Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 09.03.2013, 15:15   #1
Ruper
 
Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Standard

Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?



Hallo,

seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. Kein Erfolg. Gestern hatte ich nun einen Bluescreen. Nun möchte ich wissen, ob hier Malware drauf ist?

Code:
ATTFilter
 Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000000a (0xfffffa8019c52010, 0x0000000000000002, 0x0000000000000001, 0xfffff80003135e96). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP. Berichts-ID: 030813-16473-01.
         
Und hatte ihn mit Windbg analysiert:

Code:
ATTFilter
 [Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*c:\websymbols*hxxp://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`03003000 PsLoadedModuleList = 0xfffff800`03247670
Debug session time: Fri Mar  8 22:48:16.507 2013 (GMT+1)
System Uptime: 0 days 9:09:29.725
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols

Loading unloaded module list
.....
The context is partially valid. Only x86 user-mode context is available.
The wow64exts extension must be loaded to access 32-bit state.
.load wow64exts will do this if you haven't loaded it already.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa8019c52010, 2, 1, fffff80003135e96}

Probably caused by : Unknown_Image ( nt!MiReleaseConfirmedPageFileSpace+86 )

Followup: MachineOwner
---------

16.0: kd:x86> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8019c52010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003135e96, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  fffffa8019c52010 

CURRENT_IRQL:  0

FAULTING_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48              dec     eax

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

STACK_TEXT:  
00000000 00000000 00000000 00000000 00000000 0x0


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03135e96 48              dec     eax

SYMBOL_NAME:  nt!MiReleaseConfirmedPageFileSpace+86

FOLLOWUP_NAME:  MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_NAME:  Unknown_Image

BUCKET_ID:  INVALID_KERNEL_CONTEXT

MODULE_NAME: Unknown_Module

Followup: MachineOwner
         
Beim Hochfahren stürzt öfters das Catalyst Control Center ab und Skype auch hin und wieder. Gmer stürzt während des Scannes ab.

Otl:

Code:
ATTFilter
OTL logfile created on: 09.03.2013 14:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\123456\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free
15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
PRC - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:24:04 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
PRC - [2010.11.16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.19 16:24:48 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.15 11:22:29 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll
MOD - [2013.02.15 11:22:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.15 10:36:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll
MOD - [2013.02.11 01:51:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.10 23:43:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.10 23:43:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.10 23:43:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.10 23:43:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.10 23:42:59 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.02.10 23:42:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.10 23:42:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.10 23:42:55 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
MOD - [2012.04.26 14:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.08 14:37:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 15:30:59 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.31 13:36:46 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2010.11.16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.12.24 21:15:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.11 16:24:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 16:24:01 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.29 15:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2)
DRV:64bit: - [2007.07.13 11:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FC866619-3B7A-4B7A-814E-F67001387215}&mid=eb32383579de47d08cf7125819465495-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=bm012&pr=sa&d=2012-12-16 22:01:35&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Extensions
[2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions
[2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi
[2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi
[2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml
[2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml
[2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.19 16:25:19 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.t-online.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.t-online.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\123456\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Security Toolbar = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Google Mail = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.07.14 05:08:11 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun
O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun
O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun
O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
[2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols
[2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols
[2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86)
[2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\ElevatedDiagnostics
[2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\HpUpdate
[2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\HP
[2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Paris
[2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Google
[2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\kuaiyong
[2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013.02.11 00:02:38 | 000,000,000 | ---D | C] -- C:\Download
[2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Samsung
[2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\Documents\My Videos
[2013.02.11 00:02:22 | 000,000,000 | ---D | C] -- C:\AllShare
[2013.02.11 00:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.02.11 00:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.02.10 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Downloaded Installations
[2013.02.08 13:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2013.02.08 13:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013.02.08 13:46:08 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.02.08 13:46:08 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.02.08 13:46:08 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.02.08 13:46:08 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.02.08 13:46:08 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.02.08 13:46:04 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.02.08 13:46:04 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.02.08 13:46:04 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.02.08 13:46:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.02.08 13:46:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013.02.08 13:45:59 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.02.08 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2013.02.08 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013.02.07 20:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.07 20:33:13 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.07 20:33:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.07 20:33:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.07 20:33:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.07 20:33:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.07 20:33:09 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.07 20:33:09 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.07 20:33:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.07 20:33:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.07 20:33:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.07 20:33:07 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.07 20:33:07 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.07 20:33:03 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.07 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.07 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.07 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Audio(6559)
[2013.02.07 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.07 19:15:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe
[2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\123456\defogger_reenable
[2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\123456\Desktop\Defogger.exe
[2013.03.09 14:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.09 13:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 12:39:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.09 12:39:09 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.09 12:39:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.09 12:39:09 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.09 12:39:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.09 12:32:04 | 000,001,962 | ---- | M] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.09 12:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 12:31:37 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 22:49:20 | 581,628,762 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\123456\Documents\Scan0001.jpg
[2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\123456\Desktop\Fr. Revolution.odt
[2013.03.06 15:56:35 | 000,002,366 | ---- | M] () -- C:\Users\123456\Desktop\Google Chrome.lnk
[2013.03.06 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\123456\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.15 14:55:26 | 004,917,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 11:42:50 | 000,015,308 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt
[2013.02.11 17:38:19 | 000,013,388 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt
[2013.02.10 23:44:43 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.08 13:46:20 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.02.08 13:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.08 13:45:52 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.02.08 13:45:52 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.02.08 13:45:52 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.02.08 13:45:52 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.02.08 13:45:52 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.02.08 13:45:52 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.02.08 13:45:52 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\123456\defogger_reenable
[2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\123456\Desktop\Defogger.exe
[2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\123456\Documents\Scan0001.jpg
[2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
[2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
[2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\123456\Desktop\Fr. Revolution.odt
[2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\123456\Desktop\Google Chrome.lnk
[2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job
[2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job
[2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\123456\Desktop\PP.odp
[2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.24 23:01:41 | 581,628,762 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.10 20:20:06 | 000,015,308 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt
[2013.02.10 19:53:13 | 000,013,388 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt
[2013.02.08 13:46:20 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.02.08 13:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.02.07 20:33:10 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.02.07 20:33:08 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\123456\AppData\Local\RAContactHistory.xml
[2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\123456\AppData\Roaming\winscp.rnd
[2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Lite
[2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Pro
[2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Exif Viewer
[2013.02.24 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\iFunbox_UserCache
[2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\ImgBurn
[2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\kuaiyong
[2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\OpenOffice.org
[2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PDAppFlex
[2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PeerNetworking
[2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\redsn0w
[2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Samsung
[2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Sinvise Systems
[2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Tibia
[2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\TibiaTestserver
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 14:51:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\123456\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free
15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS
Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system | 
"{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | 
"{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system | 
"{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | 
"{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | 
"{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | 
"{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
"UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | 
"UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"Exif-Viewer" = Exif-Viewer 2.51 
"Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"PunkBusterSvc" = PunkBuster Services
"Tibia Testserver_is1" = Tibia Testserver
"Tibia_is1" = Tibia
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.03.2013 18:02:47 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
 0x4f8350e0  Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.586, Zeitstempel:
 0x504833fc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000017faac  ID des fehlerhaften
 Prozesses: 0xc58  Startzeit der fehlerhaften Anwendung: 0x01ce1c488e4e1f44  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Berichtskennung:
 e903c05d-883b-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 18:03:24 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 19:50:18 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: RPCRT4.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000051e2c
ID
 des fehlerhaften Prozesses: 0x25e4  Startzeit der fehlerhaften Anwendung: 0x01ce1c57afafe452
Pfad
 der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: ee18ca03-884a-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 20:44:31 | Computer Name = 123456-1337 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x777ddfe4]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 08.03.2013 20:58:31 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
 Version: 25.0.571.0, Zeitstempel: 0x4df02205  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0000000000051cd6  ID des fehlerhaften Prozesses: 0x2e08  Startzeit der fehlerhaften
 Anwendung: 0x01ce1c61311a949d  Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
 Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Berichtskennung:
 75497a31-8854-11e2-a5e3-e2d20d316c67
 
Error - 08.03.2013 20:58:56 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version:
 25.0.571.0, Zeitstempel: 0x4df02205  Name des fehlerhaften Moduls: HPNetworkCommunicator.exe,
 Version: 25.0.571.0, Zeitstempel: 0x4df02205  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00000000000035c0  ID des fehlerhaften Prozesses: 0x2e08  Startzeit der fehlerhaften
 Anwendung: 0x01ce1c61311a949d  Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP
 Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe  Berichtskennung:
 845e722e-8854-11e2-a5e3-e2d20d316c67
 
Error - 09.03.2013 07:33:30 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.03.2013 09:13:02 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001e59a
ID
 des fehlerhaften Prozesses: 0x700  Startzeit der fehlerhaften Anwendung: 0x01ce1cb9baa2c761
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 121848f6-88bb-11e2-8062-efac97c2646d
 
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000003700
ID
 des fehlerhaften Prozesses: 0x64c  Startzeit der fehlerhaften Anwendung: 0x01ce1cc7f895e515
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 36b71363-88bb-11e2-8062-efac97c2646d
 
Error - 09.03.2013 09:27:38 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000011f82
ID
 des fehlerhaften Prozesses: 0x1bfc  Startzeit der fehlerhaften Anwendung: 0x01ce1cc81cfd1066
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 1c3c0d25-88bd-11e2-8062-efac97c2646d
 
[ System Events ]
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 09.03.2013 09:13:03 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.03.2013 09:27:39 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7034
Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal
 passiert.
 
 
< End of report >
         

 

Themen zu Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
absturz, adobe reader xi, antivir, autorun, avg secure search, avg security toolbar, bluescreen, bluescreen kmode_exception_not_handled, bonjour, ccc.exe, computer, fehler, firefox, flash player, install.exe, jdownloader, logfile, malware, mozilla, msvcrt, netzwerk, plug-in, realtek, registry, rundll, secure search, security, software, svchost.exe, vtoolbarupdater




Ähnliche Themen: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?


  1. Hilfe Ständig Bluescreen durch dxgmms1.sys, sowie Absturz von Firefox und Thunderbird
    Alles rund um Windows - 15.05.2015 (5)
  2. Ständiger Absturz aller Internet Browser
    Plagegeister aller Art und deren Bekämpfung - 29.10.2014 (12)
  3. Windows 7: TR/BProtector.Gen Malware, Bluescreen und ständiger Neustart
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (3)
  4. ständiger Bluescreen | Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (1)
  5. Absturz Internet Explorer und Firefox gelegendlich auch mit Bluescreen Win7/SP1
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (16)
  6. PC langsam und ständiger absturz mit neustart
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (13)
  7. ständiger Absturz von Mozilla und Kaspersky Pure - lässt sich nur mit Neustart wieder aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (19)
  8. Ständiger PC Absturz mit BlueScreen und Fehler bei Spielen.
    Alles rund um Windows - 19.05.2013 (1)
  9. Ständiger Absturz von Firefox / Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (25)
  10. Ständiger PC-Absturz meistens mit Neustart
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (19)
  11. Mögliche Infektion des PC und Bluescreen
    Log-Analyse und Auswertung - 10.01.2011 (8)
  12. Trackware verseucht, ständiger Bluescreen.
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (7)
  13. Ständiger Bluescreen, Auswertung vom HiJackThis Logfile
    Log-Analyse und Auswertung - 07.06.2010 (2)
  14. Ständiger Bluescreen
    Alles rund um Windows - 04.04.2008 (6)
  15. ständiger Absturz- bitte um Hilfe bei der Logfile-Auswertung - Vielen Dank im Voraus
    Log-Analyse und Auswertung - 09.06.2006 (1)
  16. Absturz/Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2006 (19)
  17. Ständiger Absturz
    Plagegeister aller Art und deren Bekämpfung - 10.01.2004 (4)

Zum Thema Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? - Hallo, seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. - Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?...
Archiv
Du betrachtest: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.