|
Log-Analyse und Auswertung: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.04.2013, 15:38 | #1 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Hallo Zusammen, Nach einiger Recherche und Gesprächen mit Freunden, die leider sehr verschiedene Tipps und Ideen für mich hatten, habe ich beschlossen, mein Problem hier im Forum zu veröffentlichen. Vor ca vier Wochen habe ich mein System mal wieder neu aufgesetzt, weil meine Systempartition zu klein bemessen war. Natürlich habe ich im neu aufgesetzten System erstmal Avira Free Antivirus installiert, dann Firefox und was man halt sonst noch so braucht. Danach habe ich für einige Programme die alten AppData ins neue System kopiert, um z.B. bei Firefox das bewährte und gewohnte Profil weiter verwenden zu können. Daraufhin habe ich dann Stück für Stück meine Dokumente etc. auf die neue Systemplatte kopiert. Auf Partitionierung habe ich verzichtet, nachdem Win7 schon ein paar mal deutlich mehr Speicher gefressen hat, wie ich bei der Partitionierung zunächst angenommen hatte… Recht bald fiel mir auf, dass bei der Installation von Programmen immer wieder Fehlermeldungen auftraten. (zuletzt bei der NokiaSuite, die ich natürlich direkt vom Hersteller runtergeladen hatte). Im weiteren Verlauf hatte ich, wenn ich mich richtig erinnere, mal einen Bluescreen, bis dann die Fehlermeldung kam, dass meine Festplatte defekt sei und ich sofort ein Backup durchführen soll, um Datenverlust zu vermeiden. Mit Hilfe der Backupfunktion von Windows7 habe ich dann versucht meine Daten auf der Festplatte zu sichern, auf der auch schon die alten Sicherungen meiner Fotos/Videos/Musik/Dokumente liegen. Leider brach das Backup immer wieder ab. Daraufhin habe ich die wichtigen Dateien manuell auf diese Platte kopiert. Irgendwann wurde ich dann aber doch ein bisschen misstrauisch… Die Festplatte funktionierte ja an sich einwandfrei und es hatte ja auch schon zuvor Probleme mit Installationen gegeben. Also machte ich mich über Google auf die Suche nach möglichen Zusammenhängen mit einem Virus o.ä.. Dabei stieß ich dann auf das Programm Malwarebytes, welches mir folgende Funde brachte: Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: **** [administrator] 15.03.2013 15:34:26 mbam-log-2013-03-15 (15-34-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226927 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\***\Local Settings\Temporary Internet Files\Content.IE5\G6PYER3T\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully. (end) Ich erlaube mir mal, gleich ein paar konkrete Fragen zu stellen: PUM werden doch idR entweder versehentlich durch den Nutzer oder durch einen Virus/Trojaner etc hervorgerufen. Wie finde ich also diesen Auslöser für die PUM? Was habe ich konkret zu befürchten? Was macht PUM.Hijack.StartMenu? Wie kann sich ein Virus ausbreiten? Welche Dateien können welche Dateien wie infizieren? Ist es auszuschließen, dass die vermutlich verseuchten Dateien auf der BackupHDD die noch sauberen alten Backups auch verschmutzt haben? Das wäre ja eine Kathastrophe, da ich dann kein sauberes Backup mehr hätte!! Ich werde mein System sicherheitshalber auf jeden Fall neu aufsetzen. Die hauptsächliche Frage ist also: Wie vermeide ich es, den Virus oder was auch immer ich mir eingefangen habe auf das neue System mitzunehmen? Hier die restlichen Logs: Code:
ATTFilter OTL logfile created on: 06.04.2013 19:09:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free 7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe PRC - [2013.03.04 18:21:34 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.27 13:18:57 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.06.07 10:17:26 | 001,987,520 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.13 01:37:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 14:12:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.07 10:17:28 | 000,072,640 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.04 18:41:58 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2013.02.27 13:19:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.27 13:19:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.27 13:19:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01 [binary data] IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd" FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7 FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5 FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5 FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "83.137.26.25" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "83.137.26.25" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "83.137.26.25" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "83.137.26.25" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "83.137.26.25" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] [2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\AstroToolbar@toolbarnet.com [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\maps@ovi.com [2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\nostmp [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\maps@ovi.com [2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\personas@christopher.beard [2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\addon@snip-me.de.xpi [2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\amznUWL2@amazon.com.xpi [2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\personas@christopher.beard.xpi [2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\tineye@ideeinc.com.xpi [2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate [2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate [2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health [2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health [2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler [2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility [2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero [2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt [2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2013.03.09 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.09 15:04:01 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.03.09 15:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.03.09 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\***\OpenOffice.org 3.4.1 (de) Installation Files [2013.03.08 14:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.06 19:04:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 19:04:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 19:04:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:50:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 18:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 18:49:54 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 22:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.03 22:26:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.14 13:33:35 | 392,124,162 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg [2013.03.10 14:48:36 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.03.09 17:08:58 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.09 15:35:51 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ========== Files Created - No Company Name ========== [2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg [2013.03.10 14:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.03.09 15:35:51 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.06 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.03.07 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.03.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software [2013.03.09 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.13 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.11 12:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.04.2013 19:09:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free 7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS Computer Name: **** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | "{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | "{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | "{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | "{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | "{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | "{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | "{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54 "{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ADACLuftrettung3D" = ADAC Luftrettung 3D "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "HDD Health_is1" = HDD Health v4.2 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.14.1738" = Opera 12.14 "TreeSize Free_is1" = TreeSize Free V2.7 "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 2.0.5 "Winamp" = Winamp "WinMerge_is1" = WinMerge 2.14.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.03.2013 15:44:17 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0xec8 Faulting application start time: 0x01ce202325a37391 Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Report Id: 63ff3a31-8c16-11e2-8f62-0021856a07e2 Error - 13.03.2013 15:49:28 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL.exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL.exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0x1398 Faulting application start time: 0x01ce2023de99e7ad Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe Report Id: 1cf53ada-8c17-11e2-8f62-0021856a07e2 Error - 13.03.2013 15:49:36 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0x74c Faulting application start time: 0x01ce2023e4313426 Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Report Id: 21ff39dc-8c17-11e2-8f62-0021856a07e2 Error - 14.03.2013 12:11:54 | Computer Name = *** | Source = Microsoft-Windows-Backup | ID = 517 Description = The backup operation that started at '2013-03-14T14:41:42.473168900Z' has failed with following error code '2155348000' (%%2155348000). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved. Error - 14.03.2013 12:11:55 | Computer Name = *** | Source = Windows Backup | ID = 4104 Description = Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: mpengine.dll, version: 1.1.9203.0, time stamp: 0x51144572 Exception code: 0xc0000006 Fault offset: 0x000000000023e0d5 Faulting process id: 0xcb4 Faulting application start time: 0x01ce2185d9e0fd9d Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03A10C2-3FC5-4F8C-B34C-FDDFD4D19646}\mpengine.dll Report Id: ad4655f9-8d79-11e2-a504-0021856a07e2 Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0 for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0 The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 15.03.2013 10:22:46 | Computer Name = *** | Source = VSS | ID = 12305 Description = Error - 15.03.2013 10:22:47 | Computer Name = *** | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaTools for Windows.en-US.pdf. [IN_PAGE_ERROR Exception!! EIP = 0x6495f4] Bitte Avira informieren und die obige Datei übersenden! Error - 03.04.2013 10:20:59 | Computer Name = *** | Source = Windows Backup | ID = 4103 Description = [ System Events ] Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 16:55:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). Error - 03.04.2013 16:56:14 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error - 06.04.2013 12:50:18 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth service to connect. < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-06 20:03:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SI rev.1AG01118 931,51GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e31465 2 bytes [E3, 74] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e314bb 2 bytes [E3, 74] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e31465 2 bytes [E3, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e314bb 2 bytes [E3, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2500:1448] 000007fef1789688 ---- EOF - GMER 2.1 ---- Grüße Denkgeräusch |
08.04.2013, 12:04 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Hallo und
__________________Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
08.04.2013, 14:02 | #3 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Hi!
__________________Danke für Deine Antwort! Ich nutze den PC als Heimanwender. Hat 64bit Win7Pro denn irgendwelche Nachteile? Weitere Logs mit Funden habe ich leider nicht. Virenscanner (Avira Free Antivir) ist bislang nicht fündig geworden. Das System wurde ja auch erst vor einem Monat neu aufgesetzt und dann insgesamt eine gute Woche verwendet... Auf dem alten System habe ich regelmäßig Scans mit Avira gemacht (stets ohne Funde), Malwarebytes kannte ich da leider noch nicht Wie gesagt: ich werde das System sicherheitshalber so oder so neu aufsetzen und überlege auch gerade, zu Linux zu wechseln. Die Frage ist für mich vor allem, wie schlimm eine mögliche Infizierung diverser Dokumente/Fotos etc sein kann und ob meine Backups verseucht sind. Wenn das irgendwie auszuschließen ist, wird gesichert, formatiert und neu installiert. Aber ich fürchte eben, dass das nicht so einfach ist, ohne sich den Dreck aufs neue System gleich mitzunehmen... |
08.04.2013, 14:40 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglichZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 15:03 | #5 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Achso, ok. Das ist von der Uni... :-) edit: Der Rechner ist schon ein bisschen älter - ursprünglich war mal win vista 32bit vorinstalliert... |
08.04.2013, 15:49 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Ok, danke für die Erklärung! Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich |
08.04.2013, 16:59 | #7 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Hi! Habe mich bemüht, alle Anweisungen genau zu befolgen. Es folgen die drei erbetenen logs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.08.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: **** [administrator] 08.04.2013 17:22:08 mbar-log-2013-04-08 (17-22-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28114 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-08 17:40:37 ----------------------------- 17:40:37.775 OS Version: Windows x64 6.1.7600 17:40:37.775 Number of processors: 2 586 0x1706 17:40:37.775 ComputerName: **** UserName: *** 17:40:39.210 Initialize success 17:42:08.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:42:08.403 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 11 17:42:08.481 Disk 0 MBR read successfully 17:42:08.481 Disk 0 MBR scan 17:42:08.481 Disk 0 Windows 7 default MBR code 17:42:08.497 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:42:08.512 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 17:42:08.512 Disk 0 scanning C:\Windows\system32\drivers 17:42:11.944 Service scanning 17:42:20.072 Modules scanning 17:42:20.072 Disk 0 trace - called modules: 17:42:20.103 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:42:20.103 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004938060] 17:42:20.119 3 CLASSPNP.SYS[fffff8800192543f] -> nt!IofCallDriver -> [0xfffffa80047dd170] 17:42:20.119 5 ACPI.sys[fffff88000f30781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047bc060] 17:42:20.134 Scan finished successfully 17:42:40.672 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat" 17:42:40.687 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt" Code:
ATTFilter 17:44:00.0181 3680 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:44:00.0197 3680 ============================================================ 17:44:00.0197 3680 Current date / time: 2013/04/08 17:44:00.0197 17:44:00.0197 3680 SystemInfo: 17:44:00.0197 3680 17:44:00.0197 3680 OS Version: 6.1.7600 ServicePack: 0.0 17:44:00.0197 3680 Product type: Workstation 17:44:00.0197 3680 ComputerName: **** 17:44:00.0197 3680 UserName: *** 17:44:00.0197 3680 Windows directory: C:\Windows 17:44:00.0197 3680 System windows directory: C:\Windows 17:44:00.0197 3680 Running under WOW64 17:44:00.0197 3680 Processor architecture: Intel x64 17:44:00.0197 3680 Number of processors: 2 17:44:00.0197 3680 Page size: 0x1000 17:44:00.0197 3680 Boot type: Normal boot 17:44:00.0197 3680 ============================================================ 17:44:01.0039 3680 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:44:01.0070 3680 Drive \Device\Harddisk4\DR5 - Size: 0x1E77FFC00 (7.62 Gb), SectorSize: 0x200, Cylinders: 0x3E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:44:01.0070 3680 ============================================================ 17:44:01.0070 3680 \Device\Harddisk0\DR0: 17:44:01.0070 3680 MBR partitions: 17:44:01.0070 3680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:44:01.0070 3680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 17:44:01.0070 3680 \Device\Harddisk4\DR5: 17:44:01.0070 3680 MBR partitions: 17:44:01.0070 3680 \Device\Harddisk4\DR5\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF3BFDE 17:44:01.0070 3680 ============================================================ 17:44:01.0102 3680 C: <-> \Device\Harddisk0\DR0\Partition2 17:44:01.0102 3680 ============================================================ 17:44:01.0102 3680 Initialize success 17:44:01.0102 3680 ============================================================ 17:44:28.0729 4328 ============================================================ 17:44:28.0729 4328 Scan started 17:44:28.0729 4328 Mode: Manual; SigCheck; TDLFS; 17:44:28.0729 4328 ============================================================ 17:44:29.0197 4328 ================ Scan system memory ======================== 17:44:29.0197 4328 System memory - ok 17:44:29.0197 4328 ================ Scan services ============================= 17:44:29.0338 4328 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 17:44:29.0400 4328 1394ohci - ok 17:44:29.0416 4328 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 17:44:29.0431 4328 ACPI - ok 17:44:29.0431 4328 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 17:44:29.0478 4328 AcpiPmi - ok 17:44:29.0556 4328 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:44:29.0572 4328 AdobeARMservice - ok 17:44:29.0665 4328 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:44:29.0681 4328 AdobeFlashPlayerUpdateSvc - ok 17:44:29.0696 4328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:44:29.0712 4328 adp94xx - ok 17:44:29.0728 4328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:44:29.0743 4328 adpahci - ok 17:44:29.0743 4328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:44:29.0759 4328 adpu320 - ok 17:44:29.0806 4328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:44:29.0899 4328 AeLookupSvc - ok 17:44:29.0946 4328 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 17:44:30.0008 4328 AFD - ok 17:44:30.0055 4328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 17:44:30.0071 4328 agp440 - ok 17:44:30.0102 4328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:44:30.0149 4328 ALG - ok 17:44:30.0164 4328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 17:44:30.0180 4328 aliide - ok 17:44:30.0227 4328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 17:44:30.0242 4328 amdide - ok 17:44:30.0242 4328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:44:30.0258 4328 AmdK8 - ok 17:44:30.0274 4328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:44:30.0320 4328 AmdPPM - ok 17:44:30.0352 4328 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:44:30.0367 4328 amdsata - ok 17:44:30.0383 4328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:44:30.0398 4328 amdsbs - ok 17:44:30.0414 4328 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:44:30.0430 4328 amdxata - ok 17:44:30.0523 4328 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:44:30.0539 4328 AntiVirSchedulerService - ok 17:44:30.0554 4328 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:44:30.0570 4328 AntiVirService - ok 17:44:30.0601 4328 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 17:44:30.0664 4328 AppID - ok 17:44:30.0695 4328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:44:30.0757 4328 AppIDSvc - ok 17:44:30.0773 4328 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 17:44:30.0804 4328 Appinfo - ok 17:44:30.0851 4328 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 17:44:30.0882 4328 AppMgmt - ok 17:44:30.0898 4328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:44:30.0913 4328 arc - ok 17:44:30.0913 4328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:44:30.0929 4328 arcsas - ok 17:44:30.0976 4328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:44:31.0022 4328 AsyncMac - ok 17:44:31.0038 4328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 17:44:31.0054 4328 atapi - ok 17:44:31.0100 4328 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:44:31.0147 4328 AudioEndpointBuilder - ok 17:44:31.0163 4328 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:44:31.0194 4328 AudioSrv - ok 17:44:31.0241 4328 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:44:31.0256 4328 avgntflt - ok 17:44:31.0288 4328 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:44:31.0288 4328 avipbb - ok 17:44:31.0319 4328 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:44:31.0350 4328 avkmgr - ok 17:44:31.0366 4328 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:44:31.0397 4328 AxInstSV - ok 17:44:31.0412 4328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:44:31.0444 4328 b06bdrv - ok 17:44:31.0475 4328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:44:31.0490 4328 b57nd60a - ok 17:44:31.0537 4328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:44:31.0553 4328 BDESVC - ok 17:44:31.0584 4328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:44:31.0631 4328 Beep - ok 17:44:31.0693 4328 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 17:44:31.0756 4328 BFE - ok 17:44:31.0787 4328 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 17:44:31.0834 4328 BITS - ok 17:44:31.0865 4328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:44:31.0880 4328 blbdrive - ok 17:44:31.0912 4328 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:44:31.0927 4328 bowser - ok 17:44:31.0943 4328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:44:31.0974 4328 BrFiltLo - ok 17:44:31.0990 4328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:44:32.0005 4328 BrFiltUp - ok 17:44:32.0068 4328 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 17:44:32.0099 4328 Browser - ok 17:44:32.0130 4328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:44:32.0192 4328 Brserid - ok 17:44:32.0192 4328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:44:32.0208 4328 BrSerWdm - ok 17:44:32.0208 4328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:44:32.0224 4328 BrUsbMdm - ok 17:44:32.0239 4328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:44:32.0270 4328 BrUsbSer - ok 17:44:32.0270 4328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:44:32.0302 4328 BTHMODEM - ok 17:44:32.0333 4328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:44:32.0395 4328 bthserv - ok 17:44:32.0411 4328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:44:32.0473 4328 cdfs - ok 17:44:32.0504 4328 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:44:32.0551 4328 cdrom - ok 17:44:32.0582 4328 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 17:44:32.0645 4328 CertPropSvc - ok 17:44:32.0676 4328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:44:32.0707 4328 circlass - ok 17:44:32.0754 4328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:44:32.0770 4328 CLFS - ok 17:44:32.0848 4328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:44:32.0863 4328 clr_optimization_v2.0.50727_32 - ok 17:44:32.0879 4328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:44:32.0894 4328 clr_optimization_v2.0.50727_64 - ok 17:44:32.0957 4328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:44:32.0972 4328 clr_optimization_v4.0.30319_32 - ok 17:44:33.0004 4328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:44:33.0004 4328 clr_optimization_v4.0.30319_64 - ok 17:44:33.0019 4328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:44:33.0019 4328 CmBatt - ok 17:44:33.0035 4328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 17:44:33.0050 4328 cmdide - ok 17:44:33.0082 4328 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 17:44:33.0113 4328 CNG - ok 17:44:33.0113 4328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:44:33.0128 4328 Compbatt - ok 17:44:33.0144 4328 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:44:33.0160 4328 CompositeBus - ok 17:44:33.0160 4328 COMSysApp - ok 17:44:33.0175 4328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:44:33.0191 4328 crcdisk - ok 17:44:33.0222 4328 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:44:33.0269 4328 CryptSvc - ok 17:44:33.0316 4328 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys 17:44:33.0362 4328 CSC - ok 17:44:33.0378 4328 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll 17:44:33.0409 4328 CscService - ok 17:44:33.0440 4328 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:44:33.0503 4328 DcomLaunch - ok 17:44:33.0534 4328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:44:33.0596 4328 defragsvc - ok 17:44:33.0628 4328 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:44:33.0659 4328 DfsC - ok 17:44:33.0690 4328 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 17:44:33.0706 4328 Dhcp - ok 17:44:33.0706 4328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:44:33.0737 4328 discache - ok 17:44:33.0752 4328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:44:33.0768 4328 Disk - ok 17:44:33.0799 4328 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:44:33.0815 4328 Dnscache - ok 17:44:33.0846 4328 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 17:44:33.0877 4328 dot3svc - ok 17:44:33.0877 4328 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 17:44:33.0924 4328 DPS - ok 17:44:33.0940 4328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:44:33.0955 4328 drmkaud - ok 17:44:34.0002 4328 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:44:34.0033 4328 DXGKrnl - ok 17:44:34.0064 4328 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys 17:44:34.0080 4328 e1express - ok 17:44:34.0096 4328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:44:34.0142 4328 EapHost - ok 17:44:34.0205 4328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:44:34.0267 4328 ebdrv - ok 17:44:34.0283 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 17:44:34.0314 4328 EFS - ok 17:44:34.0361 4328 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:44:34.0392 4328 ehRecvr - ok 17:44:34.0423 4328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:44:34.0423 4328 ehSched - ok 17:44:34.0454 4328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:44:34.0470 4328 elxstor - ok 17:44:34.0501 4328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 17:44:34.0517 4328 ErrDev - ok 17:44:34.0548 4328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:44:34.0595 4328 EventSystem - ok 17:44:34.0595 4328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:44:34.0626 4328 exfat - ok 17:44:34.0626 4328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:44:34.0673 4328 fastfat - ok 17:44:34.0720 4328 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 17:44:34.0766 4328 Fax - ok 17:44:34.0766 4328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:44:34.0782 4328 fdc - ok 17:44:34.0813 4328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:44:34.0844 4328 fdPHost - ok 17:44:34.0860 4328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:44:34.0891 4328 FDResPub - ok 17:44:34.0922 4328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:44:34.0938 4328 FileInfo - ok 17:44:34.0938 4328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:44:34.0969 4328 Filetrace - ok 17:44:34.0985 4328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:44:34.0985 4328 flpydisk - ok 17:44:35.0000 4328 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:44:35.0016 4328 FltMgr - ok 17:44:35.0047 4328 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll 17:44:35.0094 4328 FontCache - ok 17:44:35.0156 4328 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:44:35.0172 4328 FontCache3.0.0.0 - ok 17:44:35.0188 4328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:44:35.0203 4328 FsDepends - ok 17:44:35.0219 4328 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:44:35.0234 4328 Fs_Rec - ok 17:44:35.0266 4328 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:44:35.0281 4328 fvevol - ok 17:44:35.0312 4328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:44:35.0328 4328 gagp30kx - ok 17:44:35.0344 4328 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 17:44:35.0359 4328 gpsvc - ok 17:44:35.0422 4328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:44:35.0437 4328 gupdate - ok 17:44:35.0437 4328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:44:35.0453 4328 gupdatem - ok 17:44:35.0468 4328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:44:35.0484 4328 hcw85cir - ok 17:44:35.0515 4328 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:44:35.0546 4328 HdAudAddService - ok 17:44:35.0546 4328 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:44:35.0562 4328 HDAudBus - ok 17:44:35.0609 4328 [ 354F7AC7AE454A1DAF85BF7C0FFEFD07 ] HDDHealth C:\Program Files (x86)\HDD Health\HDDHealthService.exe 17:44:35.0624 4328 HDDHealth ( UnsignedFile.Multi.Generic ) - warning 17:44:35.0624 4328 HDDHealth - detected UnsignedFile.Multi.Generic (1) 17:44:35.0640 4328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:44:35.0656 4328 HidBatt - ok 17:44:35.0656 4328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:44:35.0671 4328 HidBth - ok 17:44:35.0687 4328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:44:35.0734 4328 HidIr - ok 17:44:35.0734 4328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:44:35.0780 4328 hidserv - ok 17:44:35.0812 4328 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:44:35.0812 4328 HidUsb - ok 17:44:35.0843 4328 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:44:35.0890 4328 hkmsvc - ok 17:44:35.0905 4328 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:44:35.0921 4328 HomeGroupListener - ok 17:44:35.0952 4328 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:44:35.0983 4328 HomeGroupProvider - ok 17:44:35.0999 4328 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 17:44:36.0014 4328 HpSAMD - ok 17:44:36.0030 4328 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:44:36.0061 4328 HTTP - ok 17:44:36.0061 4328 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:44:36.0077 4328 hwpolicy - ok 17:44:36.0092 4328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:44:36.0108 4328 i8042prt - ok 17:44:36.0139 4328 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:44:36.0155 4328 iaStorV - ok 17:44:36.0202 4328 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:44:36.0233 4328 idsvc - ok 17:44:36.0233 4328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:44:36.0248 4328 iirsp - ok 17:44:36.0264 4328 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 17:44:36.0311 4328 IKEEXT - ok 17:44:36.0326 4328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 17:44:36.0326 4328 intelide - ok 17:44:36.0342 4328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:44:36.0373 4328 intelppm - ok 17:44:36.0373 4328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:44:36.0420 4328 IPBusEnum - ok 17:44:36.0420 4328 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:44:36.0451 4328 IpFilterDriver - ok 17:44:36.0482 4328 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:44:36.0514 4328 iphlpsvc - ok 17:44:36.0514 4328 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 17:44:36.0545 4328 IPMIDRV - ok 17:44:36.0545 4328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:44:36.0592 4328 IPNAT - ok 17:44:36.0607 4328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:44:36.0623 4328 IRENUM - ok 17:44:36.0623 4328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 17:44:36.0638 4328 isapnp - ok 17:44:36.0654 4328 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:44:36.0670 4328 iScsiPrt - ok 17:44:36.0685 4328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:44:36.0685 4328 kbdclass - ok 17:44:36.0701 4328 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:44:36.0716 4328 kbdhid - ok 17:44:36.0732 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 17:44:36.0748 4328 KeyIso - ok 17:44:36.0748 4328 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:44:36.0763 4328 KSecDD - ok 17:44:36.0794 4328 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:44:36.0810 4328 KSecPkg - ok 17:44:36.0826 4328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:44:36.0857 4328 ksthunk - ok 17:44:36.0872 4328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:44:36.0935 4328 KtmRm - ok 17:44:36.0982 4328 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:44:37.0013 4328 LanmanServer - ok 17:44:37.0028 4328 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:44:37.0091 4328 LanmanWorkstation - ok 17:44:37.0153 4328 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 17:44:37.0169 4328 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 17:44:37.0169 4328 LightScribeService - detected UnsignedFile.Multi.Generic (1) 17:44:37.0200 4328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:44:37.0247 4328 lltdio - ok 17:44:37.0262 4328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:44:37.0294 4328 lltdsvc - ok 17:44:37.0325 4328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:44:37.0372 4328 lmhosts - ok 17:44:37.0403 4328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:44:37.0418 4328 LSI_FC - ok 17:44:37.0418 4328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:44:37.0434 4328 LSI_SAS - ok 17:44:37.0450 4328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:44:37.0450 4328 LSI_SAS2 - ok 17:44:37.0465 4328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:44:37.0465 4328 LSI_SCSI - ok 17:44:37.0481 4328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:44:37.0512 4328 luafv - ok 17:44:37.0543 4328 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:44:37.0574 4328 Mcx2Svc - ok 17:44:37.0606 4328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:44:37.0621 4328 megasas - ok 17:44:37.0637 4328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:44:37.0652 4328 MegaSR - ok 17:44:37.0684 4328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:44:37.0715 4328 MMCSS - ok 17:44:37.0730 4328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:44:37.0762 4328 Modem - ok 17:44:37.0808 4328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:44:37.0824 4328 monitor - ok 17:44:37.0840 4328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:44:37.0840 4328 mouclass - ok 17:44:37.0855 4328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:44:37.0871 4328 mouhid - ok 17:44:37.0871 4328 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:44:37.0886 4328 mountmgr - ok 17:44:37.0933 4328 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:44:37.0949 4328 MozillaMaintenance - ok 17:44:37.0964 4328 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 17:44:37.0964 4328 mpio - ok 17:44:37.0980 4328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:44:38.0011 4328 mpsdrv - ok 17:44:38.0042 4328 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:44:38.0105 4328 MpsSvc - ok 17:44:38.0120 4328 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:44:38.0152 4328 MRxDAV - ok 17:44:38.0183 4328 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:44:38.0198 4328 mrxsmb - ok 17:44:38.0214 4328 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:44:38.0245 4328 mrxsmb10 - ok 17:44:38.0261 4328 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:44:38.0276 4328 mrxsmb20 - ok 17:44:38.0276 4328 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 17:44:38.0292 4328 msahci - ok 17:44:38.0308 4328 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 17:44:38.0308 4328 msdsm - ok 17:44:38.0339 4328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:44:38.0354 4328 MSDTC - ok 17:44:38.0386 4328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:44:38.0417 4328 Msfs - ok 17:44:38.0432 4328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:44:38.0479 4328 mshidkmdf - ok 17:44:38.0495 4328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 17:44:38.0495 4328 msisadrv - ok 17:44:38.0526 4328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:44:38.0588 4328 MSiSCSI - ok 17:44:38.0588 4328 msiserver - ok 17:44:38.0620 4328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:44:38.0651 4328 MSKSSRV - ok 17:44:38.0666 4328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:44:38.0713 4328 MSPCLOCK - ok 17:44:38.0729 4328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:44:38.0760 4328 MSPQM - ok 17:44:38.0776 4328 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:44:38.0791 4328 MsRPC - ok 17:44:38.0807 4328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:44:38.0807 4328 mssmbios - ok 17:44:38.0822 4328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:44:38.0854 4328 MSTEE - ok 17:44:38.0869 4328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 17:44:38.0885 4328 MTConfig - ok 17:44:38.0900 4328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:44:38.0900 4328 Mup - ok 17:44:38.0916 4328 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 17:44:38.0963 4328 napagent - ok 17:44:38.0994 4328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:44:39.0041 4328 NativeWifiP - ok 17:44:39.0103 4328 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 17:44:39.0119 4328 NAUpdate - ok 17:44:39.0150 4328 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 17:44:39.0181 4328 NDIS - ok 17:44:39.0197 4328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:44:39.0228 4328 NdisCap - ok 17:44:39.0244 4328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:44:39.0290 4328 NdisTapi - ok 17:44:39.0306 4328 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:44:39.0337 4328 Ndisuio - ok 17:44:39.0337 4328 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:44:39.0368 4328 NdisWan - ok 17:44:39.0368 4328 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:44:39.0415 4328 NDProxy - ok 17:44:39.0415 4328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:44:39.0446 4328 NetBIOS - ok 17:44:39.0462 4328 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:44:39.0493 4328 NetBT - ok 17:44:39.0524 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 17:44:39.0540 4328 Netlogon - ok 17:44:39.0587 4328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:44:39.0634 4328 Netman - ok 17:44:39.0649 4328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:44:39.0696 4328 netprofm - ok 17:44:39.0743 4328 [ C7D577CB6058454228C7693DA086EF51 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 17:44:39.0790 4328 netr28ux - ok 17:44:39.0805 4328 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:44:39.0821 4328 NetTcpPortSharing - ok 17:44:39.0836 4328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 17:44:39.0852 4328 nfrd960 - ok 17:44:39.0868 4328 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:44:39.0914 4328 NlaSvc - ok 17:44:39.0930 4328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:44:39.0977 4328 Npfs - ok 17:44:39.0977 4328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:44:40.0024 4328 nsi - ok 17:44:40.0024 4328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:44:40.0070 4328 nsiproxy - ok 17:44:40.0117 4328 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:44:40.0164 4328 Ntfs - ok 17:44:40.0180 4328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:44:40.0211 4328 Null - ok 17:44:40.0429 4328 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:44:40.0663 4328 nvlddmkm - ok 17:44:40.0694 4328 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:44:40.0710 4328 nvraid - ok 17:44:40.0741 4328 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:44:40.0741 4328 nvstor - ok 17:44:40.0804 4328 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 17:44:40.0835 4328 nvsvc - ok 17:44:40.0882 4328 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 17:44:40.0913 4328 nvUpdatusService - ok 17:44:40.0928 4328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 17:44:40.0944 4328 nv_agp - ok 17:44:40.0960 4328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:44:40.0975 4328 ohci1394 - ok 17:44:41.0006 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:44:41.0022 4328 p2pimsvc - ok 17:44:41.0038 4328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:44:41.0053 4328 p2psvc - ok 17:44:41.0069 4328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 17:44:41.0084 4328 Parport - ok 17:44:41.0100 4328 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:44:41.0116 4328 partmgr - ok 17:44:41.0131 4328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:44:41.0162 4328 PcaSvc - ok 17:44:41.0178 4328 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 17:44:41.0178 4328 pci - ok 17:44:41.0209 4328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 17:44:41.0209 4328 pciide - ok 17:44:41.0240 4328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:44:41.0256 4328 pcmcia - ok 17:44:41.0256 4328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:44:41.0272 4328 pcw - ok 17:44:41.0287 4328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:44:41.0350 4328 PEAUTH - ok 17:44:41.0396 4328 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 17:44:41.0428 4328 PeerDistSvc - ok 17:44:41.0506 4328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:44:41.0537 4328 PerfHost - ok 17:44:41.0584 4328 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 17:44:41.0646 4328 pla - ok 17:44:41.0677 4328 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:44:41.0708 4328 PlugPlay - ok 17:44:41.0724 4328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:44:41.0755 4328 PNRPAutoReg - ok 17:44:41.0771 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:44:41.0786 4328 PNRPsvc - ok 17:44:41.0849 4328 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:44:41.0896 4328 PolicyAgent - ok 17:44:41.0927 4328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:44:41.0958 4328 Power - ok 17:44:42.0005 4328 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:44:42.0052 4328 PptpMiniport - ok 17:44:42.0067 4328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 17:44:42.0098 4328 Processor - ok 17:44:42.0114 4328 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 17:44:42.0130 4328 ProfSvc - ok 17:44:42.0145 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:44:42.0145 4328 ProtectedStorage - ok 17:44:42.0176 4328 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:44:42.0208 4328 Psched - ok 17:44:42.0239 4328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 17:44:42.0286 4328 ql2300 - ok 17:44:42.0301 4328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 17:44:42.0317 4328 ql40xx - ok 17:44:42.0332 4328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:44:42.0348 4328 QWAVE - ok 17:44:42.0364 4328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:44:42.0379 4328 QWAVEdrv - ok 17:44:42.0395 4328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:44:42.0426 4328 RasAcd - ok 17:44:42.0442 4328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:44:42.0473 4328 RasAgileVpn - ok 17:44:42.0488 4328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:44:42.0520 4328 RasAuto - ok 17:44:42.0535 4328 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:44:42.0566 4328 Rasl2tp - ok 17:44:42.0598 4328 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 17:44:42.0629 4328 RasMan - ok 17:44:42.0629 4328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:44:42.0660 4328 RasPppoe - ok 17:44:42.0676 4328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:44:42.0707 4328 RasSstp - ok 17:44:42.0722 4328 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:44:42.0769 4328 rdbss - ok 17:44:42.0785 4328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 17:44:42.0816 4328 rdpbus - ok 17:44:42.0832 4328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:44:42.0863 4328 RDPCDD - ok 17:44:42.0878 4328 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 17:44:42.0894 4328 RDPDR - ok 17:44:42.0910 4328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:44:42.0972 4328 RDPENCDD - ok 17:44:43.0003 4328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:44:43.0019 4328 RDPREFMP - ok 17:44:43.0050 4328 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:44:43.0066 4328 RDPWD - ok 17:44:43.0066 4328 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:44:43.0081 4328 rdyboost - ok 17:44:43.0097 4328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:44:43.0159 4328 RemoteAccess - ok 17:44:43.0159 4328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:44:43.0206 4328 RemoteRegistry - ok 17:44:43.0237 4328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:44:43.0268 4328 RpcEptMapper - ok 17:44:43.0300 4328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:44:43.0331 4328 RpcLocator - ok 17:44:43.0346 4328 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 17:44:43.0378 4328 RpcSs - ok 17:44:43.0378 4328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:44:43.0409 4328 rspndr - ok 17:44:43.0440 4328 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 17:44:43.0471 4328 s3cap - ok 17:44:43.0487 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 17:44:43.0502 4328 SamSs - ok 17:44:43.0502 4328 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 17:44:43.0518 4328 sbp2port - ok 17:44:43.0534 4328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:44:43.0565 4328 SCardSvr - ok 17:44:43.0580 4328 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:44:43.0627 4328 scfilter - ok 17:44:43.0674 4328 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 17:44:43.0690 4328 Schedule - ok 17:44:43.0721 4328 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:44:43.0752 4328 SCPolicySvc - ok 17:44:43.0752 4328 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:44:43.0768 4328 SDRSVC - ok 17:44:43.0783 4328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:44:43.0814 4328 secdrv - ok 17:44:43.0830 4328 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 17:44:43.0861 4328 seclogon - ok 17:44:43.0877 4328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:44:43.0908 4328 SENS - ok 17:44:43.0908 4328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:44:43.0924 4328 SensrSvc - ok 17:44:43.0939 4328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 17:44:43.0955 4328 Serenum - ok 17:44:43.0970 4328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 17:44:43.0986 4328 Serial - ok 17:44:44.0002 4328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 17:44:44.0017 4328 sermouse - ok 17:44:44.0033 4328 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 17:44:44.0064 4328 SessionEnv - ok 17:44:44.0080 4328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 17:44:44.0111 4328 sffdisk - ok 17:44:44.0142 4328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 17:44:44.0158 4328 sffp_mmc - ok 17:44:44.0189 4328 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 17:44:44.0189 4328 sffp_sd - ok 17:44:44.0204 4328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 17:44:44.0220 4328 sfloppy - ok 17:44:44.0236 4328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:44:44.0282 4328 SharedAccess - ok 17:44:44.0298 4328 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:44:44.0329 4328 ShellHWDetection - ok 17:44:44.0345 4328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:44:44.0360 4328 SiSRaid2 - ok 17:44:44.0360 4328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 17:44:44.0376 4328 SiSRaid4 - ok 17:44:44.0376 4328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:44:44.0438 4328 Smb - ok 17:44:44.0454 4328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:44:44.0470 4328 SNMPTRAP - ok 17:44:44.0485 4328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:44:44.0485 4328 spldr - ok 17:44:44.0532 4328 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 17:44:44.0548 4328 Spooler - ok 17:44:44.0610 4328 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 17:44:44.0672 4328 sppsvc - ok 17:44:44.0688 4328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:44:44.0719 4328 sppuinotify - ok 17:44:44.0735 4328 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:44:44.0782 4328 srv - ok 17:44:44.0813 4328 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:44:44.0844 4328 srv2 - ok 17:44:44.0875 4328 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:44:44.0906 4328 srvnet - ok 17:44:44.0938 4328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:44:44.0984 4328 SSDPSRV - ok 17:44:44.0984 4328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:44:45.0031 4328 SstpSvc - ok 17:44:45.0062 4328 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 17:44:45.0078 4328 Stereo Service - ok 17:44:45.0078 4328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 17:44:45.0094 4328 stexstor - ok 17:44:45.0125 4328 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 17:44:45.0156 4328 stisvc - ok 17:44:45.0172 4328 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 17:44:45.0187 4328 storflt - ok 17:44:45.0203 4328 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 17:44:45.0234 4328 StorSvc - ok 17:44:45.0250 4328 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 17:44:45.0265 4328 storvsc - ok 17:44:45.0265 4328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:44:45.0281 4328 swenum - ok 17:44:45.0312 4328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:44:45.0343 4328 swprv - ok 17:44:45.0390 4328 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 17:44:45.0437 4328 SysMain - ok 17:44:45.0437 4328 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:44:45.0468 4328 TabletInputService - ok 17:44:45.0484 4328 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 17:44:45.0577 4328 TapiSrv - ok 17:44:45.0608 4328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:44:45.0640 4328 TBS - ok 17:44:45.0702 4328 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:44:45.0749 4328 Tcpip - ok 17:44:45.0780 4328 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:44:45.0811 4328 TCPIP6 - ok 17:44:45.0842 4328 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:44:45.0874 4328 tcpipreg - ok 17:44:45.0889 4328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:44:45.0905 4328 TDPIPE - ok 17:44:45.0920 4328 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:44:45.0936 4328 TDTCP - ok 17:44:45.0967 4328 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:44:45.0998 4328 tdx - ok 17:44:46.0014 4328 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:44:46.0030 4328 TermDD - ok 17:44:46.0045 4328 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 17:44:46.0092 4328 TermService - ok 17:44:46.0108 4328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:44:46.0139 4328 Themes - ok 17:44:46.0154 4328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:44:46.0186 4328 THREADORDER - ok 17:44:46.0201 4328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:44:46.0248 4328 TrkWks - ok 17:44:46.0279 4328 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 17:44:46.0295 4328 truecrypt - ok 17:44:46.0342 4328 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:44:46.0357 4328 TrustedInstaller - ok 17:44:46.0388 4328 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:44:46.0435 4328 tssecsrv - ok 17:44:46.0466 4328 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:44:46.0498 4328 tunnel - ok 17:44:46.0498 4328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 17:44:46.0513 4328 uagp35 - ok 17:44:46.0529 4328 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:44:46.0576 4328 udfs - ok 17:44:46.0591 4328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:44:46.0607 4328 UI0Detect - ok 17:44:46.0622 4328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 17:44:46.0622 4328 uliagpkx - ok 17:44:46.0669 4328 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:44:46.0685 4328 umbus - ok 17:44:46.0685 4328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 17:44:46.0716 4328 UmPass - ok 17:44:46.0732 4328 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll 17:44:46.0747 4328 UmRdpService - ok 17:44:46.0778 4328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:44:46.0841 4328 upnphost - ok 17:44:46.0856 4328 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:44:46.0872 4328 usbccgp - ok 17:44:46.0888 4328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 17:44:46.0903 4328 usbcir - ok 17:44:46.0919 4328 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:44:46.0934 4328 usbehci - ok 17:44:46.0950 4328 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:44:46.0966 4328 usbhub - ok 17:44:46.0981 4328 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:44:47.0012 4328 usbohci - ok 17:44:47.0028 4328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:44:47.0044 4328 usbprint - ok 17:44:47.0075 4328 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:44:47.0090 4328 USBSTOR - ok 17:44:47.0122 4328 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:44:47.0137 4328 usbuhci - ok 17:44:47.0153 4328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:44:47.0184 4328 UxSms - ok 17:44:47.0200 4328 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 17:44:47.0200 4328 VaultSvc - ok 17:44:47.0215 4328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 17:44:47.0231 4328 vdrvroot - ok 17:44:47.0246 4328 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 17:44:47.0278 4328 vds - ok 17:44:47.0278 4328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:44:47.0293 4328 vga - ok 17:44:47.0309 4328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:44:47.0356 4328 VgaSave - ok 17:44:47.0356 4328 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 17:44:47.0371 4328 vhdmp - ok 17:44:47.0387 4328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 17:44:47.0387 4328 viaide - ok 17:44:47.0418 4328 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 17:44:47.0434 4328 vmbus - ok 17:44:47.0449 4328 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 17:44:47.0465 4328 VMBusHID - ok 17:44:47.0480 4328 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 17:44:47.0496 4328 volmgr - ok 17:44:47.0512 4328 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:44:47.0527 4328 volmgrx - ok 17:44:47.0558 4328 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 17:44:47.0590 4328 volsnap - ok 17:44:47.0605 4328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 17:44:47.0621 4328 vsmraid - ok 17:44:47.0652 4328 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 17:44:47.0699 4328 VSS - ok 17:44:47.0714 4328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:44:47.0746 4328 vwifibus - ok 17:44:47.0761 4328 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:44:47.0777 4328 vwififlt - ok 17:44:47.0792 4328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:44:47.0824 4328 W32Time - ok 17:44:47.0855 4328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 17:44:47.0886 4328 WacomPen - ok 17:44:47.0902 4328 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:44:47.0948 4328 WANARP - ok 17:44:47.0948 4328 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:44:47.0980 4328 Wanarpv6 - ok 17:44:48.0011 4328 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 17:44:48.0058 4328 wbengine - ok 17:44:48.0058 4328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:44:48.0073 4328 WbioSrvc - ok 17:44:48.0104 4328 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:44:48.0136 4328 wcncsvc - ok 17:44:48.0151 4328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:44:48.0167 4328 WcsPlugInService - ok 17:44:48.0182 4328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 17:44:48.0198 4328 Wd - ok 17:44:48.0229 4328 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:44:48.0260 4328 Wdf01000 - ok 17:44:48.0276 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:44:48.0292 4328 WdiServiceHost - ok 17:44:48.0292 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:44:48.0307 4328 WdiSystemHost - ok 17:44:48.0338 4328 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 17:44:48.0370 4328 WebClient - ok 17:44:48.0385 4328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:44:48.0432 4328 Wecsvc - ok 17:44:48.0448 4328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:44:48.0479 4328 wercplsupport - ok 17:44:48.0494 4328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:44:48.0557 4328 WerSvc - ok 17:44:48.0572 4328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:44:48.0604 4328 WfpLwf - ok 17:44:48.0619 4328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:44:48.0619 4328 WIMMount - ok 17:44:48.0635 4328 WinDefend - ok 17:44:48.0635 4328 WinHttpAutoProxySvc - ok 17:44:48.0697 4328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:44:48.0728 4328 Winmgmt - ok 17:44:48.0791 4328 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 17:44:48.0853 4328 WinRM - ok 17:44:48.0916 4328 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:44:48.0931 4328 WinUsb - ok 17:44:48.0962 4328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:44:48.0994 4328 Wlansvc - ok 17:44:48.0994 4328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:44:49.0025 4328 WmiAcpi - ok 17:44:49.0056 4328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:44:49.0087 4328 wmiApSrv - ok 17:44:49.0103 4328 WMPNetworkSvc - ok 17:44:49.0118 4328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:44:49.0118 4328 WPCSvc - ok 17:44:49.0134 4328 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:44:49.0150 4328 WPDBusEnum - ok 17:44:49.0165 4328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:44:49.0212 4328 ws2ifsl - ok 17:44:49.0228 4328 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 17:44:49.0259 4328 wscsvc - ok 17:44:49.0259 4328 WSearch - ok 17:44:49.0321 4328 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:44:49.0384 4328 wuauserv - ok 17:44:49.0399 4328 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:44:49.0415 4328 WudfPf - ok 17:44:49.0430 4328 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:44:49.0462 4328 WUDFRd - ok 17:44:49.0493 4328 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:44:49.0508 4328 wudfsvc - ok 17:44:49.0524 4328 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:44:49.0555 4328 WwanSvc - ok 17:44:49.0586 4328 ================ Scan global =============================== 17:44:49.0602 4328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:44:49.0633 4328 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 17:44:49.0649 4328 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 17:44:49.0664 4328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:44:49.0680 4328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:44:49.0680 4328 [Global] - ok 17:44:49.0680 4328 ================ Scan MBR ================================== 17:44:49.0696 4328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:44:49.0898 4328 \Device\Harddisk0\DR0 - ok 17:44:49.0898 4328 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk4\DR5 17:44:49.0992 4328 \Device\Harddisk4\DR5 - ok 17:44:49.0992 4328 ================ Scan VBR ================================== 17:44:49.0992 4328 [ FB46899939103F609995AC93A27B784F ] \Device\Harddisk0\DR0\Partition1 17:44:50.0008 4328 \Device\Harddisk0\DR0\Partition1 - ok 17:44:50.0023 4328 [ 19A96E313F77781259037DA03DC974FC ] \Device\Harddisk0\DR0\Partition2 17:44:50.0023 4328 \Device\Harddisk0\DR0\Partition2 - ok 17:44:50.0039 4328 [ 6C370AB61EED2A7D22D135FF9BAEC883 ] \Device\Harddisk4\DR5\Partition1 17:44:50.0039 4328 \Device\Harddisk4\DR5\Partition1 - ok 17:44:50.0039 4328 ============================================================ 17:44:50.0039 4328 Scan finished 17:44:50.0039 4328 ============================================================ 17:44:50.0054 2560 Detected object count: 2 17:44:50.0054 2560 Actual detected object count: 2 17:45:54.0873 2560 HDDHealth ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:54.0873 2560 HDDHealth ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:54.0873 2560 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:54.0873 2560 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:46:16.0510 3804 Deinitialize success |
08.04.2013, 21:09 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 23:24 | #9 | |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Darf ich fragen, was Combofix macht und was Du bei meinem Problem bis jetzt für Vermutungen hast? Nachdem Du Mitleser extra vor einer unbedachten Verwendung warnst, klingt das für mich ein bisschen wie Chemotherapie für den PC... Welche Risiken gehe ich dabei ein? Bitte nimm mir das nicht übel, ich versuche nur nachzuvollziehen, was ich tue. Zitat:
für die Hilfe! |
09.04.2013, 11:38 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Ich vermute noch einiges an tiefsitzendere Malware, daher CF Bei jeder Bereinigung kann etwas schiefgehen auch ohne CF und allgemein solltest du immer die wichtigsten Daten geischert haben, logischerweise auch dann wenn du keine Probleme mit dem PC hast, das ist Sinn und Zweck eines Backups - sollte man schonmal von gehört haben Und Malwarebytes sollst du nicht deinstallieren, die Rede war von Virenscanner deaktivieren, also dein Hintergrundwächter von Avira
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 12:19 | #11 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Danke für Deine Erklärung. Wie im Anfangspost beschrieben ist das Backup genau mein Sorgenkind, da ich mir nicht sicher bin, ob ich das alte saubere Backup voreilig bei der Warnung bzgl defekter Festplatte mit dem dreckigen Backup verschmutzt habe, das jetzt auf der gleichen Platte neben dem alten Backup liegt... CF log: Code:
ATTFilter ComboFix 13-04-08.04 - *** 09.04.2013 13:24:31.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1033.18.4094.2837 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-09 bis 2013-04-09 )))))))))))))))))))))))))))))) . . 2013-04-09 11:27 . 2013-04-09 11:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-09 11:27 . 2013-04-09 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-09 11:27 . 2013-04-09 11:27 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{058BE9E3-4783-4BF3-B517-4309DE9B9719}\offreg.dll 2013-04-08 15:14 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{058BE9E3-4783-4BF3-B517-4309DE9B9719}\mpengine.dll 2013-03-15 14:33 . 2013-03-15 14:33 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2013-03-15 14:33 . 2013-03-15 14:33 -------- d-----w- c:\programdata\Malwarebytes 2013-03-15 14:33 . 2013-03-15 14:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-15 14:33 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 14:22 . 2013-03-15 14:22 -------- d-----w- c:\program files (x86)\Seagate 2013-03-15 14:15 . 2013-03-15 14:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-03-15 14:14 . 2013-03-15 14:14 -------- d-----w- c:\program files (x86)\HDD Health 2013-03-13 19:48 . 2013-03-13 19:48 -------- d-----w- c:\program files\Microsoft Games 2013-03-13 19:10 . 2013-03-13 19:10 -------- d-----w- c:\users\***\AppData\Local\Opera 2013-03-13 19:10 . 2013-03-13 19:10 -------- d-----w- c:\program files (x86)\Opera 2013-03-11 20:10 . 2013-03-11 20:10 -------- d-----w- c:\program files (x86)\LightScribe Template Labeler 2013-03-11 20:00 . 2013-03-11 20:00 -------- d-----w- c:\program files (x86)\LightScribe Diagnostic Utility 2013-03-11 19:31 . 2013-03-11 19:31 -------- d-----w- c:\program files (x86)\Common Files\LightScribe 2013-03-11 19:26 . 2013-03-11 19:26 -------- d-----w- c:\program files (x86)\Common Files\Nero 2013-03-11 19:25 . 2013-03-11 19:27 -------- d-----w- c:\program files (x86)\Nero 2013-03-11 10:47 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 10:47 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 10:22 . 2013-03-11 19:26 -------- d-----w- c:\programdata\Nero 2013-03-11 09:46 . 2013-03-11 10:14 -------- d-----w- c:\users\***\AppData\Roaming\TrueCrypt 2013-03-10 14:39 . 2013-03-10 14:39 -------- d-----w- c:\windows\system32\appmgmt 2013-03-10 13:19 . 2013-03-10 13:19 -------- d-----w- c:\programdata\LightScribe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 23:37 . 2013-02-27 11:44 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 23:37 . 2013-02-27 11:44 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-11 23:10 . 2013-02-25 23:47 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-04 16:41 . 2013-03-04 16:41 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2013-03-01 10:52 . 2013-03-01 10:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-01 10:52 . 2013-03-01 10:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-01 10:52 . 2013-03-01 10:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-01 10:52 . 2013-03-01 10:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-01 10:52 . 2013-03-01 10:52 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-03-01 10:52 . 2013-03-01 10:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-01 10:52 . 2013-03-01 10:52 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2013-03-01 10:52 . 2013-03-01 10:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-01 10:52 . 2013-03-01 10:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-01 10:52 . 2013-03-01 10:52 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-03-01 10:52 . 2013-03-01 10:52 818176 ----a-w- c:\windows\system32\jscript.dll 2013-03-01 10:52 . 2013-03-01 10:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-01 10:52 . 2013-03-01 10:52 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-01 10:52 . 2013-03-01 10:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-01 10:52 . 2013-03-01 10:52 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-01 10:52 . 2013-03-01 10:52 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-03-01 10:52 . 2013-03-01 10:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-01 10:52 . 2013-03-01 10:52 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-03-01 10:52 . 2013-03-01 10:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-01 10:52 . 2013-03-01 10:52 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-03-01 10:52 . 2013-03-01 10:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-03-01 10:52 . 2013-03-01 10:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-01 10:52 . 2013-03-01 10:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-01 10:52 . 2013-03-01 10:52 2303488 ----a-w- c:\windows\system32\jscript9.dll 2013-03-01 10:52 . 2013-03-01 10:52 222208 ----a-w- c:\windows\system32\msls31.dll 2013-03-01 10:52 . 2013-03-01 10:52 2136064 ----a-w- c:\windows\system32\iertutil.dll 2013-03-01 10:52 . 2013-03-01 10:52 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-01 10:52 . 2013-03-01 10:52 17773056 ----a-w- c:\windows\system32\mshtml.dll 2013-03-01 10:52 . 2013-03-01 10:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-01 10:52 . 2013-03-01 10:52 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-03-01 10:52 . 2013-03-01 10:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-01 10:52 . 2013-03-01 10:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-01 10:52 . 2013-03-01 10:52 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-01 10:52 . 2013-03-01 10:52 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-03-01 10:52 . 2013-03-01 10:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-01 10:52 . 2013-03-01 10:52 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-01 10:52 . 2013-03-01 10:52 1389056 ----a-w- c:\windows\system32\wininet.dll 2013-03-01 10:52 . 2013-03-01 10:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-01 10:52 . 2013-03-01 10:52 1344000 ----a-w- c:\windows\system32\urlmon.dll 2013-03-01 10:52 . 2013-03-01 10:52 12288 ----a-w- c:\windows\system32\mshta.exe 2013-03-01 10:52 . 2013-03-01 10:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-01 10:52 . 2013-03-01 10:52 114176 ----a-w- c:\windows\system32\admparse.dll 2013-03-01 10:52 . 2013-03-01 10:52 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-01 10:52 . 2013-03-01 10:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-03-01 10:52 . 2013-03-01 10:52 96256 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-01 10:52 . 2013-03-01 10:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-01 10:52 . 2013-03-01 10:52 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-01 10:52 . 2013-03-01 10:52 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-03-01 10:52 . 2013-03-01 10:52 82432 ----a-w- c:\windows\system32\icardie.dll 2013-03-01 10:52 . 2013-03-01 10:52 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-03-01 10:52 . 2013-03-01 10:52 697344 ----a-w- c:\windows\system32\msfeeds.dll 2013-03-01 10:52 . 2013-03-01 10:52 603648 ----a-w- c:\windows\system32\vbscript.dll 2013-03-01 10:52 . 2013-03-01 10:52 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-01 10:52 . 2013-03-01 10:52 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-01 10:52 . 2013-03-01 10:52 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-01 10:52 . 2013-03-01 10:52 448512 ----a-w- c:\windows\system32\html.iec 2013-03-01 10:52 . 2013-03-01 10:52 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-01 10:52 . 2013-03-01 10:52 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-01 10:52 . 2013-03-01 10:52 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-01 10:52 . 2013-03-01 10:52 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-01 10:52 . 2013-03-01 10:52 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-01 10:52 . 2013-03-01 10:52 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-03-01 10:52 . 2013-03-01 10:52 248320 ----a-w- c:\windows\system32\ieui.dll 2013-03-01 10:52 . 2013-03-01 10:52 236544 ----a-w- c:\windows\system32\url.dll 2013-03-01 10:52 . 2013-03-01 10:52 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-03-01 10:52 . 2013-03-01 10:52 160256 ----a-w- c:\windows\system32\wextract.exe 2013-03-01 10:52 . 2013-03-01 10:52 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-03-01 10:52 . 2013-03-01 10:52 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-01 10:52 . 2013-03-01 10:52 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-01 10:52 . 2013-03-01 10:52 10884096 ----a-w- c:\windows\system32\ieframe.dll 2013-03-01 10:52 . 2013-03-01 10:52 103936 ----a-w- c:\windows\system32\inseng.dll 2013-02-27 17:24 . 2013-02-27 17:24 4067328 ----a-w- c:\windows\Adac-Luftrettung 3D.scr 2013-02-27 17:24 . 2013-02-27 17:24 348160 ----a-w- c:\windows\Adac-Luftrettung 3D Uninstall.exe 2013-02-27 11:19 . 2013-02-27 11:20 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-02-27 11:19 . 2013-02-27 11:20 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-02-27 11:19 . 2013-02-27 11:20 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-02-07 11:42 . 2013-02-07 11:42 333856 ----a-w- c:\windows\system32\RaCoInstx.dll 2013-02-07 11:42 . 2013-02-07 11:42 2201120 ----a-w- c:\windows\system32\drivers\netr28ux.sys 2013-02-04 21:49 . 2013-02-27 12:19 70004024 ----a-w- c:\windows\system32\MRT.exe 2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hddhealth"="c:\program files (x86)\HDD Health\hddhealth.exe" [2012-06-07 1987520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-27 385248] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HDDHealth.lnk - c:\program files (x86)\HDD Health\hddhealth.exe [2013-3-15 1987520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HDDHealth;HDDHealth;c:\program files (x86)\HDD Health\HDDHealthService.exe [2012-06-07 72640] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-27 27800] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-27 86752] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2012-07-02 14:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 23:37] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 16:21] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 16:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?sk=bd FF - prefs.js: network.proxy.ftp - 83.137.26.25 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 83.137.26.25 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 83.137.26.25 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 83.137.26.25 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 83.137.26.25 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-02-27 17:12; {45d8ff86-d909-11db-9705-005056c00008}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi FF - ExtSQL: 2013-02-27 17:38; {d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-09 13:29:30 ComboFix-quarantined-files.txt 2013-04-09 11:29 . Vor Suchlauf: 831.052.832.768 bytes free Nach Suchlauf: 839.601.295.360 bytes free . - - End Of File - - 4C162678F01B0984D9595EBF25BB8AA7 Geändert von denkgeräusch (09.04.2013 um 12:35 Uhr) Grund: cf logfile hinzugefügt |
