| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Regelmäßige Systemabstürze in verschiedensten Formen/VariantenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.05.2013, 03:15
| #1 |
 |  Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Ich kämpfe seit Wochen mit einem 'hängenden' System bis hin zu immer wieder vorkommenden Systemabstürzen (Blue Screen). Mein Rechner arbeitet unter Windows 7, die Anwendungssysteme sind bestmöglich microsoft-frei, d.h. ich arbeite mit firefox, thunderbird oder openoffice. Schon im 'Normalzustand' haben die Anwendungsprogramme immer mal wieder Hänger und geben den Status keine Rückmeldung wider. Meist ist das nach 5-10 Sekunden vorbei, manchmal dauert es 1, 2 Minuten und manchmal endet das mit Systemabstürzen. Wie erbeten habe ich die 3 Routinen defogger, OTL und GMER durchgeführt und die log-Files erstellt (poste ich gleich). Danach wollte ich das System neustarten, dabei wurde das Windows-Systembild Herunterfahren angezeigt und nach 2-3 Minuten Bluescreen mit Verweis auf Crash Dump. Ich hoffe, für eine erste Beurteilung reicht diese Beschreibung. defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:13 on 06/05/2013 (xxx xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.05.2013 21:17:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 69,38% Memory free 5,75 Gb Paging File | 4,75 Gb Available in Paging File | 82,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 161,37 Gb Total Space | 111,40 Gb Free Space | 69,04% Space Free | Partition Type: NTFS Drive E: | 136,72 Gb Total Space | 96,49 Gb Free Space | 70,58% Space Free | Partition Type: NTFS Drive F: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe PRC - [2013.04.10 09:15:58 | 027,151,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.19 09:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2008.03.13 19:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2013.03.23 08:05:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.03.23 07:40:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013.03.23 07:40:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.23 07:40:29 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.03.23 07:40:28 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.03.23 07:39:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.23 07:39:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.23 07:39:10 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll MOD - [2013.03.23 07:39:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.23 07:38:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.23 07:38:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.23 07:38:44 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2010.11.13 02:08:42 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.05.21 22:52:22 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2007.02.06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2013.05.06 20:13:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.19 17:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2011.04.10 22:07:33 | 009,663,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.08.30 08:52:28 | 001,109,296 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772) DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.04.10 22:07:57 | 000,206,960 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd) DRV:64bit: - [2011.04.10 22:07:57 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr) DRV:64bit: - [2011.04.10 20:08:50 | 000,017,408 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 03:53:10 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.04.20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey) DRV:64bit: - [2008.04.24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008.03.07 13:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2007.07.16 21:29:34 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX) DRV:64bit: - [2007.07.16 21:29:24 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK) DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/" FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions [2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B11ED7E-EF1E-4107-A178-D50876DA2159}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ] O32 - Unable to obtain root file information for disk C:\ O32 - AutoRun File - [2008.03.13 22:39:50 | 000,000,070 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0902d1d5-fe50-11e1-bb0b-001e377be0ec}\Shell - "" = AutoRun O33 - MountPoints2\{0902d1d5-fe50-11e1-bb0b-001e377be0ec}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{20bb752a-0288-11e2-8455-001e377be0ec}\Shell - "" = AutoRun O33 - MountPoints2\{20bb752a-0288-11e2-8455-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{5bbd8249-42e6-11e2-b676-001e377be0ec}\Shell - "" = AutoRun O33 - MountPoints2\{5bbd8249-42e6-11e2-b676-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{b80e9704-ff29-11e1-9bd4-001a4b92db6b}\Shell - "" = AutoRun O33 - MountPoints2\{b80e9704-ff29-11e1-9bd4-001a4b92db6b}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{b80e9708-ff29-11e1-9bd4-001a4b92db6b}\Shell - "" = AutoRun O33 - MountPoints2\{b80e9708-ff29-11e1-9bd4-001a4b92db6b}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{bd0196ef-fe7f-11e1-b499-001e377be0ec}\Shell - "" = AutoRun O33 - MountPoints2\{bd0196ef-fe7f-11e1-b499-001e377be0ec}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- [2008.03.13 20:33:06 | 000,323,584 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.22 14:13:32 | 000,000,000 | -HSD | C] -- C:\found.002 [2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys [2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys [2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick [2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox [2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files - Modified Within 30 Days ========== [2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.05.06 20:01:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 20:01:05 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 20:01:05 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 20:01:05 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 20:01:05 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.06 19:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 19:53:33 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 19:52:13 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.21 18:28:07 | 373,567,763 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dlumd10.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files Created - No Company Name ========== [2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.05.06 19:52:13 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat [2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict [2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.06 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox [2012.10.29 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Haufe Mediengruppe [2012.10.28 20:54:54 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Lexware [2012.09.25 17:57:19 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\OpenOffice.org [2012.10.24 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Thunderbird [2012.09.14 17:33:01 | 000,000,000 | ---D | M] -- C:\Users\xxx xxx\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 32 bytes -> C:\Windows:CM_5e87cca86cbd1bba752be44e854d9765306e2ee7d2f08af16077c77cede2fdb4 @Alternate Data Stream - 32 bytes -> C:\Windows:CM_4834b3984f67aa5dcfda6d6bc9ddab2e424aa6a4b13ab4bf79e16f1d68f82380 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.05.2013 21:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 69,38% Memory free
5,75 Gb Paging File | 4,75 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 111,40 Gb Free Space | 69,04% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 96,49 Gb Free Space | 70,58% Space Free | Partition Type: NTFS
Drive F: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system |
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2013 11:46:10 | Computer Name = xxxxxx | Source = RasClient | ID = 20227
Description =
Error - 30.04.2013 11:48:22 | Computer Name = xxxxxx | Source = RasClient | ID = 20227
Description =
Error - 30.04.2013 13:46:50 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 02.05.2013 00:51:10 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 02.05.2013 02:12:30 | Computer Name = xxxxxx | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 02.05.2013 07:52:49 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 02.05.2013 14:37:13 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 03.05.2013 14:24:17 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 06.05.2013 03:56:33 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 06.05.2013 10:29:34 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 06.05.2013 13:54:00 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ System Events ]
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.05.2013 15:23:34 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.05.2013 15:28:50 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-07 03:15:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0001BSM2 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxx~1\AppData\Local\Temp\uxloypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002df6000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002df6042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[2332] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077381465 2 bytes [38, 77]
.text C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe[2332] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000773814bb 2 bytes [38, 77]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077381465 2 bytes [38, 77]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773814bb 2 bytes [38, 77]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e377be0ec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e377be0ec (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
07.05.2013, 22:21
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.05.2013, 05:46
| #3 | ||
| | Regelmäßige Systemabstürze in verschiedensten Formen/VariantenZitat:
Oder anders: Keine Ahnung. Diese Ultimate Edition hat mir ein Servicemensch installiert, nachdem mir die alte Festplatte abgeraucht war und er eine neue eingebaut hat. EIgentlich wollte ich damals Linux. Zitat:
|
|
08.05.2013, 08:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Hm, ich hoffe mal der Servicemensch hat dir kein schwarzes/kompromittiertes (underground) Windows installiert Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte ein Log mit combofix machen Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.05.2013, 05:58
| #5 |
| | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Erledigt. Allerdings hat er bis zum Schluß behauptet, mein Virenscanner (Avira) sei noch aktiv, selbst nachdem ich im Taskmanager einfach den Prozess gekillt habe. Code:
ATTFilter ComboFix 13-05-08.02 - xxx xxx 09.05.2013 6:44.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2943.2080 [GMT 2:00]
ausgeführt von:: c:\users\xxx xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 64 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-09 bis 2013-05-09 ))))))))))))))))))))))))))))))
.
.
2013-05-09 04:50 . 2013-05-09 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 18:13 . 2013-05-06 18:13 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-26 19:34 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 12:13 . 2013-04-22 12:13 -------- d-----w- C:\found.002
2013-04-20 08:12 . 2011-04-10 20:07 206960 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2013-04-20 08:12 . 2011-04-10 20:07 13936 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2013-04-20 08:10 . 2013-04-20 08:10 0 ----a-w- c:\windows\system32\dlumd9.dll
2013-04-20 08:10 . 2013-04-20 08:10 0 ----a-w- c:\windows\system32\dlumd11.dll
2013-04-20 08:10 . 2013-04-20 08:10 0 ----a-w- c:\windows\system32\dlumd10.dll
2013-04-17 06:11 . 2013-05-08 20:04 -------- d-----w- c:\users\xxx xxx\AppData\Roaming\Dropbox
2013-04-10 23:07 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 23:07 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 23:06 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 23:06 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 23:06 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 23:06 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 23:06 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 23:06 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 22:52 . 2013-04-10 22:52 -------- d-----w- c:\users\xxx xxx\AppData\Roaming\Malwarebytes
2013-04-10 22:52 . 2013-04-10 22:52 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 22:52 . 2013-04-10 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-10 22:52 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 23:09 . 2012-10-04 19:51 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-06 14:13 . 2013-03-29 13:55 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-03 09:39 . 2012-10-07 12:42 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-03-03 09:39 . 2012-10-07 12:42 14848 ----a-w- c:\windows\system32\slwga.dll
2013-03-03 09:39 . 2012-10-07 12:42 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2013-03-03 09:39 . 2012-10-07 12:43 1008640 ----a-w- c:\windows\system32\user32.dll
2013-03-03 09:39 . 2012-10-07 12:43 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-02-26 14:56 . 2013-03-29 13:55 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-26 14:56 . 2013-03-29 13:55 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-12 05:45 . 2013-03-23 04:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-23 04:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-23 04:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-23 04:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-23 04:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-23 04:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-23 04:08 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-03-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-03-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 61440]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
.
c:\users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-10 17408]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [2007-07-16 23064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 13936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-08-30 1109296]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 206960]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 164016 ----a-w- c:\users\xxx xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\xxx xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jq5fr39m.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.nachrichten.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-09 06:54:09
ComboFix-quarantined-files.txt 2013-05-09 04:54
.
Vor Suchlauf: 12 Verzeichnis(se), 119.740.882.944 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 119.912.931.328 Bytes frei
.
- - End Of File - - 11BF59D6F6FEC2AC0150718484E87E15
|
|
09.05.2013, 16:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Regelmäßige Systemabstürze in verschiedensten Formen/Varianten |
|
09.05.2013, 19:30
| #7 |
| | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Hier mal Teil 1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.09.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxx xxx :: xxxxxx [administrator]
09.05.2013 20:25:30
mbar-log-2013-05-09 (20-25-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28896
Time elapsed: 19 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-09 20:34:18
-----------------------------
20:34:18.245 OS Version: Windows x64 6.1.7601 Service Pack 1
20:34:18.245 Number of processors: 2 586 0x6802
20:34:18.246 ComputerName: xxxxxx UserName:
20:34:24.251 Initialize success
20:37:27.473 AVAST engine defs: 13050900
20:37:53.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:37:53.950 Disk 0 Vendor: ST9320423AS 0001BSM2 Size: 305245MB BusType: 3
20:37:54.081 Disk 0 MBR read successfully
20:37:54.083 Disk 0 MBR scan
20:37:54.093 Disk 0 Windows 7 default MBR code
20:37:54.107 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 165243 MB offset 2048
20:37:54.136 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 139999 MB offset 338419712
20:37:54.204 Disk 0 scanning C:\Windows\system32\drivers
20:38:22.341 Service scanning
20:38:55.339 Modules scanning
20:38:55.349 Disk 0 trace - called modules:
20:38:55.379 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:38:55.384 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003449060]
20:38:55.391 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8003448860]
20:38:55.399 5 hpdskflt.sys[fffff880018ba189] -> nt!IofCallDriver -> [0xfffffa8003203520]
20:38:55.408 7 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003213060]
20:39:01.465 AVAST engine scan C:\Windows
20:39:08.895 AVAST engine scan C:\Windows\system32
20:46:02.738 AVAST engine scan C:\Windows\system32\drivers
20:46:29.972 AVAST engine scan C:\Users\xxx xxx
20:52:50.228 AVAST engine scan C:\ProgramData
20:53:58.937 Scan finished successfully
21:01:10.359 Disk 0 MBR has been saved successfully to "C:\Users\xxx xxx\Desktop\MBR.dat"
21:01:10.367 The log file has been saved successfully to "C:\Users\xxx xxx\Desktop\aswMBR.txt"
Code:
ATTFilter 21:05:52.0295 1052 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:05:52.0870 1052 ============================================================
21:05:52.0870 1052 Current date / time: 2013/05/09 21:05:52.0870
21:05:52.0870 1052 SystemInfo:
21:05:52.0870 1052
21:05:52.0870 1052 OS Version: 6.1.7601 ServicePack: 1.0
21:05:52.0870 1052 Product type: Workstation
21:05:52.0870 1052 ComputerName: xxxxxx
21:05:52.0870 1052 UserName: xxx xxx
21:05:52.0870 1052 Windows directory: C:\Windows
21:05:52.0870 1052 System windows directory: C:\Windows
21:05:52.0870 1052 Running under WOW64
21:05:52.0870 1052 Processor architecture: Intel x64
21:05:52.0870 1052 Number of processors: 2
21:05:52.0870 1052 Page size: 0x1000
21:05:52.0870 1052 Boot type: Normal boot
21:05:52.0870 1052 ============================================================
21:05:55.0521 1052 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:55.0528 1052 ============================================================
21:05:55.0528 1052 \Device\Harddisk0\DR0:
21:05:55.0528 1052 MBR partitions:
21:05:55.0528 1052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x142BD800
21:05:55.0528 1052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142BE000, BlocksNum 0x1116F800
21:05:55.0528 1052 ============================================================
21:05:55.0573 1052 C: <-> \Device\Harddisk0\DR0\Partition1
21:05:55.0615 1052 E: <-> \Device\Harddisk0\DR0\Partition2
21:05:55.0615 1052 ============================================================
21:05:55.0615 1052 Initialize success
21:05:55.0615 1052 ============================================================
21:06:40.0523 0992 ============================================================
21:06:40.0523 0992 Scan started
21:06:40.0523 0992 Mode: Manual; SigCheck; TDLFS;
21:06:40.0523 0992 ============================================================
21:06:42.0117 0992 ================ Scan system memory ========================
21:06:42.0118 0992 System memory - ok
21:06:42.0118 0992 ================ Scan services =============================
21:06:42.0290 0992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:06:42.0825 0992 1394ohci - ok
21:06:42.0871 0992 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
21:06:42.0976 0992 61883 - ok
21:06:43.0008 0992 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:06:43.0106 0992 Accelerometer - ok
21:06:43.0166 0992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:06:43.0193 0992 ACPI - ok
21:06:43.0243 0992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:06:43.0358 0992 AcpiPmi - ok
21:06:43.0426 0992 [ 7966C2E1D2FC95BD6246AC1E45BA5E31 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:06:43.0506 0992 ADIHdAudAddService - ok
21:06:43.0606 0992 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:43.0625 0992 AdobeARMservice - ok
21:06:44.0588 0992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:44.0627 0992 adp94xx - ok
21:06:44.0663 0992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:06:44.0691 0992 adpahci - ok
21:06:44.0713 0992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:06:44.0737 0992 adpu320 - ok
21:06:44.0772 0992 [ 460D73F2AED144455D55C18068DBC90D ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
21:06:44.0796 0992 AEADIFilters - ok
21:06:44.0822 0992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:06:44.0965 0992 AeLookupSvc - ok
21:06:45.0027 0992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:06:45.0142 0992 AFD - ok
21:06:45.0198 0992 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
21:06:45.0408 0992 AgereSoftModem - ok
21:06:45.0458 0992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:06:45.0477 0992 agp440 - ok
21:06:45.0496 0992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:06:45.0561 0992 ALG - ok
21:06:45.0580 0992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:06:45.0598 0992 aliide - ok
21:06:45.0620 0992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:06:45.0637 0992 amdide - ok
21:06:45.0675 0992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:06:45.0751 0992 AmdK8 - ok
21:06:45.0771 0992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:06:45.0817 0992 AmdPPM - ok
21:06:45.0857 0992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:06:45.0877 0992 amdsata - ok
21:06:45.0904 0992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:45.0928 0992 amdsbs - ok
21:06:45.0947 0992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:06:45.0964 0992 amdxata - ok
21:06:46.0065 0992 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:06:46.0083 0992 AntiVirSchedulerService - ok
21:06:46.0156 0992 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:06:46.0173 0992 AntiVirService - ok
21:06:46.0216 0992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:06:46.0467 0992 AppID - ok
21:06:46.0498 0992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:06:46.0568 0992 AppIDSvc - ok
21:06:46.0601 0992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:06:46.0668 0992 Appinfo - ok
21:06:46.0708 0992 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:06:46.0783 0992 AppMgmt - ok
21:06:46.0821 0992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:06:46.0840 0992 arc - ok
21:06:46.0854 0992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:06:46.0875 0992 arcsas - ok
21:06:46.0898 0992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:46.0964 0992 AsyncMac - ok
21:06:47.0001 0992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:06:47.0017 0992 atapi - ok
21:06:47.0074 0992 [ 87CBB283CE47286B9EE8E210D5C3E320 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:06:47.0174 0992 Ati External Event Utility - ok
21:06:47.0305 0992 [ 15BF9FB3D246CEEA8B929B6B61C194AE ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:06:47.0481 0992 atikmdag - ok
21:06:47.0565 0992 [ 23C140EA2ADA4F0E034F682C57F8DE62 ] ATSwpWDF C:\Windows\system32\DRIVERS\ATSwpWDF.sys
21:06:47.0622 0992 ATSwpWDF - ok
21:06:47.0685 0992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:06:47.0776 0992 AudioEndpointBuilder - ok
21:06:47.0809 0992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:06:47.0866 0992 AudioSrv - ok
21:06:47.0917 0992 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
21:06:47.0954 0992 Avc - ok
21:06:48.0014 0992 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:06:48.0035 0992 avgntflt - ok
21:06:48.0094 0992 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:06:48.0116 0992 avipbb - ok
21:06:48.0156 0992 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:06:48.0174 0992 avkmgr - ok
21:06:48.0224 0992 [ 803B9A93C8D8B72414D7D05DC1A47F34 ] AX88772 C:\Windows\system32\DRIVERS\ax88772.sys
21:06:48.0286 0992 AX88772 - ok
21:06:48.0343 0992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:06:48.0455 0992 AxInstSV - ok
21:06:48.0494 0992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:48.0559 0992 b06bdrv - ok
21:06:48.0599 0992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:48.0646 0992 b57nd60a - ok
21:06:48.0750 0992 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:06:48.0869 0992 BCM43XX - ok
21:06:48.0900 0992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:06:48.0965 0992 BDESVC - ok
21:06:48.0988 0992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:06:49.0057 0992 Beep - ok
21:06:49.0134 0992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:06:49.0203 0992 BFE - ok
21:06:49.0237 0992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:06:49.0340 0992 BITS - ok
21:06:49.0381 0992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:49.0420 0992 blbdrive - ok
21:06:49.0453 0992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:06:49.0525 0992 bowser - ok
21:06:49.0549 0992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:49.0614 0992 BrFiltLo - ok
21:06:49.0639 0992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:49.0662 0992 BrFiltUp - ok
21:06:49.0777 0992 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:06:49.0852 0992 BridgeMP - ok
21:06:49.0972 0992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:06:50.0016 0992 Browser - ok
21:06:50.0039 0992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:06:50.0084 0992 Brserid - ok
21:06:50.0112 0992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:50.0156 0992 BrSerWdm - ok
21:06:50.0179 0992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:50.0202 0992 BrUsbMdm - ok
21:06:50.0210 0992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:50.0231 0992 BrUsbSer - ok
21:06:50.0291 0992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:06:50.0439 0992 BthEnum - ok
21:06:50.0457 0992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:50.0501 0992 BTHMODEM - ok
21:06:50.0535 0992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:06:50.0579 0992 BthPan - ok
21:06:50.0618 0992 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:06:50.0693 0992 BTHPORT - ok
21:06:50.0724 0992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:06:50.0791 0992 bthserv - ok
21:06:50.0821 0992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:06:50.0855 0992 BTHUSB - ok
21:06:50.0890 0992 catchme - ok
21:06:50.0922 0992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:06:50.0989 0992 cdfs - ok
21:06:51.0023 0992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:06:51.0063 0992 cdrom - ok
21:06:51.0128 0992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:06:51.0199 0992 CertPropSvc - ok
21:06:51.0228 0992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:06:51.0272 0992 circlass - ok
21:06:51.0321 0992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:06:51.0351 0992 CLFS - ok
21:06:51.0417 0992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:51.0435 0992 clr_optimization_v2.0.50727_32 - ok
21:06:51.0479 0992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:51.0498 0992 clr_optimization_v2.0.50727_64 - ok
21:06:51.0589 0992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:51.0636 0992 clr_optimization_v4.0.30319_32 - ok
21:06:51.0698 0992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:51.0719 0992 clr_optimization_v4.0.30319_64 - ok
21:06:51.0756 0992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:51.0795 0992 CmBatt - ok
21:06:51.0826 0992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:06:51.0844 0992 cmdide - ok
21:06:51.0892 0992 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:06:51.0945 0992 CNG - ok
21:06:52.0133 0992 [ 360959BBD4F451E1AB811F4304232766 ] CodeMeter.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
21:06:52.0230 0992 CodeMeter.exe - ok
21:06:52.0305 0992 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:06:52.0329 0992 Com4QLBEx - ok
21:06:52.0348 0992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:06:52.0366 0992 Compbatt - ok
21:06:52.0408 0992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:06:52.0453 0992 CompositeBus - ok
21:06:52.0475 0992 COMSysApp - ok
21:06:52.0488 0992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:52.0505 0992 crcdisk - ok
21:06:52.0559 0992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:06:52.0637 0992 CryptSvc - ok
21:06:52.0687 0992 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:06:52.0797 0992 CSC - ok
21:06:52.0859 0992 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:06:52.0911 0992 CscService - ok
21:06:52.0950 0992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:06:53.0032 0992 DcomLaunch - ok
21:06:53.0068 0992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:06:53.0148 0992 defragsvc - ok
21:06:53.0190 0992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:06:53.0261 0992 DfsC - ok
21:06:53.0299 0992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:06:53.0371 0992 Dhcp - ok
21:06:53.0401 0992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:06:53.0475 0992 discache - ok
21:06:53.0502 0992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:06:53.0522 0992 Disk - ok
21:06:53.0847 0992 [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
21:06:55.0109 0992 DisplayLinkService - ok
21:06:55.0133 0992 [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
21:06:55.0207 0992 DisplayLinkUsbPort - ok
21:06:55.0276 0992 [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
21:06:55.0297 0992 dlkmd - ok
21:06:55.0331 0992 [ B701A03D4C256A288D89D615E139CB7C ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
21:06:55.0347 0992 dlkmdldr - ok
21:06:55.0392 0992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:06:55.0461 0992 Dnscache - ok
21:06:55.0513 0992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:06:55.0585 0992 dot3svc - ok
21:06:55.0631 0992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:06:55.0705 0992 DPS - ok
21:06:55.0729 0992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:06:55.0762 0992 drmkaud - ok
21:06:55.0821 0992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:06:55.0875 0992 DXGKrnl - ok
21:06:55.0904 0992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:06:55.0971 0992 EapHost - ok
21:06:56.0113 0992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:06:56.0325 0992 ebdrv - ok
21:06:56.0367 0992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:06:56.0430 0992 EFS - ok
21:06:56.0479 0992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:06:56.0572 0992 ehRecvr - ok
21:06:56.0604 0992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:06:56.0667 0992 ehSched - ok
21:06:56.0704 0992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:06:56.0743 0992 elxstor - ok
21:06:56.0784 0992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:06:56.0821 0992 ErrDev - ok
21:06:56.0882 0992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:06:56.0941 0992 EventSystem - ok
21:06:56.0967 0992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:06:57.0023 0992 exfat - ok
21:06:57.0040 0992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:06:57.0095 0992 fastfat - ok
21:06:57.0161 0992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:06:57.0226 0992 Fax - ok
21:06:57.0247 0992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:06:57.0286 0992 fdc - ok
21:06:57.0324 0992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:06:57.0394 0992 fdPHost - ok
21:06:57.0422 0992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:06:57.0485 0992 FDResPub - ok
21:06:57.0517 0992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:06:57.0537 0992 FileInfo - ok
21:06:57.0560 0992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:06:57.0618 0992 Filetrace - ok
21:06:57.0626 0992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:57.0646 0992 flpydisk - ok
21:06:57.0697 0992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:06:57.0723 0992 FltMgr - ok
21:06:57.0773 0992 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:06:57.0902 0992 FontCache - ok
21:06:57.0968 0992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:57.0985 0992 FontCache3.0.0.0 - ok
21:06:58.0002 0992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:06:58.0022 0992 FsDepends - ok
21:06:58.0065 0992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:06:58.0083 0992 Fs_Rec - ok
21:06:58.0137 0992 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:06:58.0166 0992 fvevol - ok
21:06:58.0185 0992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:58.0206 0992 gagp30kx - ok
21:06:58.0269 0992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:06:58.0356 0992 gpsvc - ok
21:06:58.0408 0992 [ 965FC9D0BD1E13B02DC71B77B68092F4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn64.sys
21:06:58.0430 0992 HBtnKey - ok
21:06:58.0446 0992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:06:58.0531 0992 hcw85cir - ok
21:06:58.0585 0992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:06:58.0633 0992 HdAudAddService - ok
21:06:58.0665 0992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:06:58.0708 0992 HDAudBus - ok
21:06:58.0731 0992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:58.0770 0992 HidBatt - ok
21:06:58.0890 0992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:06:58.0915 0992 HidBth - ok
21:06:58.0932 0992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:06:58.0969 0992 HidIr - ok
21:06:59.0005 0992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:06:59.0055 0992 hidserv - ok
21:06:59.0085 0992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:06:59.0104 0992 HidUsb - ok
21:06:59.0147 0992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:06:59.0214 0992 hkmsvc - ok
21:06:59.0250 0992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:06:59.0309 0992 HomeGroupListener - ok
21:06:59.0355 0992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:06:59.0393 0992 HomeGroupProvider - ok
21:06:59.0429 0992 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:06:59.0446 0992 hpdskflt - ok
21:06:59.0484 0992 [ DBD2BB97A574FC565B1EB5C0A03F917A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys
21:06:59.0500 0992 HPFXBULK - ok
21:06:59.0541 0992 [ 219C2A07FD07023D3905C332BF6F9BA8 ] HPFXFAX C:\Windows\system32\drivers\hpfx64fax.sys
21:06:59.0558 0992 HPFXFAX - ok
21:06:59.0605 0992 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:06:59.0656 0992 HpqKbFiltr - ok
21:06:59.0710 0992 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:06:59.0733 0992 hpqwmiex - ok
21:06:59.0782 0992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:06:59.0801 0992 HpSAMD - ok
21:06:59.0812 0992 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
21:06:59.0831 0992 hpsrv - ok
21:06:59.0899 0992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:06:59.0984 0992 HTTP - ok
21:07:00.0035 0992 [ 1A5DA10E18FC2643E94C5DC7FA965868 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:07:00.0091 0992 hwdatacard - ok
21:07:00.0139 0992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:07:00.0157 0992 hwpolicy - ok
21:07:00.0172 0992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:07:00.0194 0992 i8042prt - ok
21:07:00.0225 0992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:07:00.0255 0992 iaStorV - ok
21:07:00.0331 0992 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:07:00.0343 0992 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:07:00.0343 0992 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:07:00.0388 0992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:00.0438 0992 idsvc - ok
21:07:00.0469 0992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:07:00.0488 0992 iirsp - ok
21:07:00.0556 0992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:07:00.0652 0992 IKEEXT - ok
21:07:00.0685 0992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:07:00.0703 0992 intelide - ok
21:07:00.0723 0992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:07:00.0762 0992 intelppm - ok
21:07:00.0796 0992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:07:00.0867 0992 IPBusEnum - ok
21:07:00.0902 0992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:00.0965 0992 IpFilterDriver - ok
21:07:01.0013 0992 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:07:01.0119 0992 iphlpsvc - ok
21:07:01.0166 0992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:07:01.0188 0992 IPMIDRV - ok
21:07:01.0203 0992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:07:01.0275 0992 IPNAT - ok
21:07:01.0301 0992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:07:01.0381 0992 IRENUM - ok
21:07:01.0395 0992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:07:01.0413 0992 isapnp - ok
21:07:01.0437 0992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:07:01.0463 0992 iScsiPrt - ok
21:07:01.0483 0992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:07:01.0502 0992 kbdclass - ok
21:07:01.0524 0992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:07:01.0560 0992 kbdhid - ok
21:07:01.0589 0992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:07:01.0607 0992 KeyIso - ok
21:07:01.0644 0992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:07:01.0665 0992 KSecDD - ok
21:07:01.0713 0992 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:07:01.0736 0992 KSecPkg - ok
21:07:01.0752 0992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:07:01.0823 0992 ksthunk - ok
21:07:01.0862 0992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:07:01.0940 0992 KtmRm - ok
21:07:02.0011 0992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:07:02.0085 0992 LanmanServer - ok
21:07:02.0124 0992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:07:02.0199 0992 LanmanWorkstation - ok
21:07:02.0238 0992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:07:02.0304 0992 lltdio - ok
21:07:02.0342 0992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:07:02.0416 0992 lltdsvc - ok
21:07:02.0441 0992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:07:02.0491 0992 lmhosts - ok
21:07:02.0520 0992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:02.0541 0992 LSI_FC - ok
21:07:02.0554 0992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:02.0576 0992 LSI_SAS - ok
21:07:02.0585 0992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:02.0605 0992 LSI_SAS2 - ok
21:07:02.0626 0992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:02.0650 0992 LSI_SCSI - ok
21:07:02.0664 0992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:07:02.0734 0992 luafv - ok
21:07:02.0775 0992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:07:02.0818 0992 Mcx2Svc - ok
21:07:02.0842 0992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:07:02.0861 0992 megasas - ok
21:07:02.0877 0992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:02.0906 0992 MegaSR - ok
21:07:02.0925 0992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:07:02.0994 0992 MMCSS - ok
21:07:03.0023 0992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:07:03.0094 0992 Modem - ok
21:07:03.0125 0992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:07:03.0168 0992 monitor - ok
21:07:03.0202 0992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:07:03.0221 0992 mouclass - ok
21:07:03.0249 0992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:07:03.0268 0992 mouhid - ok
21:07:03.0311 0992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:07:03.0331 0992 mountmgr - ok
21:07:03.0373 0992 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:07:03.0393 0992 MozillaMaintenance - ok
21:07:03.0410 0992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:07:03.0432 0992 mpio - ok
21:07:03.0451 0992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:07:03.0518 0992 mpsdrv - ok
21:07:03.0576 0992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:07:03.0653 0992 MpsSvc - ok
21:07:03.0704 0992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:07:03.0733 0992 MRxDAV - ok
21:07:03.0783 0992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:03.0855 0992 mrxsmb - ok
21:07:03.0886 0992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:03.0926 0992 mrxsmb10 - ok
21:07:04.0958 0992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:04.0999 0992 mrxsmb20 - ok
21:07:05.0028 0992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:07:05.0046 0992 msahci - ok
21:07:05.0092 0992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:07:05.0114 0992 msdsm - ok
21:07:05.0128 0992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:07:05.0171 0992 MSDTC - ok
21:07:05.0244 0992 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
21:07:05.0266 0992 MSDV - ok
21:07:05.0292 0992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:07:05.0344 0992 Msfs - ok
21:07:05.0360 0992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:07:05.0414 0992 mshidkmdf - ok
21:07:05.0453 0992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:07:05.0471 0992 msisadrv - ok
21:07:05.0508 0992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:07:05.0583 0992 MSiSCSI - ok
21:07:05.0594 0992 msiserver - ok
21:07:05.0627 0992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:07:05.0700 0992 MSKSSRV - ok
21:07:05.0708 0992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:05.0762 0992 MSPCLOCK - ok
21:07:05.0791 0992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:07:05.0863 0992 MSPQM - ok
21:07:05.0912 0992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:07:05.0941 0992 MsRPC - ok
21:07:05.0963 0992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:07:05.0982 0992 mssmbios - ok
21:07:06.0000 0992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:07:06.0065 0992 MSTEE - ok
21:07:06.0095 0992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:06.0116 0992 MTConfig - ok
21:07:06.0140 0992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:07:06.0161 0992 Mup - ok
21:07:06.0188 0992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:07:06.0262 0992 napagent - ok
21:07:06.0311 0992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:07:06.0357 0992 NativeWifiP - ok
21:07:06.0411 0992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:07:06.0464 0992 NDIS - ok
21:07:06.0479 0992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:06.0531 0992 NdisCap - ok
21:07:06.0555 0992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:06.0624 0992 NdisTapi - ok
21:07:06.0665 0992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:06.0734 0992 Ndisuio - ok
21:07:06.0771 0992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:06.0842 0992 NdisWan - ok
21:07:06.0876 0992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:07:06.0943 0992 NDProxy - ok
21:07:06.0983 0992 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:07:06.0991 0992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:07:06.0992 0992 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:07:07.0006 0992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:07:07.0073 0992 NetBIOS - ok
21:07:07.0114 0992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:07:07.0167 0992 NetBT - ok
21:07:07.0183 0992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:07:07.0203 0992 Netlogon - ok
21:07:07.0241 0992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:07:07.0322 0992 Netman - ok
21:07:07.0359 0992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:07:07.0444 0992 netprofm - ok
21:07:07.0480 0992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:07.0498 0992 NetTcpPortSharing - ok
21:07:07.0513 0992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:07.0534 0992 nfrd960 - ok
21:07:07.0556 0992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:07:07.0597 0992 NlaSvc - ok
21:07:07.0627 0992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:07:07.0678 0992 Npfs - ok
