\Philipp\AppData\Local\{8A13B6C4-3FB3-4055-B57A-F7644ADDFEF5}
    C:\Users\Philipp\AppData\Local\{9BCD71B9-6E03-414B-9F21-981D6AE0FB24}
    C:\Users\Philipp\AppData\Local\{B4312DEF-EF83-41C5-8CE0-E0C6F181F30D}
    C:\Users\Philipp\AppData\Local\{EB6D4C39-4627-4E25-8C1E-D1B9D058543D}
    C:\Users\Philipp\AppData\Local\{BB542C50-7770-49AE-83CD-413577AE8B9B}
    C:\Users\Philipp\AppData\Local\{16B4A539-8C85-498E-A646-B5C17CBBBB12}
    C:\Users\Philipp\AppData\Local\{401B261D-9AAF-4E30-B277-80234C28EB7A}
    C:\Users\Philipp\AppData\Local\{32450732-3C33-45AB-9260-41E72A09CB61}
    C:\Users\Philipp\AppData\Local\{0BDAA2AB-B239-4AE5-A728-E952C55C3D83}
    C:\Users\Philipp\AppData\Local\{B698C1C1-8165-4F0E-A807-1064FA6CF109}
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. When the scan completes, Notepad will open with the scan results located in C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  7. Please post the contents of report in your next reply.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix
  3. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC slowing down because auf Babylon Search?

Unread postby Cyradon » January 16th, 2012, 12:17 pm

Dear pgmigg

thanks a lot for your instructions. Step 0 was no problem, but I'm afraid that Step 1 didn't work:
I was able whitout problems to uninstall "Softonic", but the other two programs refused to be deleted:
- Conduit engine simply ignored my instruction when i clicked on "uninstall/change"
- Java(TM) 6 Update 24 openend a "update-window", which demanded to close first some other programs. I did that, but it also demanded to close the application called "start". But how am I supposed to close that one? What does it mean?

Since that didn't work, I renounced to go on. Perhaps you know what is going on?

Thank you for your patience and advice!

Phil
Cyradon
Active Member
 
Posts: 5
Joined: January 4th, 2012, 3:00 pm

Re: PC slowing down because auf Babylon Search?

Unread postby pgmigg » January 17th, 2012, 10:48 am

Hello Cyradon,
I was able whitout problems to uninstall "Softonic", but the other two programs refused to be deleted:
- Conduit engine simply ignored my instruction when i clicked on "uninstall/change"
- Java(TM) 6 Update 24 opened a "update-window", which demanded to close first some other programs.
Don't worry - it is possible that ConduitEngine ignored unistallation request - it is infection and such kind behavior is predictable.

Please proceed to steps 2 and 3. We will return to Java issue later.

I am waiting for OTL and ESET logs...

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: PC slowing down because auf Babylon Search?

Unread postby Cypher » January 20th, 2012, 12:19 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware