Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Regelmäßige Systemabstürze in verschiedensten Formen/Varianten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2013, 03:15   #1
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Ich kämpfe seit Wochen mit einem 'hängenden' System bis hin zu immer wieder vorkommenden Systemabstürzen (Blue Screen).

Mein Rechner arbeitet unter Windows 7, die Anwendungssysteme sind bestmöglich microsoft-frei, d.h. ich arbeite mit firefox, thunderbird oder openoffice.
Schon im 'Normalzustand' haben die Anwendungsprogramme immer mal wieder Hänger und geben den Status keine Rückmeldung wider. Meist ist das nach 5-10 Sekunden vorbei, manchmal dauert es 1, 2 Minuten und manchmal endet das mit Systemabstürzen.

Wie erbeten habe ich die 3 Routinen defogger, OTL und GMER durchgeführt und die log-Files erstellt (poste ich gleich). Danach wollte ich das System neustarten, dabei wurde das Windows-Systembild Herunterfahren angezeigt und nach 2-3 Minuten Bluescreen mit Verweis auf Crash Dump.

Ich hoffe, für eine erste Beurteilung reicht diese Beschreibung.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:13 on 06/05/2013 (xxx xxx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.05.2013 21:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 69,38% Memory free
5,75 Gb Paging File | 4,75 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 111,40 Gb Free Space | 69,04% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 96,49 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Drive F: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
PRC - [2013.04.10 09:15:58 | 027,151,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.19 09:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2008.03.13 19:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.23 08:05:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.03.23 07:40:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.03.23 07:40:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.23 07:40:29 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.03.23 07:40:28 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.03.23 07:39:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.23 07:39:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.23 07:39:10 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.03.23 07:39:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.23 07:38:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.23 07:38:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.23 07:38:44 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2010.11.13 02:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.05.21 22:52:22 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2007.02.06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013.05.06 20:13:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.19 17:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011.04.10 22:07:33 | 009,663,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.08.30 08:52:28 | 001,109,296 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.04.10 22:07:57 | 000,206,960 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2011.04.10 22:07:57 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2011.04.10 20:08:50 | 000,017,408 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 03:53:10 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.04.20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2008.04.24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008.03.07 13:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007.07.16 21:29:34 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007.07.16 21:29:24 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions
[2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B11ED7E-EF1E-4107-A178-D50876DA2159}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O32 - AutoRun File - [2008.03.13 22:39:50 | 000,000,070 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0902d1d5-fe50-11e1-bb0b-001e377be0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{0902d1d5-fe50-11e1-bb0b-001e377be0ec}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{20bb752a-0288-11e2-8455-001e377be0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{20bb752a-0288-11e2-8455-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{5bbd8249-42e6-11e2-b676-001e377be0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbd8249-42e6-11e2-b676-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{b80e9704-ff29-11e1-9bd4-001a4b92db6b}\Shell - "" = AutoRun
O33 - MountPoints2\{b80e9704-ff29-11e1-9bd4-001a4b92db6b}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{b80e9708-ff29-11e1-9bd4-001a4b92db6b}\Shell - "" = AutoRun
O33 - MountPoints2\{b80e9708-ff29-11e1-9bd4-001a4b92db6b}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{bd0196ef-fe7f-11e1-b499-001e377be0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0196ef-fe7f-11e1-b499-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.22 14:13:32 | 000,000,000 | -HSD | C] -- C:\found.002
[2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys
[2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys
[2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick
[2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox
[2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.05.06 20:01:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.06 20:01:05 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.06 20:01:05 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.06 20:01:05 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.06 20:01:05 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.06 19:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 19:53:33 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 19:52:13 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.21 18:28:07 | 373,567,763 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd10.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.05.06 19:52:13 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict
[2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.06 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox
[2012.10.29 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Haufe Mediengruppe
[2012.10.28 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Lexware
[2012.09.25 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\OpenOffice.org
[2012.10.24 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Thunderbird
[2012.09.14 17:33:01 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_5e87cca86cbd1bba752be44e854d9765306e2ee7d2f08af16077c77cede2fdb4
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_4834b3984f67aa5dcfda6d6bc9ddab2e424aa6a4b13ab4bf79e16f1d68f82380

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.05.2013 21:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 69,38% Memory free
5,75 Gb Paging File | 4,75 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 111,40 Gb Free Space | 69,04% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 96,49 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Drive F: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system | 
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2013 11:46:10 | Computer Name = xxxxxx | Source = RasClient | ID = 20227
Description = 
 
Error - 30.04.2013 11:48:22 | Computer Name = xxxxxx | Source = RasClient | ID = 20227
Description = 
 
Error - 30.04.2013 13:46:50 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 02.05.2013 00:51:10 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 02.05.2013 02:12:30 | Computer Name = xxxxxx | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 02.05.2013 07:52:49 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 02.05.2013 14:37:13 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 03.05.2013 14:24:17 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 06.05.2013 03:56:33 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 06.05.2013 10:29:34 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 06.05.2013 13:54:00 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-07 03:15:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0001BSM2 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxx~1\AppData\Local\Temp\uxloypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                            fffff80002df6000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                            fffff80002df6042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[2332] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                 0000000077381465 2 bytes [38, 77]
.text     C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[2332] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                00000000773814bb 2 bytes [38, 77]
.text     ...                                                                                                                                           * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077381465 2 bytes [38, 77]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000773814bb 2 bytes [38, 77]
.text     ...                                                                                                                                           * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e377be0ec                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e377be0ec (not active ControlSet)                                               

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 07.05.2013, 22:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Hallo und

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.05.2013, 05:46   #3
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Zitat:
Zitat von cosinus Beitrag anzeigen
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
Es ist rein mein privater Rechner, kein Firmen-PC und mit der Uni habe ich seit 20 Jahrennichts mehr zu tun.
Oder anders: Keine Ahnung. Diese Ultimate Edition hat mir ein Servicemensch installiert, nachdem mir die alte Festplatte abgeraucht war und er eine neue eingebaut hat. EIgentlich wollte ich damals Linux.


Zitat:
Zitat von cosinus Beitrag anzeigen
Hast du noch weitere Logs (mit Funden)?
Nein. Bislang nicht.
__________________

Alt 08.05.2013, 08:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Hm, ich hoffe mal der Servicemensch hat dir kein schwarzes/kompromittiertes (underground) Windows installiert


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte ein Log mit combofix machen

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 05:58   #5
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Erledigt. Allerdings hat er bis zum Schluß behauptet, mein Virenscanner (Avira) sei noch aktiv, selbst nachdem ich im Taskmanager einfach den Prozess gekillt habe.

Code:
ATTFilter
ComboFix 13-05-08.02 - xxx xxx 09.05.2013   6:44.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2943.2080 [GMT 2:00]
ausgeführt von:: c:\users\xxx xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 64 bytes in 2 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-09 bis 2013-05-09  ))))))))))))))))))))))))))))))
.
.
2013-05-09 04:50 . 2013-05-09 04:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-06 18:13 . 2013-05-06 18:13	26520	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-26 19:34 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-22 12:13 . 2013-04-22 12:13	--------	d-----w-	C:\found.002
2013-04-20 08:12 . 2011-04-10 20:07	206960	----a-w-	c:\windows\system32\drivers\dlkmd.sys
2013-04-20 08:12 . 2011-04-10 20:07	13936	----a-w-	c:\windows\system32\drivers\dlkmdldr.sys
2013-04-20 08:10 . 2013-04-20 08:10	0	----a-w-	c:\windows\system32\dlumd9.dll
2013-04-20 08:10 . 2013-04-20 08:10	0	----a-w-	c:\windows\system32\dlumd11.dll
2013-04-20 08:10 . 2013-04-20 08:10	0	----a-w-	c:\windows\system32\dlumd10.dll
2013-04-17 06:11 . 2013-05-08 20:04	--------	d-----w-	c:\users\xxx xxx\AppData\Roaming\Dropbox
2013-04-10 23:07 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 23:07 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 23:06 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 23:06 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 23:06 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 23:06 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 23:06 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 23:06 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 22:52 . 2013-04-10 22:52	--------	d-----w-	c:\users\xxx xxx\AppData\Roaming\Malwarebytes
2013-04-10 22:52 . 2013-04-10 22:52	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-10 22:52 . 2013-04-10 22:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-10 22:52 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 23:09 . 2012-10-04 19:51	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-06 14:13 . 2013-03-29 13:55	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-03 09:39 . 2012-10-07 12:42	419840	----a-w-	c:\windows\system32\systemcpl.dll
2013-03-03 09:39 . 2012-10-07 12:42	14848	----a-w-	c:\windows\system32\slwga.dll
2013-03-03 09:39 . 2012-10-07 12:42	13824	----a-w-	c:\windows\SysWow64\slwga.dll
2013-03-03 09:39 . 2012-10-07 12:43	1008640	----a-w-	c:\windows\system32\user32.dll
2013-03-03 09:39 . 2012-10-07 12:43	833024	----a-w-	c:\windows\SysWow64\user32.dll
2013-02-26 14:56 . 2013-03-29 13:55	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-26 14:56 . 2013-03-29 13:55	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-12 05:45 . 2013-03-23 04:05	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-23 04:05	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-23 04:05	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-23 04:05	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-23 04:05	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-23 04:05	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-23 04:08	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-03-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-03-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	130736	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 61440]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
.
c:\users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-10 17408]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [2007-07-16 23064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 13936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-08-30 1109296]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 206960]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37	164016	----a-w-	c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jq5fr39m.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.nachrichten.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-09  06:54:09
ComboFix-quarantined-files.txt  2013-05-09 04:54
.
Vor Suchlauf: 12 Verzeichnis(se), 119.740.882.944 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 119.912.931.328 Bytes frei
.
- - End Of File - - 11BF59D6F6FEC2AC0150718484E87E15
         


Alt 09.05.2013, 16:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Regelmäßige Systemabstürze in verschiedensten Formen/Varianten

Alt 09.05.2013, 19:30   #7
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Hier mal Teil 1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxx xxx :: xxxxxx [administrator]

09.05.2013 20:25:30
mbar-log-2013-05-09 (20-25-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28896
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
dann Teil 2:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-09 20:34:18
-----------------------------
20:34:18.245    OS Version: Windows x64 6.1.7601 Service Pack 1
20:34:18.245    Number of processors: 2 586 0x6802
20:34:18.246    ComputerName: xxxxxx  UserName: 
20:34:24.251    Initialize success
20:37:27.473    AVAST engine defs: 13050900
20:37:53.946    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:37:53.950    Disk 0 Vendor: ST9320423AS 0001BSM2 Size: 305245MB BusType: 3
20:37:54.081    Disk 0 MBR read successfully
20:37:54.083    Disk 0 MBR scan
20:37:54.093    Disk 0 Windows 7 default MBR code
20:37:54.107    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       165243 MB offset 2048
20:37:54.136    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       139999 MB offset 338419712
20:37:54.204    Disk 0 scanning C:\Windows\system32\drivers
20:38:22.341    Service scanning
20:38:55.339    Modules scanning
20:38:55.349    Disk 0 trace - called modules:
20:38:55.379    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:38:55.384    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003449060]
20:38:55.391    3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8003448860]
20:38:55.399    5 hpdskflt.sys[fffff880018ba189] -> nt!IofCallDriver -> [0xfffffa8003203520]
20:38:55.408    7 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003213060]
20:39:01.465    AVAST engine scan C:\Windows
20:39:08.895    AVAST engine scan C:\Windows\system32
20:46:02.738    AVAST engine scan C:\Windows\system32\drivers
20:46:29.972    AVAST engine scan C:\Users\xxx xxx
20:52:50.228    AVAST engine scan C:\ProgramData
20:53:58.937    Scan finished successfully
21:01:10.359    Disk 0 MBR has been saved successfully to "C:\Users\xxx xxx\Desktop\MBR.dat"
21:01:10.367    The log file has been saved successfully to "C:\Users\xxx xxx\Desktop\aswMBR.txt"
         
und der 3. und letzte Teil:

Code:
ATTFilter
21:05:52.0295 1052  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:05:52.0870 1052  ============================================================
21:05:52.0870 1052  Current date / time: 2013/05/09 21:05:52.0870
21:05:52.0870 1052  SystemInfo:
21:05:52.0870 1052  
21:05:52.0870 1052  OS Version: 6.1.7601 ServicePack: 1.0
21:05:52.0870 1052  Product type: Workstation
21:05:52.0870 1052  ComputerName: xxxxxx
21:05:52.0870 1052  UserName: xxx xxx
21:05:52.0870 1052  Windows directory: C:\Windows
21:05:52.0870 1052  System windows directory: C:\Windows
21:05:52.0870 1052  Running under WOW64
21:05:52.0870 1052  Processor architecture: Intel x64
21:05:52.0870 1052  Number of processors: 2
21:05:52.0870 1052  Page size: 0x1000
21:05:52.0870 1052  Boot type: Normal boot
21:05:52.0870 1052  ============================================================
21:05:55.0521 1052  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:55.0528 1052  ============================================================
21:05:55.0528 1052  \Device\Harddisk0\DR0:
21:05:55.0528 1052  MBR partitions:
21:05:55.0528 1052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x142BD800
21:05:55.0528 1052  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142BE000, BlocksNum 0x1116F800
21:05:55.0528 1052  ============================================================
21:05:55.0573 1052  C: <-> \Device\Harddisk0\DR0\Partition1
21:05:55.0615 1052  E: <-> \Device\Harddisk0\DR0\Partition2
21:05:55.0615 1052  ============================================================
21:05:55.0615 1052  Initialize success
21:05:55.0615 1052  ============================================================
21:06:40.0523 0992  ============================================================
21:06:40.0523 0992  Scan started
21:06:40.0523 0992  Mode: Manual; SigCheck; TDLFS; 
21:06:40.0523 0992  ============================================================
21:06:42.0117 0992  ================ Scan system memory ========================
21:06:42.0118 0992  System memory - ok
21:06:42.0118 0992  ================ Scan services =============================
21:06:42.0290 0992  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:06:42.0825 0992  1394ohci - ok
21:06:42.0871 0992  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
21:06:42.0976 0992  61883 - ok
21:06:43.0008 0992  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
21:06:43.0106 0992  Accelerometer - ok
21:06:43.0166 0992  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:06:43.0193 0992  ACPI - ok
21:06:43.0243 0992  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:06:43.0358 0992  AcpiPmi - ok
21:06:43.0426 0992  [ 7966C2E1D2FC95BD6246AC1E45BA5E31 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:06:43.0506 0992  ADIHdAudAddService - ok
21:06:43.0606 0992  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:43.0625 0992  AdobeARMservice - ok
21:06:44.0588 0992  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:44.0627 0992  adp94xx - ok
21:06:44.0663 0992  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:06:44.0691 0992  adpahci - ok
21:06:44.0713 0992  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:06:44.0737 0992  adpu320 - ok
21:06:44.0772 0992  [ 460D73F2AED144455D55C18068DBC90D ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
21:06:44.0796 0992  AEADIFilters - ok
21:06:44.0822 0992  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:06:44.0965 0992  AeLookupSvc - ok
21:06:45.0027 0992  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:06:45.0142 0992  AFD - ok
21:06:45.0198 0992  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
21:06:45.0408 0992  AgereSoftModem - ok
21:06:45.0458 0992  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:06:45.0477 0992  agp440 - ok
21:06:45.0496 0992  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:06:45.0561 0992  ALG - ok
21:06:45.0580 0992  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:06:45.0598 0992  aliide - ok
21:06:45.0620 0992  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:06:45.0637 0992  amdide - ok
21:06:45.0675 0992  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:06:45.0751 0992  AmdK8 - ok
21:06:45.0771 0992  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:06:45.0817 0992  AmdPPM - ok
21:06:45.0857 0992  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:06:45.0877 0992  amdsata - ok
21:06:45.0904 0992  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:45.0928 0992  amdsbs - ok
21:06:45.0947 0992  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:06:45.0964 0992  amdxata - ok
21:06:46.0065 0992  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:06:46.0083 0992  AntiVirSchedulerService - ok
21:06:46.0156 0992  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:06:46.0173 0992  AntiVirService - ok
21:06:46.0216 0992  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:06:46.0467 0992  AppID - ok
21:06:46.0498 0992  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:06:46.0568 0992  AppIDSvc - ok
21:06:46.0601 0992  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:06:46.0668 0992  Appinfo - ok
21:06:46.0708 0992  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:06:46.0783 0992  AppMgmt - ok
21:06:46.0821 0992  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:06:46.0840 0992  arc - ok
21:06:46.0854 0992  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:06:46.0875 0992  arcsas - ok
21:06:46.0898 0992  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:46.0964 0992  AsyncMac - ok
21:06:47.0001 0992  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:06:47.0017 0992  atapi - ok
21:06:47.0074 0992  [ 87CBB283CE47286B9EE8E210D5C3E320 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:06:47.0174 0992  Ati External Event Utility - ok
21:06:47.0305 0992  [ 15BF9FB3D246CEEA8B929B6B61C194AE ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:06:47.0481 0992  atikmdag - ok
21:06:47.0565 0992  [ 23C140EA2ADA4F0E034F682C57F8DE62 ] ATSwpWDF        C:\Windows\system32\DRIVERS\ATSwpWDF.sys
21:06:47.0622 0992  ATSwpWDF - ok
21:06:47.0685 0992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:06:47.0776 0992  AudioEndpointBuilder - ok
21:06:47.0809 0992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:06:47.0866 0992  AudioSrv - ok
21:06:47.0917 0992  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
21:06:47.0954 0992  Avc - ok
21:06:48.0014 0992  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:06:48.0035 0992  avgntflt - ok
21:06:48.0094 0992  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:06:48.0116 0992  avipbb - ok
21:06:48.0156 0992  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:06:48.0174 0992  avkmgr - ok
21:06:48.0224 0992  [ 803B9A93C8D8B72414D7D05DC1A47F34 ] AX88772         C:\Windows\system32\DRIVERS\ax88772.sys
21:06:48.0286 0992  AX88772 - ok
21:06:48.0343 0992  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:06:48.0455 0992  AxInstSV - ok
21:06:48.0494 0992  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:48.0559 0992  b06bdrv - ok
21:06:48.0599 0992  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:48.0646 0992  b57nd60a - ok
21:06:48.0750 0992  [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:06:48.0869 0992  BCM43XX - ok
21:06:48.0900 0992  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:06:48.0965 0992  BDESVC - ok
21:06:48.0988 0992  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:06:49.0057 0992  Beep - ok
21:06:49.0134 0992  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:06:49.0203 0992  BFE - ok
21:06:49.0237 0992  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:06:49.0340 0992  BITS - ok
21:06:49.0381 0992  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:49.0420 0992  blbdrive - ok
21:06:49.0453 0992  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:06:49.0525 0992  bowser - ok
21:06:49.0549 0992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:49.0614 0992  BrFiltLo - ok
21:06:49.0639 0992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:49.0662 0992  BrFiltUp - ok
21:06:49.0777 0992  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:06:49.0852 0992  BridgeMP - ok
21:06:49.0972 0992  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:06:50.0016 0992  Browser - ok
21:06:50.0039 0992  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:06:50.0084 0992  Brserid - ok
21:06:50.0112 0992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:50.0156 0992  BrSerWdm - ok
21:06:50.0179 0992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:50.0202 0992  BrUsbMdm - ok
21:06:50.0210 0992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:50.0231 0992  BrUsbSer - ok
21:06:50.0291 0992  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:06:50.0439 0992  BthEnum - ok
21:06:50.0457 0992  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:50.0501 0992  BTHMODEM - ok
21:06:50.0535 0992  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:06:50.0579 0992  BthPan - ok
21:06:50.0618 0992  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:06:50.0693 0992  BTHPORT - ok
21:06:50.0724 0992  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:06:50.0791 0992  bthserv - ok
21:06:50.0821 0992  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:06:50.0855 0992  BTHUSB - ok
21:06:50.0890 0992  catchme - ok
21:06:50.0922 0992  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:06:50.0989 0992  cdfs - ok
21:06:51.0023 0992  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:06:51.0063 0992  cdrom - ok
21:06:51.0128 0992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:06:51.0199 0992  CertPropSvc - ok
21:06:51.0228 0992  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:06:51.0272 0992  circlass - ok
21:06:51.0321 0992  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:06:51.0351 0992  CLFS - ok
21:06:51.0417 0992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:51.0435 0992  clr_optimization_v2.0.50727_32 - ok
21:06:51.0479 0992  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:51.0498 0992  clr_optimization_v2.0.50727_64 - ok
21:06:51.0589 0992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:51.0636 0992  clr_optimization_v4.0.30319_32 - ok
21:06:51.0698 0992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:51.0719 0992  clr_optimization_v4.0.30319_64 - ok
21:06:51.0756 0992  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:51.0795 0992  CmBatt - ok
21:06:51.0826 0992  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:06:51.0844 0992  cmdide - ok
21:06:51.0892 0992  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:06:51.0945 0992  CNG - ok
21:06:52.0133 0992  [ 360959BBD4F451E1AB811F4304232766 ] CodeMeter.exe   C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
21:06:52.0230 0992  CodeMeter.exe - ok
21:06:52.0305 0992  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:06:52.0329 0992  Com4QLBEx - ok
21:06:52.0348 0992  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:06:52.0366 0992  Compbatt - ok
21:06:52.0408 0992  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:06:52.0453 0992  CompositeBus - ok
21:06:52.0475 0992  COMSysApp - ok
21:06:52.0488 0992  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:52.0505 0992  crcdisk - ok
21:06:52.0559 0992  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:06:52.0637 0992  CryptSvc - ok
21:06:52.0687 0992  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
21:06:52.0797 0992  CSC - ok
21:06:52.0859 0992  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
21:06:52.0911 0992  CscService - ok
21:06:52.0950 0992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:06:53.0032 0992  DcomLaunch - ok
21:06:53.0068 0992  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:06:53.0148 0992  defragsvc - ok
21:06:53.0190 0992  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:06:53.0261 0992  DfsC - ok
21:06:53.0299 0992  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:06:53.0371 0992  Dhcp - ok
21:06:53.0401 0992  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:06:53.0475 0992  discache - ok
21:06:53.0502 0992  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:06:53.0522 0992  Disk - ok
21:06:53.0847 0992  [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:06:55.0109 0992  DisplayLinkService - ok
21:06:55.0133 0992  [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
21:06:55.0207 0992  DisplayLinkUsbPort - ok
21:06:55.0276 0992  [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
21:06:55.0297 0992  dlkmd - ok
21:06:55.0331 0992  [ B701A03D4C256A288D89D615E139CB7C ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
21:06:55.0347 0992  dlkmdldr - ok
21:06:55.0392 0992  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:06:55.0461 0992  Dnscache - ok
21:06:55.0513 0992  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:06:55.0585 0992  dot3svc - ok
21:06:55.0631 0992  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:06:55.0705 0992  DPS - ok
21:06:55.0729 0992  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:06:55.0762 0992  drmkaud - ok
21:06:55.0821 0992  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:06:55.0875 0992  DXGKrnl - ok
21:06:55.0904 0992  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:06:55.0971 0992  EapHost - ok
21:06:56.0113 0992  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:06:56.0325 0992  ebdrv - ok
21:06:56.0367 0992  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:06:56.0430 0992  EFS - ok
21:06:56.0479 0992  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:06:56.0572 0992  ehRecvr - ok
21:06:56.0604 0992  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:06:56.0667 0992  ehSched - ok
21:06:56.0704 0992  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:06:56.0743 0992  elxstor - ok
21:06:56.0784 0992  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:06:56.0821 0992  ErrDev - ok
21:06:56.0882 0992  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:06:56.0941 0992  EventSystem - ok
21:06:56.0967 0992  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:06:57.0023 0992  exfat - ok
21:06:57.0040 0992  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:06:57.0095 0992  fastfat - ok
21:06:57.0161 0992  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:06:57.0226 0992  Fax - ok
21:06:57.0247 0992  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:06:57.0286 0992  fdc - ok
21:06:57.0324 0992  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:06:57.0394 0992  fdPHost - ok
21:06:57.0422 0992  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:06:57.0485 0992  FDResPub - ok
21:06:57.0517 0992  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:06:57.0537 0992  FileInfo - ok
21:06:57.0560 0992  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:06:57.0618 0992  Filetrace - ok
21:06:57.0626 0992  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:57.0646 0992  flpydisk - ok
21:06:57.0697 0992  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:06:57.0723 0992  FltMgr - ok
21:06:57.0773 0992  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:06:57.0902 0992  FontCache - ok
21:06:57.0968 0992  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:57.0985 0992  FontCache3.0.0.0 - ok
21:06:58.0002 0992  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:06:58.0022 0992  FsDepends - ok
21:06:58.0065 0992  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:06:58.0083 0992  Fs_Rec - ok
21:06:58.0137 0992  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:06:58.0166 0992  fvevol - ok
21:06:58.0185 0992  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:58.0206 0992  gagp30kx - ok
21:06:58.0269 0992  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:06:58.0356 0992  gpsvc - ok
21:06:58.0408 0992  [ 965FC9D0BD1E13B02DC71B77B68092F4 ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn64.sys
21:06:58.0430 0992  HBtnKey - ok
21:06:58.0446 0992  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:06:58.0531 0992  hcw85cir - ok
21:06:58.0585 0992  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:06:58.0633 0992  HdAudAddService - ok
21:06:58.0665 0992  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:06:58.0708 0992  HDAudBus - ok
21:06:58.0731 0992  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:58.0770 0992  HidBatt - ok
21:06:58.0890 0992  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:06:58.0915 0992  HidBth - ok
21:06:58.0932 0992  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:06:58.0969 0992  HidIr - ok
21:06:59.0005 0992  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:06:59.0055 0992  hidserv - ok
21:06:59.0085 0992  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:06:59.0104 0992  HidUsb - ok
21:06:59.0147 0992  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:06:59.0214 0992  hkmsvc - ok
21:06:59.0250 0992  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:06:59.0309 0992  HomeGroupListener - ok
21:06:59.0355 0992  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:06:59.0393 0992  HomeGroupProvider - ok
21:06:59.0429 0992  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
21:06:59.0446 0992  hpdskflt - ok
21:06:59.0484 0992  [ DBD2BB97A574FC565B1EB5C0A03F917A ] HPFXBULK        C:\Windows\system32\drivers\hpfx64bulk.sys
21:06:59.0500 0992  HPFXBULK - ok
21:06:59.0541 0992  [ 219C2A07FD07023D3905C332BF6F9BA8 ] HPFXFAX         C:\Windows\system32\drivers\hpfx64fax.sys
21:06:59.0558 0992  HPFXFAX - ok
21:06:59.0605 0992  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:06:59.0656 0992  HpqKbFiltr - ok
21:06:59.0710 0992  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:06:59.0733 0992  hpqwmiex - ok
21:06:59.0782 0992  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:06:59.0801 0992  HpSAMD - ok
21:06:59.0812 0992  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
21:06:59.0831 0992  hpsrv - ok
21:06:59.0899 0992  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:06:59.0984 0992  HTTP - ok
21:07:00.0035 0992  [ 1A5DA10E18FC2643E94C5DC7FA965868 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:07:00.0091 0992  hwdatacard - ok
21:07:00.0139 0992  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:07:00.0157 0992  hwpolicy - ok
21:07:00.0172 0992  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:07:00.0194 0992  i8042prt - ok
21:07:00.0225 0992  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:07:00.0255 0992  iaStorV - ok
21:07:00.0331 0992  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:07:00.0343 0992  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:07:00.0343 0992  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:07:00.0388 0992  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:00.0438 0992  idsvc - ok
21:07:00.0469 0992  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:07:00.0488 0992  iirsp - ok
21:07:00.0556 0992  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:07:00.0652 0992  IKEEXT - ok
21:07:00.0685 0992  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:07:00.0703 0992  intelide - ok
21:07:00.0723 0992  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:07:00.0762 0992  intelppm - ok
21:07:00.0796 0992  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:07:00.0867 0992  IPBusEnum - ok
21:07:00.0902 0992  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:00.0965 0992  IpFilterDriver - ok
21:07:01.0013 0992  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:07:01.0119 0992  iphlpsvc - ok
21:07:01.0166 0992  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:07:01.0188 0992  IPMIDRV - ok
21:07:01.0203 0992  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:07:01.0275 0992  IPNAT - ok
21:07:01.0301 0992  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:07:01.0381 0992  IRENUM - ok
21:07:01.0395 0992  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:07:01.0413 0992  isapnp - ok
21:07:01.0437 0992  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:07:01.0463 0992  iScsiPrt - ok
21:07:01.0483 0992  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:07:01.0502 0992  kbdclass - ok
21:07:01.0524 0992  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:07:01.0560 0992  kbdhid - ok
21:07:01.0589 0992  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:07:01.0607 0992  KeyIso - ok
21:07:01.0644 0992  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:07:01.0665 0992  KSecDD - ok
21:07:01.0713 0992  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:07:01.0736 0992  KSecPkg - ok
21:07:01.0752 0992  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:07:01.0823 0992  ksthunk - ok
21:07:01.0862 0992  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:07:01.0940 0992  KtmRm - ok
21:07:02.0011 0992  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:07:02.0085 0992  LanmanServer - ok
21:07:02.0124 0992  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:07:02.0199 0992  LanmanWorkstation - ok
21:07:02.0238 0992  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:07:02.0304 0992  lltdio - ok
21:07:02.0342 0992  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:07:02.0416 0992  lltdsvc - ok
21:07:02.0441 0992  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:07:02.0491 0992  lmhosts - ok
21:07:02.0520 0992  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:02.0541 0992  LSI_FC - ok
21:07:02.0554 0992  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:02.0576 0992  LSI_SAS - ok
21:07:02.0585 0992  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:02.0605 0992  LSI_SAS2 - ok
21:07:02.0626 0992  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:02.0650 0992  LSI_SCSI - ok
21:07:02.0664 0992  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:07:02.0734 0992  luafv - ok
21:07:02.0775 0992  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:07:02.0818 0992  Mcx2Svc - ok
21:07:02.0842 0992  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:07:02.0861 0992  megasas - ok
21:07:02.0877 0992  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:02.0906 0992  MegaSR - ok
21:07:02.0925 0992  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:07:02.0994 0992  MMCSS - ok
21:07:03.0023 0992  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:07:03.0094 0992  Modem - ok
21:07:03.0125 0992  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:07:03.0168 0992  monitor - ok
21:07:03.0202 0992  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:07:03.0221 0992  mouclass - ok
21:07:03.0249 0992  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:07:03.0268 0992  mouhid - ok
21:07:03.0311 0992  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:07:03.0331 0992  mountmgr - ok
21:07:03.0373 0992  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:07:03.0393 0992  MozillaMaintenance - ok
21:07:03.0410 0992  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:07:03.0432 0992  mpio - ok
21:07:03.0451 0992  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:07:03.0518 0992  mpsdrv - ok
21:07:03.0576 0992  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:07:03.0653 0992  MpsSvc - ok
21:07:03.0704 0992  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:07:03.0733 0992  MRxDAV - ok
21:07:03.0783 0992  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:03.0855 0992  mrxsmb - ok
21:07:03.0886 0992  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:03.0926 0992  mrxsmb10 - ok
21:07:04.0958 0992  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:04.0999 0992  mrxsmb20 - ok
21:07:05.0028 0992  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:07:05.0046 0992  msahci - ok
21:07:05.0092 0992  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:07:05.0114 0992  msdsm - ok
21:07:05.0128 0992  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:07:05.0171 0992  MSDTC - ok
21:07:05.0244 0992  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
21:07:05.0266 0992  MSDV - ok
21:07:05.0292 0992  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:07:05.0344 0992  Msfs - ok
21:07:05.0360 0992  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:07:05.0414 0992  mshidkmdf - ok
21:07:05.0453 0992  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:07:05.0471 0992  msisadrv - ok
21:07:05.0508 0992  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:07:05.0583 0992  MSiSCSI - ok
21:07:05.0594 0992  msiserver - ok
21:07:05.0627 0992  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:07:05.0700 0992  MSKSSRV - ok
21:07:05.0708 0992  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:05.0762 0992  MSPCLOCK - ok
21:07:05.0791 0992  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:07:05.0863 0992  MSPQM - ok
21:07:05.0912 0992  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:07:05.0941 0992  MsRPC - ok
21:07:05.0963 0992  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:07:05.0982 0992  mssmbios - ok
21:07:06.0000 0992  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:07:06.0065 0992  MSTEE - ok
21:07:06.0095 0992  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:06.0116 0992  MTConfig - ok
21:07:06.0140 0992  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:07:06.0161 0992  Mup - ok
21:07:06.0188 0992  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:07:06.0262 0992  napagent - ok
21:07:06.0311 0992  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:07:06.0357 0992  NativeWifiP - ok
21:07:06.0411 0992  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:07:06.0464 0992  NDIS - ok
21:07:06.0479 0992  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:06.0531 0992  NdisCap - ok
21:07:06.0555 0992  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:06.0624 0992  NdisTapi - ok
21:07:06.0665 0992  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:06.0734 0992  Ndisuio - ok
21:07:06.0771 0992  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:06.0842 0992  NdisWan - ok
21:07:06.0876 0992  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:07:06.0943 0992  NDProxy - ok
21:07:06.0983 0992  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:07:06.0991 0992  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:07:06.0992 0992  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:07:07.0006 0992  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:07:07.0073 0992  NetBIOS - ok
21:07:07.0114 0992  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:07:07.0167 0992  NetBT - ok
21:07:07.0183 0992  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:07:07.0203 0992  Netlogon - ok
21:07:07.0241 0992  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:07:07.0322 0992  Netman - ok
21:07:07.0359 0992  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:07:07.0444 0992  netprofm - ok
21:07:07.0480 0992  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:07.0498 0992  NetTcpPortSharing - ok
21:07:07.0513 0992  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:07.0534 0992  nfrd960 - ok
21:07:07.0556 0992  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:07:07.0597 0992  NlaSvc - ok
21:07:07.0627 0992  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:07:07.0678 0992  Npfs - ok
21:07:07.0693 0992  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:07:07.0760 0992  nsi - ok
21:07:07.0777 0992  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:07:07.0841 0992  nsiproxy - ok
21:07:07.0910 0992  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:07:07.0984 0992  Ntfs - ok
21:07:08.0001 0992  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:07:08.0052 0992  Null - ok
21:07:08.0097 0992  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:07:08.0120 0992  nvraid - ok
21:07:08.0138 0992  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:07:08.0162 0992  nvstor - ok
21:07:08.0185 0992  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:07:08.0206 0992  nv_agp - ok
21:07:08.0221 0992  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:07:08.0242 0992  ohci1394 - ok
21:07:08.0268 0992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:07:08.0314 0992  p2pimsvc - ok
21:07:08.0344 0992  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:07:08.0374 0992  p2psvc - ok
21:07:08.0390 0992  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:07:08.0412 0992  Parport - ok
21:07:08.0458 0992  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:07:08.0476 0992  partmgr - ok
21:07:08.0500 0992  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:07:08.0545 0992  PcaSvc - ok
21:07:08.0575 0992  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:07:08.0597 0992  pci - ok
21:07:08.0614 0992  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:07:08.0633 0992  pciide - ok
21:07:08.0652 0992  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:08.0676 0992  pcmcia - ok
21:07:08.0697 0992  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:07:08.0716 0992  pcw - ok
21:07:08.0745 0992  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:07:08.0846 0992  PEAUTH - ok
21:07:08.0936 0992  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:07:09.0041 0992  PeerDistSvc - ok
21:07:09.0144 0992  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:07:09.0186 0992  PerfHost - ok
21:07:09.0265 0992  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:07:09.0377 0992  pla - ok
21:07:09.0424 0992  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:07:09.0486 0992  PlugPlay - ok
21:07:09.0534 0992  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:07:09.0563 0992  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:07:09.0563 0992  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:07:09.0587 0992  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:07:09.0623 0992  PNRPAutoReg - ok
21:07:09.0654 0992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:07:09.0677 0992  PNRPsvc - ok
21:07:09.0704 0992  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:07:09.0788 0992  PolicyAgent - ok
21:07:09.0827 0992  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:07:09.0901 0992  Power - ok
21:07:09.0933 0992  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:07:10.0004 0992  PptpMiniport - ok
21:07:10.0040 0992  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:07:10.0077 0992  Processor - ok
21:07:10.0111 0992  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:07:10.0168 0992  ProfSvc - ok
21:07:10.0186 0992  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:07:10.0206 0992  ProtectedStorage - ok
21:07:10.0253 0992  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:07:10.0304 0992  Psched - ok
21:07:10.0411 0992  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:07:10.0540 0992  ql2300 - ok
21:07:10.0560 0992  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:10.0583 0992  ql40xx - ok
21:07:10.0618 0992  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:07:10.0651 0992  QWAVE - ok
21:07:10.0672 0992  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:07:10.0717 0992  QWAVEdrv - ok
21:07:10.0751 0992  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:07:10.0821 0992  RasAcd - ok
21:07:10.0874 0992  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:10.0924 0992  RasAgileVpn - ok
21:07:10.0943 0992  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:07:11.0000 0992  RasAuto - ok
21:07:11.0044 0992  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:11.0113 0992  Rasl2tp - ok
21:07:11.0144 0992  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:07:11.0202 0992  RasMan - ok
21:07:11.0224 0992  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:11.0283 0992  RasPppoe - ok
21:07:11.0298 0992  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:07:11.0373 0992  RasSstp - ok
21:07:11.0407 0992  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:07:11.0485 0992  rdbss - ok
21:07:11.0513 0992  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:11.0539 0992  rdpbus - ok
21:07:11.0557 0992  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:11.0627 0992  RDPCDD - ok
21:07:11.0670 0992  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:07:11.0710 0992  RDPDR - ok
21:07:11.0742 0992  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:07:11.0815 0992  RDPENCDD - ok
21:07:11.0839 0992  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:07:11.0889 0992  RDPREFMP - ok
21:07:11.0952 0992  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:07:12.0003 0992  RdpVideoMiniport - ok
21:07:12.0061 0992  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:07:12.0154 0992  RDPWD - ok
21:07:12.0213 0992  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:07:12.0249 0992  rdyboost - ok
21:07:12.0294 0992  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:07:12.0376 0992  RemoteAccess - ok
21:07:12.0421 0992  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:07:12.0536 0992  RemoteRegistry - ok
21:07:12.0590 0992  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:07:12.0630 0992  RFCOMM - ok
21:07:12.0690 0992  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:07:12.0748 0992  RimUsb - ok
21:07:12.0767 0992  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:07:12.0834 0992  RpcEptMapper - ok
21:07:12.0863 0992  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:07:12.0899 0992  RpcLocator - ok
21:07:12.0940 0992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:07:12.0998 0992  RpcSs - ok
21:07:13.0026 0992  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:07:13.0094 0992  rspndr - ok
21:07:13.0139 0992  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:07:13.0203 0992  s3cap - ok
21:07:13.0214 0992  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:07:13.0232 0992  SamSs - ok
21:07:13.0250 0992  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:07:13.0270 0992  sbp2port - ok
21:07:13.0289 0992  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:07:13.0367 0992  SCardSvr - ok
21:07:13.0404 0992  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:07:13.0467 0992  scfilter - ok
21:07:13.0516 0992  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:07:13.0605 0992  Schedule - ok
21:07:13.0652 0992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:07:13.0700 0992  SCPolicySvc - ok
21:07:13.0718 0992  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:07:13.0761 0992  SDRSVC - ok
21:07:13.0790 0992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:07:13.0841 0992  secdrv - ok
21:07:13.0851 0992  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:07:13.0916 0992  seclogon - ok
21:07:13.0944 0992  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:07:14.0015 0992  SENS - ok
21:07:14.0039 0992  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:07:14.0087 0992  SensrSvc - ok
21:07:14.0101 0992  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:07:14.0139 0992  Serenum - ok
21:07:14.0312 0992  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:07:14.0333 0992  Serial - ok
21:07:14.0343 0992  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:07:14.0362 0992  sermouse - ok
21:07:14.0413 0992  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:07:14.0476 0992  SessionEnv - ok
21:07:14.0512 0992  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:07:14.0574 0992  sffdisk - ok
21:07:14.0589 0992  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:07:14.0623 0992  sffp_mmc - ok
21:07:14.0629 0992  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:07:14.0660 0992  sffp_sd - ok
21:07:14.0667 0992  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:14.0686 0992  sfloppy - ok
21:07:14.0739 0992  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:07:14.0814 0992  SharedAccess - ok
21:07:14.0849 0992  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:07:14.0908 0992  ShellHWDetection - ok
21:07:14.0928 0992  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:14.0947 0992  SiSRaid2 - ok
21:07:14.0961 0992  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:14.0981 0992  SiSRaid4 - ok
21:07:15.0001 0992  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:07:15.0078 0992  Smb - ok
21:07:15.0143 0992  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:07:15.0183 0992  SNMPTRAP - ok
21:07:15.0207 0992  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:07:15.0224 0992  spldr - ok
21:07:15.0285 0992  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:07:15.0356 0992  Spooler - ok
21:07:15.0466 0992  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:07:15.0620 0992  sppsvc - ok
21:07:15.0642 0992  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:07:15.0745 0992  sppuinotify - ok
21:07:15.0787 0992  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:07:15.0870 0992  srv - ok
21:07:15.0929 0992  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:07:15.0967 0992  srv2 - ok
21:07:15.0989 0992  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:07:16.0030 0992  srvnet - ok
21:07:16.0063 0992  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:07:16.0134 0992  SSDPSRV - ok
21:07:16.0157 0992  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:07:16.0210 0992  SstpSvc - ok
21:07:16.0238 0992  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:07:16.0257 0992  stexstor - ok
21:07:16.0325 0992  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:07:16.0370 0992  stisvc - ok
21:07:16.0383 0992  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:07:16.0403 0992  storflt - ok
21:07:16.0449 0992  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:07:16.0472 0992  storvsc - ok
21:07:16.0489 0992  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:07:16.0512 0992  swenum - ok
21:07:16.0541 0992  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:07:16.0630 0992  swprv - ok
21:07:16.0669 0992  Synth3dVsc - ok
21:07:17.0327 0992  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:07:17.0393 0992  SynTP - ok
21:07:17.0466 0992  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:07:17.0568 0992  SysMain - ok
21:07:17.0602 0992  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:07:17.0631 0992  TabletInputService - ok
21:07:17.0656 0992  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:07:17.0736 0992  TapiSrv - ok
21:07:17.0775 0992  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:07:17.0829 0992  TBS - ok
21:07:17.0912 0992  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:07:17.0996 0992  Tcpip - ok
21:07:18.0060 0992  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:07:18.0117 0992  TCPIP6 - ok
21:07:18.0158 0992  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:07:18.0190 0992  tcpipreg - ok
21:07:18.0223 0992  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:07:18.0288 0992  TDPIPE - ok
21:07:18.0318 0992  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:07:18.0353 0992  TDTCP - ok
21:07:18.0390 0992  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:07:18.0441 0992  tdx - ok
21:07:18.0457 0992  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:07:18.0476 0992  TermDD - ok
21:07:18.0507 0992  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:07:18.0600 0992  TermService - ok
21:07:18.0626 0992  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:07:18.0674 0992  Themes - ok
21:07:18.0700 0992  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:07:18.0751 0992  THREADORDER - ok
21:07:18.0791 0992  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
21:07:18.0826 0992  TPM - ok
21:07:18.0848 0992  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:07:18.0916 0992  TrkWks - ok
21:07:18.0985 0992  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:07:19.0054 0992  TrustedInstaller - ok
21:07:19.0091 0992  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:19.0141 0992  tssecsrv - ok
21:07:19.0199 0992  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:07:19.0255 0992  TsUsbFlt - ok
21:07:19.0263 0992  tsusbhub - ok
21:07:19.0324 0992  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:07:19.0375 0992  tunnel - ok
21:07:19.0406 0992  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:07:19.0425 0992  uagp35 - ok
21:07:19.0453 0992  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:07:19.0509 0992  udfs - ok
21:07:19.0542 0992  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:07:19.0565 0992  UI0Detect - ok
21:07:19.0595 0992  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:07:19.0615 0992  uliagpkx - ok
21:07:19.0651 0992  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:07:19.0693 0992  umbus - ok
21:07:19.0718 0992  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:07:19.0737 0992  UmPass - ok
21:07:19.0787 0992  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
21:07:19.0832 0992  UmRdpService - ok
21:07:19.0869 0992  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:07:19.0927 0992  upnphost - ok
21:07:19.0970 0992  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:07:20.0008 0992  usbaudio - ok
21:07:20.0034 0992  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:20.0100 0992  usbccgp - ok
21:07:20.0131 0992  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:07:20.0158 0992  usbcir - ok
21:07:20.0183 0992  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:07:20.0224 0992  usbehci - ok
21:07:20.0258 0992  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:07:20.0310 0992  usbhub - ok
21:07:20.0333 0992  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:07:20.0371 0992  usbohci - ok
21:07:20.0400 0992  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:07:20.0440 0992  usbprint - ok
21:07:20.0500 0992  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:07:20.0524 0992  usbscan - ok
21:07:20.0541 0992  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:20.0636 0992  USBSTOR - ok
21:07:20.0663 0992  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:07:20.0697 0992  usbuhci - ok
21:07:20.0734 0992  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:07:20.0798 0992  UxSms - ok
21:07:20.0813 0992  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:07:20.0832 0992  VaultSvc - ok
21:07:20.0842 0992  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:07:20.0862 0992  vdrvroot - ok
21:07:20.0914 0992  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:07:20.0982 0992  vds - ok
21:07:21.0013 0992  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:21.0037 0992  vga - ok
21:07:21.0055 0992  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:07:21.0129 0992  VgaSave - ok
21:07:21.0158 0992  VGPU - ok
21:07:21.0205 0992  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:07:21.0230 0992  vhdmp - ok
21:07:21.0273 0992  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:07:21.0291 0992  viaide - ok
21:07:21.0309 0992  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:07:21.0333 0992  vmbus - ok
21:07:21.0347 0992  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:07:21.0366 0992  VMBusHID - ok
21:07:21.0428 0992  [ B3BFBB9C45BDAF3ECB4D1456F9017F95 ] VMCService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
21:07:21.0437 0992  VMCService ( UnsignedFile.Multi.Generic ) - warning
21:07:21.0437 0992  VMCService - detected UnsignedFile.Multi.Generic (1)
21:07:21.0448 0992  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:07:21.0467 0992  volmgr - ok
21:07:21.0580 0992  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:07:21.0609 0992  volmgrx - ok
21:07:21.0634 0992  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:07:21.0661 0992  volsnap - ok
21:07:21.0681 0992  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:21.0705 0992  vsmraid - ok
21:07:21.0781 0992  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:07:21.0895 0992  VSS - ok
21:07:21.0922 0992  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:21.0961 0992  vwifibus - ok
21:07:21.0987 0992  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:22.0034 0992  vwififlt - ok
21:07:22.0062 0992  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:22.0108 0992  vwifimp - ok
21:07:22.0150 0992  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:07:22.0230 0992  W32Time - ok
21:07:22.0261 0992  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:07:22.0299 0992  WacomPen - ok
21:07:22.0458 0992  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:07:22.0529 0992  WANARP - ok
21:07:22.0536 0992  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:07:22.0583 0992  Wanarpv6 - ok
21:07:22.0641 0992  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:07:22.0719 0992  wbengine - ok
21:07:22.0743 0992  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:07:22.0774 0992  WbioSrvc - ok
21:07:22.0826 0992  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:07:22.0863 0992  wcncsvc - ok
21:07:22.0879 0992  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:07:22.0927 0992  WcsPlugInService - ok
21:07:22.0943 0992  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:07:22.0960 0992  Wd - ok
21:07:23.0020 0992  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:07:23.0075 0992  Wdf01000 - ok
21:07:23.0092 0992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:07:23.0189 0992  WdiServiceHost - ok
21:07:23.0200 0992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:07:23.0226 0992  WdiSystemHost - ok
21:07:23.0274 0992  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:07:23.0325 0992  WebClient - ok
21:07:23.0351 0992  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:07:23.0422 0992  Wecsvc - ok
21:07:23.0448 0992  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:07:23.0510 0992  wercplsupport - ok
21:07:23.0541 0992  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:07:23.0591 0992  WerSvc - ok
21:07:23.0603 0992  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:23.0653 0992  WfpLwf - ok
21:07:23.0664 0992  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:07:23.0681 0992  WIMMount - ok
21:07:23.0697 0992  WinDefend - ok
21:07:23.0704 0992  WinHttpAutoProxySvc - ok
21:07:23.0792 0992  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:07:23.0850 0992  Winmgmt - ok
21:07:23.0929 0992  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:07:24.0043 0992  WinRM - ok
21:07:24.0090 0992  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:07:24.0166 0992  Wlansvc - ok
21:07:24.0199 0992  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:07:24.0237 0992  WmiAcpi - ok
21:07:24.0284 0992  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:07:24.0323 0992  wmiApSrv - ok
21:07:24.0351 0992  WMPNetworkSvc - ok
21:07:24.0371 0992  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:07:24.0415 0992  WPCSvc - ok
21:07:24.0459 0992  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:07:24.0496 0992  WPDBusEnum - ok
21:07:25.0515 0992  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:07:25.0588 0992  ws2ifsl - ok
21:07:25.0615 0992  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:07:25.0661 0992  wscsvc - ok
21:07:25.0667 0992  WSearch - ok
21:07:25.0753 0992  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:07:25.0850 0992  wuauserv - ok
21:07:25.0891 0992  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:07:25.0958 0992  WudfPf - ok
21:07:25.0988 0992  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:26.0029 0992  WUDFRd - ok
21:07:26.0053 0992  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:07:26.0088 0992  wudfsvc - ok
21:07:26.0115 0992  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:07:26.0161 0992  WwanSvc - ok
21:07:26.0207 0992  ================ Scan global ===============================
21:07:26.0236 0992  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:07:26.0289 0992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:07:26.0303 0992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:07:26.0332 0992  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:07:26.0363 0992  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:07:26.0372 0992  [Global] - ok
21:07:26.0373 0992  ================ Scan MBR ==================================
21:07:26.0386 0992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:07:26.0715 0992  \Device\Harddisk0\DR0 - ok
21:07:26.0715 0992  ================ Scan VBR ==================================
21:07:26.0719 0992  [ 7F041AD0988182E8B33BC4E8221150E9 ] \Device\Harddisk0\DR0\Partition1
21:07:26.0722 0992  \Device\Harddisk0\DR0\Partition1 - ok
21:07:26.0748 0992  [ EFD9100C17CFC8AB9D6E73D7FE866C12 ] \Device\Harddisk0\DR0\Partition2
21:07:26.0750 0992  \Device\Harddisk0\DR0\Partition2 - ok
21:07:26.0751 0992  ============================================================
21:07:26.0751 0992  Scan finished
21:07:26.0751 0992  ============================================================
21:07:26.0769 3864  Detected object count: 4
21:07:26.0769 3864  Actual detected object count: 4
21:08:04.0660 3864  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0660 3864  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:08:04.0664 3864  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0664 3864  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:08:04.0667 3864  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0667 3864  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:08:04.0672 3864  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0672 3864  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
FERTIG

Geändert von taduli (09.05.2013 um 20:10 Uhr)

Alt 09.05.2013, 20:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 21:17   #9
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Mal wieder zunächst Teil 1.
Teil 2 kommt morgen.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by xxx xxx on 09.05.2013 at 22:03:59,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\minidumps [89 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 22:08:55,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 09/05/2013 um 22:29:55 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : xxx xxx - xxxxxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\xxx xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jq5fr39m.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [753 octets] - [09/05/2013 22:29:55]

########## EOF - C:\AdwCleaner[S1].txt - [812 octets] ##########
         
[/CODE]

Code:
ATTFilter
OTL logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hpfx64fax.sys (Hewlett Packard)
DRV:64bit: - (HPFXBULK) -- C:\Windows\SysNative\drivers\hpfx64bulk.sys (Hewlett Packard)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01  [binary data]
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions
[2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.09 06:50:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 22:03:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.09 22:03:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.09 22:02:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe
[2013.05.09 21:04:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe
[2013.05.09 20:31:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe
[2013.05.09 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001
[2013.05.09 07:04:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.09 06:54:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.09 06:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.09 06:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.09 06:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.09 06:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.09 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.09 06:35:18 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe
[2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.22 14:13:32 | 000,000,000 | ---D | C] -- C:\found.002
[2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys
[2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys
[2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick
[2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox
[2013.04.11 01:06:59 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 01:06:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 01:06:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 01:06:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 01:06:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 01:06:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 22:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 22:31:48 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 22:27:22 | 000,628,743 | ---- | M] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe
[2013.05.09 22:02:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe
[2013.05.09 21:04:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe
[2013.05.09 21:01:10 | 000,000,512 | ---- | M] () -- C:\Users\xxx xxx\Desktop\MBR.dat
[2013.05.09 20:33:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe
[2013.05.09 19:59:44 | 012,917,756 | ---- | M] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.09 07:39:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 07:39:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 07:39:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 07:39:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 07:39:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 06:50:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.09 06:35:46 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe
[2013.05.07 03:37:18 | 695,744,987 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.07 02:44:08 | 000,377,856 | ---- | M] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe
[2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.09 22:27:20 | 000,628,743 | ---- | C] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe
[2013.05.09 21:01:10 | 000,000,512 | ---- | C] () -- C:\Users\xxx xxx\Desktop\MBR.dat
[2013.05.09 19:59:20 | 012,917,756 | ---- | C] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.09 06:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.09 06:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.09 06:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.09 06:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.09 06:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.07 02:44:07 | 000,377,856 | ---- | C] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe
[2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict
[2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
 