21:07:07.0693 0992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:07:07.0760 0992 nsi - ok
21:07:07.0777 0992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:07:07.0841 0992 nsiproxy - ok
21:07:07.0910 0992 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:07:07.0984 0992 Ntfs - ok
21:07:08.0001 0992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:07:08.0052 0992 Null - ok
21:07:08.0097 0992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:07:08.0120 0992 nvraid - ok
21:07:08.0138 0992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:07:08.0162 0992 nvstor - ok
21:07:08.0185 0992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:07:08.0206 0992 nv_agp - ok
21:07:08.0221 0992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:07:08.0242 0992 ohci1394 - ok
21:07:08.0268 0992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:07:08.0314 0992 p2pimsvc - ok
21:07:08.0344 0992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:07:08.0374 0992 p2psvc - ok
21:07:08.0390 0992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:07:08.0412 0992 Parport - ok
21:07:08.0458 0992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:07:08.0476 0992 partmgr - ok
21:07:08.0500 0992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:07:08.0545 0992 PcaSvc - ok
21:07:08.0575 0992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:07:08.0597 0992 pci - ok
21:07:08.0614 0992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:07:08.0633 0992 pciide - ok
21:07:08.0652 0992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:08.0676 0992 pcmcia - ok
21:07:08.0697 0992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:07:08.0716 0992 pcw - ok
21:07:08.0745 0992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:07:08.0846 0992 PEAUTH - ok
21:07:08.0936 0992 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:07:09.0041 0992 PeerDistSvc - ok
21:07:09.0144 0992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:07:09.0186 0992 PerfHost - ok
21:07:09.0265 0992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:07:09.0377 0992 pla - ok
21:07:09.0424 0992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:07:09.0486 0992 PlugPlay - ok
21:07:09.0534 0992 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:07:09.0563 0992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:07:09.0563 0992 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:07:09.0587 0992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:07:09.0623 0992 PNRPAutoReg - ok
21:07:09.0654 0992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:07:09.0677 0992 PNRPsvc - ok
21:07:09.0704 0992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:07:09.0788 0992 PolicyAgent - ok
21:07:09.0827 0992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:07:09.0901 0992 Power - ok
21:07:09.0933 0992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:07:10.0004 0992 PptpMiniport - ok
21:07:10.0040 0992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:07:10.0077 0992 Processor - ok
21:07:10.0111 0992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:07:10.0168 0992 ProfSvc - ok
21:07:10.0186 0992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:07:10.0206 0992 ProtectedStorage - ok
21:07:10.0253 0992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:07:10.0304 0992 Psched - ok
21:07:10.0411 0992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:07:10.0540 0992 ql2300 - ok
21:07:10.0560 0992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:10.0583 0992 ql40xx - ok
21:07:10.0618 0992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:07:10.0651 0992 QWAVE - ok
21:07:10.0672 0992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:07:10.0717 0992 QWAVEdrv - ok
21:07:10.0751 0992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:07:10.0821 0992 RasAcd - ok
21:07:10.0874 0992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:10.0924 0992 RasAgileVpn - ok
21:07:10.0943 0992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:07:11.0000 0992 RasAuto - ok
21:07:11.0044 0992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:11.0113 0992 Rasl2tp - ok
21:07:11.0144 0992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:07:11.0202 0992 RasMan - ok
21:07:11.0224 0992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:11.0283 0992 RasPppoe - ok
21:07:11.0298 0992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:07:11.0373 0992 RasSstp - ok
21:07:11.0407 0992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:07:11.0485 0992 rdbss - ok
21:07:11.0513 0992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:11.0539 0992 rdpbus - ok
21:07:11.0557 0992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:11.0627 0992 RDPCDD - ok
21:07:11.0670 0992 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:07:11.0710 0992 RDPDR - ok
21:07:11.0742 0992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:07:11.0815 0992 RDPENCDD - ok
21:07:11.0839 0992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:07:11.0889 0992 RDPREFMP - ok
21:07:11.0952 0992 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:07:12.0003 0992 RdpVideoMiniport - ok
21:07:12.0061 0992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:07:12.0154 0992 RDPWD - ok
21:07:12.0213 0992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:07:12.0249 0992 rdyboost - ok
21:07:12.0294 0992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:07:12.0376 0992 RemoteAccess - ok
21:07:12.0421 0992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:07:12.0536 0992 RemoteRegistry - ok
21:07:12.0590 0992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:07:12.0630 0992 RFCOMM - ok
21:07:12.0690 0992 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:07:12.0748 0992 RimUsb - ok
21:07:12.0767 0992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:07:12.0834 0992 RpcEptMapper - ok
21:07:12.0863 0992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:07:12.0899 0992 RpcLocator - ok
21:07:12.0940 0992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:07:12.0998 0992 RpcSs - ok
21:07:13.0026 0992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:07:13.0094 0992 rspndr - ok
21:07:13.0139 0992 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:07:13.0203 0992 s3cap - ok
21:07:13.0214 0992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:07:13.0232 0992 SamSs - ok
21:07:13.0250 0992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:07:13.0270 0992 sbp2port - ok
21:07:13.0289 0992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:07:13.0367 0992 SCardSvr - ok
21:07:13.0404 0992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:07:13.0467 0992 scfilter - ok
21:07:13.0516 0992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:07:13.0605 0992 Schedule - ok
21:07:13.0652 0992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:07:13.0700 0992 SCPolicySvc - ok
21:07:13.0718 0992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:07:13.0761 0992 SDRSVC - ok
21:07:13.0790 0992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:07:13.0841 0992 secdrv - ok
21:07:13.0851 0992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:07:13.0916 0992 seclogon - ok
21:07:13.0944 0992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:07:14.0015 0992 SENS - ok
21:07:14.0039 0992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:07:14.0087 0992 SensrSvc - ok
21:07:14.0101 0992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:07:14.0139 0992 Serenum - ok
21:07:14.0312 0992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:07:14.0333 0992 Serial - ok
21:07:14.0343 0992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:07:14.0362 0992 sermouse - ok
21:07:14.0413 0992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:07:14.0476 0992 SessionEnv - ok
21:07:14.0512 0992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:07:14.0574 0992 sffdisk - ok
21:07:14.0589 0992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:07:14.0623 0992 sffp_mmc - ok
21:07:14.0629 0992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:07:14.0660 0992 sffp_sd - ok
21:07:14.0667 0992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:14.0686 0992 sfloppy - ok
21:07:14.0739 0992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:07:14.0814 0992 SharedAccess - ok
21:07:14.0849 0992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:07:14.0908 0992 ShellHWDetection - ok
21:07:14.0928 0992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:14.0947 0992 SiSRaid2 - ok
21:07:14.0961 0992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:14.0981 0992 SiSRaid4 - ok
21:07:15.0001 0992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:07:15.0078 0992 Smb - ok
21:07:15.0143 0992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:07:15.0183 0992 SNMPTRAP - ok
21:07:15.0207 0992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:07:15.0224 0992 spldr - ok
21:07:15.0285 0992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:07:15.0356 0992 Spooler - ok
21:07:15.0466 0992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:07:15.0620 0992 sppsvc - ok
21:07:15.0642 0992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:07:15.0745 0992 sppuinotify - ok
21:07:15.0787 0992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:07:15.0870 0992 srv - ok
21:07:15.0929 0992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:07:15.0967 0992 srv2 - ok
21:07:15.0989 0992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:07:16.0030 0992 srvnet - ok
21:07:16.0063 0992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:07:16.0134 0992 SSDPSRV - ok
21:07:16.0157 0992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:07:16.0210 0992 SstpSvc - ok
21:07:16.0238 0992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:07:16.0257 0992 stexstor - ok
21:07:16.0325 0992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:07:16.0370 0992 stisvc - ok
21:07:16.0383 0992 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:07:16.0403 0992 storflt - ok
21:07:16.0449 0992 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:07:16.0472 0992 storvsc - ok
21:07:16.0489 0992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:07:16.0512 0992 swenum - ok
21:07:16.0541 0992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:07:16.0630 0992 swprv - ok
21:07:16.0669 0992 Synth3dVsc - ok
21:07:17.0327 0992 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:07:17.0393 0992 SynTP - ok
21:07:17.0466 0992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:07:17.0568 0992 SysMain - ok
21:07:17.0602 0992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:07:17.0631 0992 TabletInputService - ok
21:07:17.0656 0992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:07:17.0736 0992 TapiSrv - ok
21:07:17.0775 0992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:07:17.0829 0992 TBS - ok
21:07:17.0912 0992 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:07:17.0996 0992 Tcpip - ok