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system | 
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2013 16:32:03 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
[/CODE]

Code:
ATTFilter
OTL logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hpfx64fax.sys (Hewlett Packard)
DRV:64bit: - (HPFXBULK) -- C:\Windows\SysNative\drivers\hpfx64bulk.sys (Hewlett Packard)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01  [binary data]
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions
[2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions
[2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.09 06:50:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 22:03:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.09 22:03:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.09 22:02:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe
[2013.05.09 21:04:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe
[2013.05.09 20:31:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe
[2013.05.09 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001
[2013.05.09 07:04:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.09 06:54:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.09 06:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.09 06:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.09 06:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.09 06:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.09 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.09 06:35:18 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe
[2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.22 14:13:32 | 000,000,000 | ---D | C] -- C:\found.002
[2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys
[2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys
[2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick
[2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox
[2013.04.11 01:06:59 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 01:06:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 01:06:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 01:06:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 01:06:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 01:06:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 22:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 22:31:48 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 22:27:22 | 000,628,743 | ---- | M] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe
[2013.05.09 22:02:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe
[2013.05.09 21:04:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe
[2013.05.09 21:01:10 | 000,000,512 | ---- | M] () -- C:\Users\xxx xxx\Desktop\MBR.dat
[2013.05.09 20:33:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe
[2013.05.09 19:59:44 | 012,917,756 | ---- | M] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.09 07:39:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 07:39:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 07:39:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 07:39:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 07:39:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 06:50:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.09 06:35:46 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe
[2013.05.07 03:37:18 | 695,744,987 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.07 02:44:08 | 000,377,856 | ---- | M] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe
[2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe
[2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.09 22:27:20 | 000,628,743 | ---- | C] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe
[2013.05.09 21:01:10 | 000,000,512 | ---- | C] () -- C:\Users\xxx xxx\Desktop\MBR.dat
[2013.05.09 19:59:20 | 012,917,756 | ---- | C] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip
[2013.05.09 06:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.09 06:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.09 06:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.09 06:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.09 06:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.07 02:44:07 | 000,377,856 | ---- | C] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe
[2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable
[2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe
[2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll
[2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll
[2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg
[2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk
[2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict
[2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
 
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system | 
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2013 16:32:03 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

Geändert von taduli (09.05.2013 um 21:40 Uhr)

Alt 10.05.2013, 18:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2013, 05:30   #11
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxx xxx :: xxxxxx [Administrator]

10.05.2013 21:11:31
mbam-log-2013-05-10 (21-11-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393364
Laufzeit: 1 Stunde(n), 29 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Systemabsturz während der Durchführung von ESET...

2. Versuch

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33ee8a7f7d2f914a965f560b92e1d533
# engine=13803
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-11 07:55:04
# local_time=2013-05-11 09:55:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 914913 233682194 942957 0
# compatibility_mode=5893 16776574 100 94 18639716 119888754 0 0
# scanned=186956
# found=0
# cleaned=0
# scan_time=8899
         

Alt 12.05.2013, 19:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.05.2013, 19:54   #13
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Zitat:
Zitat von cosinus Beitrag anzeigen
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Also, es scheint jedenfalls die ein oder andere Geschichte gelöst. Beispielsweise hatte ich nach dem Hochfahren immer ein System Tray Tool von Avira, das sich gar nicht abschalten lies. Das ist weg. Aber heute hatte ich wieder einen Systemabsturz, was mir zeigt, daß das System eben noch immer 'muckt'.
Keine Ahnung, ob Du mir da auch helfen kannst, aber ich suche mal ein Logfile zum Posten.

Alt 15.05.2013, 10:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.

So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist.

Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.05.2013, 20:32   #15
taduli
 
Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Standard

Regelmäßige Systemabstürze in verschiedensten Formen/Varianten



OK. Das werde ich gelegentlich machen. Da ich das aber in Ruhe prüfen will, schlage ich vor, daß wir hier zu machen. Im Falle eines Falles melde ich mich einfach mit neuem Thema wieder.
Einverstanden ?

Und bis hierher erst einmal VIELEN DANK für Deine Hilfe. Das hat in jedem Fall schon gut geholfen.

Antwort

Themen zu Regelmäßige Systemabstürze in verschiedensten Formen/Varianten
absturz, angezeigt, arbeitet, blue, blue screen, bluescreen, crash, durchgeführt, erbeten, erstellt, firefox, gmer, herunterfahren, hewlett packard, install.exe, keine rückmeldung, launch, minuten, msn deutschland, neustarten, rechner, rückmeldung, screen, sekunden, status, system, windows, windows 7, windows7, woche, wochen



Ähnliche Themen: Regelmäßige Systemabstürze in verschiedensten Formen/Varianten


  1. regelmäßige Spam-E-Mails
    Überwachung, Datenschutz und Spam - 25.12.2014 (6)
  2. Win7 - Regelmäßige Systemabstürze
    Log-Analyse und Auswertung - 10.05.2014 (23)
  3. Befall mit diversen WIN32/Expiro Varianten
    Log-Analyse und Auswertung - 05.05.2014 (5)
  4. Windows 8 - TrojanDropper in 6 Varianten und Adware
    Log-Analyse und Auswertung - 19.01.2014 (13)
  5. Mauszeiger bleibt hakt, verschwindet, nimmt andere Formen an teilweise selbstständiger Neustart
    Alles rund um Windows - 29.10.2013 (6)
  6. Neue Varianten des GVU-Trojaners hat Win 7 System befallen
    Log-Analyse und Auswertung - 26.10.2013 (7)
  7. Mauszeiger hakt, verschwindet, nimmt andere Formen an, selbstständiger Neustart
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (16)
  8. Win7: PUP.Optional. in allen Varianten Delta.a/s/d usw. komplettes System verseucht
    Log-Analyse und Auswertung - 02.09.2013 (13)
  9. Regelmäßige Timeouts - Wireshark-Log
    Log-Analyse und Auswertung - 09.07.2013 (9)
  10. GVU Virus, abgesicherter Modus in allen Varianten gesperrt, WinXP Home
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (17)
  11. TR/Kazy - Trojaner in mehreren Varianten auf meinem Windows Vista Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (20)
  12. Regelmäßige Systemabstürze mit und ohne Bluescreen bzw. schweren Systemfehlern
    Plagegeister aller Art und deren Bekämpfung - 15.01.2012 (11)
  13. VBS:ExeTRDropper-gen [Trj] / 51 Trojanermeldungen in verschiedensten Datein (Win7)
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (27)
  14. Regelmäßige Virenfunde
    Log-Analyse und Auswertung - 27.11.2010 (5)
  15. Hochverfügbarkeit mit Fujitsus x10sure bietet Varianten
    Nachrichten - 22.02.2010 (0)
  16. RBOT LOGON.EXE in allen Formen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2004 (32)
  17. Wurm Beagle in drei neuen Varianten
    Plagegeister aller Art und deren Bekämpfung - 29.10.2004 (4)

Zum Thema Regelmäßige Systemabstürze in verschiedensten Formen/Varianten - Ich kämpfe seit Wochen mit einem 'hängenden' System bis hin zu immer wieder vorkommenden Systemabstürzen (Blue Screen). Mein Rechner arbeitet unter Windows 7, die Anwendungssysteme sind bestmöglich microsoft-frei, d.h. ich - Regelmäßige Systemabstürze in verschiedensten Formen/Varianten...
Archiv
Du betrachtest: Regelmäßige Systemabstürze in verschiedensten Formen/Varianten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.