21:07:18.0060 0992 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:07:18.0117 0992 TCPIP6 - ok
21:07:18.0158 0992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:07:18.0190 0992 tcpipreg - ok
21:07:18.0223 0992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:07:18.0288 0992 TDPIPE - ok
21:07:18.0318 0992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:07:18.0353 0992 TDTCP - ok
21:07:18.0390 0992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:07:18.0441 0992 tdx - ok
21:07:18.0457 0992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:07:18.0476 0992 TermDD - ok
21:07:18.0507 0992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:07:18.0600 0992 TermService - ok
21:07:18.0626 0992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:07:18.0674 0992 Themes - ok
21:07:18.0700 0992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:07:18.0751 0992 THREADORDER - ok
21:07:18.0791 0992 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
21:07:18.0826 0992 TPM - ok
21:07:18.0848 0992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:07:18.0916 0992 TrkWks - ok
21:07:18.0985 0992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:07:19.0054 0992 TrustedInstaller - ok
21:07:19.0091 0992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:19.0141 0992 tssecsrv - ok
21:07:19.0199 0992 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:07:19.0255 0992 TsUsbFlt - ok
21:07:19.0263 0992 tsusbhub - ok
21:07:19.0324 0992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:07:19.0375 0992 tunnel - ok
21:07:19.0406 0992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:07:19.0425 0992 uagp35 - ok
21:07:19.0453 0992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:07:19.0509 0992 udfs - ok
21:07:19.0542 0992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:07:19.0565 0992 UI0Detect - ok
21:07:19.0595 0992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:07:19.0615 0992 uliagpkx - ok
21:07:19.0651 0992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:07:19.0693 0992 umbus - ok
21:07:19.0718 0992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:07:19.0737 0992 UmPass - ok
21:07:19.0787 0992 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:07:19.0832 0992 UmRdpService - ok
21:07:19.0869 0992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:07:19.0927 0992 upnphost - ok
21:07:19.0970 0992 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:07:20.0008 0992 usbaudio - ok
21:07:20.0034 0992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:20.0100 0992 usbccgp - ok
21:07:20.0131 0992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:07:20.0158 0992 usbcir - ok
21:07:20.0183 0992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:07:20.0224 0992 usbehci - ok
21:07:20.0258 0992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:07:20.0310 0992 usbhub - ok
21:07:20.0333 0992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:07:20.0371 0992 usbohci - ok
21:07:20.0400 0992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:07:20.0440 0992 usbprint - ok
21:07:20.0500 0992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:07:20.0524 0992 usbscan - ok
21:07:20.0541 0992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:20.0636 0992 USBSTOR - ok
21:07:20.0663 0992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:07:20.0697 0992 usbuhci - ok
21:07:20.0734 0992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:07:20.0798 0992 UxSms - ok
21:07:20.0813 0992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:07:20.0832 0992 VaultSvc - ok
21:07:20.0842 0992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:07:20.0862 0992 vdrvroot - ok
21:07:20.0914 0992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:07:20.0982 0992 vds - ok
21:07:21.0013 0992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:21.0037 0992 vga - ok
21:07:21.0055 0992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:07:21.0129 0992 VgaSave - ok
21:07:21.0158 0992 VGPU - ok
21:07:21.0205 0992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:07:21.0230 0992 vhdmp - ok
21:07:21.0273 0992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:07:21.0291 0992 viaide - ok
21:07:21.0309 0992 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:07:21.0333 0992 vmbus - ok
21:07:21.0347 0992 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:07:21.0366 0992 VMBusHID - ok
21:07:21.0428 0992 [ B3BFBB9C45BDAF3ECB4D1456F9017F95 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
21:07:21.0437 0992 VMCService ( UnsignedFile.Multi.Generic ) - warning
21:07:21.0437 0992 VMCService - detected UnsignedFile.Multi.Generic (1)
21:07:21.0448 0992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:07:21.0467 0992 volmgr - ok
21:07:21.0580 0992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:07:21.0609 0992 volmgrx - ok
21:07:21.0634 0992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:07:21.0661 0992 volsnap - ok
21:07:21.0681 0992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:21.0705 0992 vsmraid - ok
21:07:21.0781 0992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:07:21.0895 0992 VSS - ok
21:07:21.0922 0992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:21.0961 0992 vwifibus - ok
21:07:21.0987 0992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:22.0034 0992 vwififlt - ok
21:07:22.0062 0992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:22.0108 0992 vwifimp - ok
21:07:22.0150 0992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:07:22.0230 0992 W32Time - ok
21:07:22.0261 0992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:07:22.0299 0992 WacomPen - ok
21:07:22.0458 0992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:07:22.0529 0992 WANARP - ok
21:07:22.0536 0992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:07:22.0583 0992 Wanarpv6 - ok
21:07:22.0641 0992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:07:22.0719 0992 wbengine - ok
21:07:22.0743 0992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:07:22.0774 0992 WbioSrvc - ok
21:07:22.0826 0992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:07:22.0863 0992 wcncsvc - ok
21:07:22.0879 0992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:07:22.0927 0992 WcsPlugInService - ok
21:07:22.0943 0992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:07:22.0960 0992 Wd - ok
21:07:23.0020 0992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:07:23.0075 0992 Wdf01000 - ok
21:07:23.0092 0992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:07:23.0189 0992 WdiServiceHost - ok
21:07:23.0200 0992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:07:23.0226 0992 WdiSystemHost - ok
21:07:23.0274 0992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:07:23.0325 0992 WebClient - ok
21:07:23.0351 0992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:07:23.0422 0992 Wecsvc - ok
21:07:23.0448 0992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:07:23.0510 0992 wercplsupport - ok
21:07:23.0541 0992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:07:23.0591 0992 WerSvc - ok
21:07:23.0603 0992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:23.0653 0992 WfpLwf - ok
21:07:23.0664 0992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:07:23.0681 0992 WIMMount - ok
21:07:23.0697 0992 WinDefend - ok
21:07:23.0704 0992 WinHttpAutoProxySvc - ok
21:07:23.0792 0992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:07:23.0850 0992 Winmgmt - ok
21:07:23.0929 0992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:07:24.0043 0992 WinRM - ok
21:07:24.0090 0992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:07:24.0166 0992 Wlansvc - ok
21:07:24.0199 0992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:07:24.0237 0992 WmiAcpi - ok
21:07:24.0284 0992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:07:24.0323 0992 wmiApSrv - ok
21:07:24.0351 0992 WMPNetworkSvc - ok
21:07:24.0371 0992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:07:24.0415 0992 WPCSvc - ok
21:07:24.0459 0992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:07:24.0496 0992 WPDBusEnum - ok
21:07:25.0515 0992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:07:25.0588 0992 ws2ifsl - ok
21:07:25.0615 0992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:07:25.0661 0992 wscsvc - ok
21:07:25.0667 0992 WSearch - ok
21:07:25.0753 0992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:07:25.0850 0992 wuauserv - ok
21:07:25.0891 0992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:07:25.0958 0992 WudfPf - ok
21:07:25.0988 0992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:26.0029 0992 WUDFRd - ok
21:07:26.0053 0992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:07:26.0088 0992 wudfsvc - ok
21:07:26.0115 0992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:07:26.0161 0992 WwanSvc - ok
21:07:26.0207 0992 ================ Scan global ===============================
21:07:26.0236 0992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:07:26.0289 0992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:07:26.0303 0992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:07:26.0332 0992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:07:26.0363 0992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:07:26.0372 0992 [Global] - ok
21:07:26.0373 0992 ================ Scan MBR ==================================
21:07:26.0386 0992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:07:26.0715 0992 \Device\Harddisk0\DR0 - ok
21:07:26.0715 0992 ================ Scan VBR ==================================
21:07:26.0719 0992 [ 7F041AD0988182E8B33BC4E8221150E9 ] \Device\Harddisk0\DR0\Partition1
21:07:26.0722 0992 \Device\Harddisk0\DR0\Partition1 - ok
21:07:26.0748 0992 [ EFD9100C17CFC8AB9D6E73D7FE866C12 ] \Device\Harddisk0\DR0\Partition2
21:07:26.0750 0992 \Device\Harddisk0\DR0\Partition2 - ok
21:07:26.0751 0992 ============================================================
21:07:26.0751 0992 Scan finished
21:07:26.0751 0992 ============================================================
21:07:26.0769 3864 Detected object count: 4
21:07:26.0769 3864 Actual detected object count: 4
21:08:04.0660 3864 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0660 3864 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:08:04.0664 3864 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0664 3864 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:08:04.0667 3864 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0667 3864 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:08:04.0672 3864 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:08:04.0672 3864 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von taduli (09.05.2013 um 20:10 Uhr) |
|
09.05.2013, 20:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 21:17
| #9 |
| | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Mal wieder zunächst Teil 1. Teil 2 kommt morgen. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by xxx xxx on 09.05.2013 at 22:03:59,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\minidumps [89 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 22:08:55,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 09/05/2013 um 22:29:55 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : xxx xxx - xxxxxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\xxx xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jq5fr39m.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [753 octets] - [09/05/2013 22:29:55]
########## EOF - C:\AdwCleaner[S1].txt - [812 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.05.2013 22:42:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free 5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.) DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hpfx64fax.sys (Hewlett Packard) DRV:64bit: - (HPFXBULK) -- C:\Windows\SysNative\drivers\hpfx64bulk.sys (Hewlett Packard) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01 [binary data] IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/" FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions [2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.09 06:50:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 22:03:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.09 22:03:22 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.09 22:02:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe [2013.05.09 21:04:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe [2013.05.09 20:31:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe [2013.05.09 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001 [2013.05.09 07:04:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.09 06:54:10 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.09 06:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.09 06:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.09 06:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.09 06:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.09 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.09 06:35:18 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe [2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.22 14:13:32 | 000,000,000 | ---D | C] -- C:\found.002 [2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys [2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys [2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick [2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox [2013.04.11 01:06:59 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 01:06:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 01:06:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 01:06:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 01:06:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 01:06:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files - Modified Within 30 Days ========== [2013.05.09 22:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 22:31:48 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 22:27:22 | 000,628,743 | ---- | M] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe [2013.05.09 22:02:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe [2013.05.09 21:04:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe [2013.05.09 21:01:10 | 000,000,512 | ---- | M] () -- C:\Users\xxx xxx\Desktop\MBR.dat [2013.05.09 20:33:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe [2013.05.09 19:59:44 | 012,917,756 | ---- | M] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip [2013.05.09 07:39:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.09 07:39:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.09 07:39:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.09 07:39:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.09 07:39:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.09 06:50:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.09 06:35:46 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe [2013.05.07 03:37:18 | 695,744,987 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.07 02:44:08 | 000,377,856 | ---- | M] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe [2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files Created - No Company Name ========== [2013.05.09 22:27:20 | 000,628,743 | ---- | C] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe [2013.05.09 21:01:10 | 000,000,512 | ---- | C] () -- C:\Users\xxx xxx\Desktop\MBR.dat [2013.05.09 19:59:20 | 012,917,756 | ---- | C] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip [2013.05.09 06:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.09 06:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.09 06:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.09 06:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.09 06:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 02:44:07 | 000,377,856 | ---- | C] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe [2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict [2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system |
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2013 16:32:03 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ System Events ]
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter OTL logfile created on: 09.05.2013 22:42:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free 5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.) DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hpfx64fax.sys (Hewlett Packard) DRV:64bit: - (HPFXBULK) -- C:\Windows\SysNative\drivers\hpfx64bulk.sys (Hewlett Packard) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 4A A3 4F 48 92 CD 01 [binary data] IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de.nachrichten.yahoo.com/" FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.06 20:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.29 18:33:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions [2012.10.29 08:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.05.06 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\Firefox\Profiles\jq5fr39m.default\extensions [2012.09.19 11:01:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013.05.06 20:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx xxx\AppData\Roaming\mozilla\firefox\profiles\jq5fr39m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.26 11:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.06 20:13:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.06 20:13:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.06 20:13:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.06 20:13:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.06 20:13:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.06 20:13:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.06 20:13:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.09 06:50:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF549C4-9591-41B8-A823-B5E5A3EAE68F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.19 10:47:05 | 000,008,192 | ---- | M] (Microsoft) - C:\AutoOff.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 22:03:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.09 22:03:22 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.09 22:02:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe [2013.05.09 21:04:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe [2013.05.09 20:31:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe [2013.05.09 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001 [2013.05.09 07:04:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.09 06:54:10 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.09 06:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.09 06:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.09 06:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.09 06:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.09 06:37:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.09 06:35:18 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe [2013.05.06 21:15:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.04.23 08:41:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.22 14:13:32 | 000,000,000 | ---D | C] -- C:\found.002 [2013.04.20 10:12:17 | 000,206,960 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmd.sys [2013.04.20 10:12:17 | 000,013,936 | ---- | C] (DisplayLink Corp.) -- C:\Windows\SysNative\drivers\dlkmdldr.sys [2013.04.19 09:11:08 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\Desktop\stick [2013.04.17 08:16:58 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.04.17 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Dropbox [2013.04.11 01:06:59 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 01:06:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 01:06:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 01:06:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 01:06:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 01:06:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.11 00:52:44 | 000,000,000 | ---D | C] -- C:\Users\xxx xxx\AppData\Roaming\Malwarebytes [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.11 00:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.11 00:52:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.11 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.11 00:50:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files - Modified Within 30 Days ========== [2013.05.09 22:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 22:31:48 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 22:27:22 | 000,628,743 | ---- | M] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe [2013.05.09 22:02:21 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx xxx\Desktop\JRT.exe [2013.05.09 21:04:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx xxx\Desktop\tdsskiller.exe [2013.05.09 21:01:10 | 000,000,512 | ---- | M] () -- C:\Users\xxx xxx\Desktop\MBR.dat [2013.05.09 20:33:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\xxx xxx\Desktop\aswMBR.exe [2013.05.09 19:59:44 | 012,917,756 | ---- | M] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip [2013.05.09 07:39:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.09 07:39:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.09 07:39:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.09 07:39:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.09 07:39:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.09 06:50:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.09 06:35:46 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\xxx xxx\Desktop\ComboFix.exe [2013.05.07 03:37:18 | 695,744,987 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.07 02:44:08 | 000,377,856 | ---- | M] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe [2013.05.06 21:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx xxx\Desktop\OTL.exe [2013.05.06 21:13:28 | 000,000,000 | ---- | M] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:40 | 000,050,477 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 17:39:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 16:02:10 | 000,001,026 | ---- | M] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:40 | 000,025,599 | ---- | M] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | M] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 08:43:19 | 000,305,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 00:52:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 00:51:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxx xxx\Desktop\mbam-setup-1.75.0.1300.exe ========== Files Created - No Company Name ========== [2013.05.09 22:27:20 | 000,628,743 | ---- | C] () -- C:\Users\xxx xxx\Desktop\adwcleaner.exe [2013.05.09 21:01:10 | 000,000,512 | ---- | C] () -- C:\Users\xxx xxx\Desktop\MBR.dat [2013.05.09 19:59:20 | 012,917,756 | ---- | C] () -- C:\Users\xxx xxx\Desktop\mbar-1.05.0.1001.zip [2013.05.09 06:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.09 06:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.09 06:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.09 06:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.09 06:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 02:44:07 | 000,377,856 | ---- | C] () -- C:\Users\xxx xxx\Desktop\gmer_2.1.19163.exe [2013.05.06 21:13:28 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\defogger_reenable [2013.05.06 21:11:36 | 000,050,477 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Defogger.exe [2013.04.23 16:02:10 | 000,001,026 | ---- | C] () -- C:\Users\xxx xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd9.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd11.dll [2013.04.20 10:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\dlumd10.dll [2013.04.18 08:26:38 | 000,025,599 | ---- | C] () -- C:\Users\xxx xxx\Desktop\4310_1.jpg [2013.04.17 08:38:30 | 000,001,016 | ---- | C] () -- C:\Users\xxx xxx\Desktop\Dropbox.lnk [2013.04.11 00:52:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 08:23:40 | 000,000,000 | ---- | C] () -- C:\Users\xxx xxx\spellyxcustom.dict [2012.12.03 07:54:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2012.09.14 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 12:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 12:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 12:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 12:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.05.2013 22:42:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 62,94% Memory free
5,75 Gb Paging File | 4,57 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,37 Gb Total Space | 110,66 Gb Free Space | 68,57% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 101,79 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Computer Name: xxxxxx | User Name: xxx xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6EF012-4813-4DD2-B054-A85E04C4F867}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12E0A73E-01FC-493C-BF02-04F5AC76350C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1338D789-F218-4C64-8559-0FEDD74B204F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28E9B09E-18E3-46BE-9762-988F9245665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{312497BB-B99C-4007-9C4C-102438DAC43B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3883AD11-B975-4F7C-BFF5-865646D72B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3988103C-F3A8-4F7B-A9B9-69DC0917CEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D2902D1-4B53-4604-9AC0-AB10005C7091}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EABE8AB-669D-48D8-9169-CDF4ECA62B1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43F2A0C0-BD63-484B-B1B2-1C0FEFF604ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450A06D7-551E-445A-91A0-AB2EF08E4E80}" = rport=445 | protocol=6 | dir=out | app=system |
"{46D88C12-558B-4A5C-94DE-54A6FF73B5F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48915446-8A3E-483D-A68B-4E62D27535E3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5AEB811D-D2BF-4F58-B980-D71A2A758143}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61A2EE15-9D9D-43B0-883A-C8EEF5BAC1A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{690BD03D-D6D0-4E4B-9168-405CDD56E1B4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78E4EDBD-A2F6-4B05-8F51-1D83205DD6D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7EFC7C59-98DD-4ACB-AE86-9BD194B16A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85D0D6AD-3209-473D-AF33-3E56D5857AE4}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E287696-0835-4835-B9B8-D907B3E4DE90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98EA3AD1-9D1E-4612-91AC-645FDFAC81A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99007524-BBAD-43BF-8774-D62399B9C55A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A325A294-CC95-4E80-8F62-5136AF3F904E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8DFFD6C-8768-4D61-B309-7FD5C8AA5B04}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AA9A54F8-4302-41F5-BC43-9C14885ECB5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C276C8E3-B0AA-46BF-A2B2-F629220C9FC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{D17A1779-508A-493B-979A-517F97D0ADCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3145B32-7474-4C12-BBEC-0440062A8FD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5C03218-0E2E-4BB1-A08A-C29B648CC0E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB162795-1F30-466A-A675-85680BBD94CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{E237568F-38DB-4A8B-BCEC-3AED5C12C10D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C89141F-10C9-4B3F-AFE8-8DE3F9D78DF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12F880CC-2532-49F6-B818-465CF55693C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BB5081B-2F72-4982-AF22-5A3ECBAC2208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F33D701-1BDD-4E53-84C6-B4DCAF909418}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{232D99EB-A8A5-450D-B90E-3C3129D65E8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30F9A276-45BF-49A4-883A-B443F085FF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32F829AE-E3CA-4F39-B45D-FBA60305871E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35CEEF5B-BFAB-4BD5-BF22-B828C7F06232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42539B58-8B54-4B04-8BBD-10514636733F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{69DC5B73-9E77-453C-BAB7-111EABB69A83}" = protocol=6 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A6E5B7E-3DD7-4D18-AFB2-C9E827D01AE6}" = protocol=17 | dir=in | app=c:\users\xxx xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{7329CC81-B53C-44F5-8CD9-3EC7377C3CFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79DD3494-502C-4EDB-8937-A286553CDC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DFAB439-8840-4F3C-9FD9-52A5F37DCD23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9495DFA-4B2E-4360-9EB7-669286794C17}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{AD2D0CD1-EF72-4D80-A0EA-4035AC3C16BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8254F37-70C4-4BB9-8878-120C7F9817CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEEFD8D0-8962-435F-8AFA-E6137A2B6BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D88C6187-5547-425A-AF60-F52C119AA70A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD2B1925-A14A-49BF-A22C-033A884FA314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E070196E-3DEB-4FD2-8406-A28821A28A95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4C99137-88D5-4A83-9046-8187501C5CF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9991C7F-A73F-4374-92B1-1246E1ABC0B4}" = protocol=6 | dir=out | app=system |
"{F6A39FE8-C700-4D7A-B1F8-EB6F47D15DB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005B4A7D-A60B-CB64-80DA-8EAAF3A70807}" = ATI Catalyst Install Manager
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8C7F3A-E41E-08D7-8EF0-2087A145A803}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recover My Files v5_is1" = Recover My Files
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-153553077-4108701906-1639325250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2013 16:32:03 | Computer Name = xxxxxx | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ System Events ]
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:48:46 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Server" ist vom Dienst "Sicherheitskonto-Manager" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 09.05.2013 16:49:29 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Geändert von taduli (09.05.2013 um 21:40 Uhr) |
|
10.05.2013, 18:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2013, 05:30
| #11 |
| | Regelmäßige Systemabstürze in verschiedensten Formen/VariantenCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 xxx xxx :: xxxxxx [Administrator] 10.05.2013 21:11:31 mbam-log-2013-05-10 (21-11-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393364 Laufzeit: 1 Stunde(n), 29 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2. Versuch Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33ee8a7f7d2f914a965f560b92e1d533
# engine=13803
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-11 07:55:04
# local_time=2013-05-11 09:55:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 914913 233682194 942957 0
# compatibility_mode=5893 16776574 100 94 18639716 119888754 0 0
# scanned=186956
# found=0
# cleaned=0
# scan_time=8899
|
|
12.05.2013, 19:55
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2013, 19:54
| #13 | |
| | Regelmäßige Systemabstürze in verschiedensten Formen/VariantenZitat:
Keine Ahnung, ob Du mir da auch helfen kannst, aber ich suche mal ein Logfile zum Posten. |
|
15.05.2013, 10:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen. So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist. Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2013, 20:32
| #15 |
| | Regelmäßige Systemabstürze in verschiedensten Formen/Varianten OK. Das werde ich gelegentlich machen. Da ich das aber in Ruhe prüfen will, schlage ich vor, daß wir hier zu machen. Im Falle eines Falles melde ich mich einfach mit neuem Thema wieder. Einverstanden ?  Und bis hierher erst einmal VIELEN DANK für Deine Hilfe. Das hat in jedem Fall schon gut geholfen. |
|
| Themen zu Regelmäßige Systemabstürze in verschiedensten Formen/Varianten |
| absturz, angezeigt, arbeitet, blue, blue screen, bluescreen, crash, durchgeführt, erbeten, erstellt, firefox, gmer, herunterfahren, hewlett packard, install.exe, keine rückmeldung, launch, minuten, msn deutschland, neustarten, plug-in, rechner, rückmeldung, screen, sekunden, status, system, windows, windows 7, windows7, woche, wochen |
Linear-Darstellung