09.04.2013, 12:40 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 14:14 | #13 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Scans mit folgenden Ergebnissen durchgeführt: (siehe unten) Zwischendurch ist mir etwas aufgefallen: Ich wollte die heruntergeladenen Installationsateien von JRT und adwCleaner per Drag and Drop auf den Desktop ziehen, wobei aber der durchgestrichene Kreis anstelle meines Cursers erschien - so, als sei eine durchsichtige Ebene über dem Desktop, die das Ablegen der Dateien verhindert. Über den Windows Explorer funktionierte es aber einwandfrei. Inzwischen hat sich das auch wieder erübrigt. Ich wollte es nur erwähnen, falls es relevant sein sollte. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Professional x64 Ran by *** on 09.04.2013 at 14:33:46,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\gwojyt5i.default\minidumps [300 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.04.2013 at 14:40:10,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.200 - Logfile created 04/09/2013 at 14:50:51 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Professional (64 bits) # User : *** - **** # Boot Mode : Normal # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (de) File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\prefs.js [OK] File is clean. File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\prefs.js [OK] File is clean. -\\ Opera v12.14.1738.0 File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [880 octets] - [09/04/2013 14:50:51] ########## EOF - C:\AdwCleaner[S1].txt - [939 octets] ########## Code:
ATTFilter OTL logfile created on: 09.04.2013 14:58:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free 7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 781,95 Gb Free Space | 83,95% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,53 Gb Free Space | 98,83% Space Free | Partition Type: NTFS Computer Name: **** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (HDDHealth) -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01 [binary data] IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd" FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7 FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5 FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5 FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "83.137.26.25" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "83.137.26.25" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "83.137.26.25" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "83.137.26.25" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "83.137.26.25" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] [2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\AstroToolbar@toolbarnet.com [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\maps@ovi.com [2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\nostmp [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\maps@ovi.com [2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\personas@christopher.beard [2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\addon@snip-me.de.xpi [2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\amznUWL2@amazon.com.xpi [2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\personas@christopher.beard.xpi [2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\tineye@ideeinc.com.xpi [2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.09 13:28:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DB17104-5A8D-4368-82C9-AAEFAA7E6FB1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 14:57:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.09 14:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.09 14:33:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.09 14:33:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.09 14:30:36 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.09 13:29:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.09 13:23:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.09 13:23:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.09 13:23:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.09 13:23:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.09 13:23:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.09 13:20:59 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.08 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.04.08 17:05:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.08 17:05:17 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate [2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate [2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health [2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health [2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler [2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility [2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero [2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt [2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe ========== Files - Modified Within 30 Days ========== [2013.04.09 15:00:01 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 15:00:01 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 14:57:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 14:57:12 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 14:57:12 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 14:53:51 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.09 14:52:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 14:52:26 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 14:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 14:30:09 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.09 14:29:56 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.09 14:26:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.09 13:28:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.09 13:20:49 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.08 17:42:40 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.04.08 17:04:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.08 17:02:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.06 20:18:24 | 782,625,138 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf [2013.03.13 01:37:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 01:37:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg ========== Files Created - No Company Name ========== [2013.04.09 14:30:35 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.09 13:23:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.09 13:23:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.09 13:23:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.09 13:23:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.09 13:23:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.08 17:42:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg [2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 14:58:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free 7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 781,95 Gb Free Space | 83,95% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,53 Gb Free Space | 98,83% Space Free | Partition Type: NTFS Computer Name: **** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | "{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | "{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | "{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | "{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | "{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | "{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | "{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54 "{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ADACLuftrettung3D" = ADAC Luftrettung 3D "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "HDD Health_is1" = HDD Health v4.2 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.14.1738" = Opera 12.14 "TreeSize Free_is1" = TreeSize Free V2.7 "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 2.0.5 "Winamp" = Winamp "WinMerge_is1" = WinMerge 2.14.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ System Events ] Error - 09.04.2013 08:52:48 | Computer Name = **** | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth service to connect. < End of report > |
09.04.2013, 16:00 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2013, 19:38 | #15 |
| Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Malwarebytes hat nichts gefunden. ESET Onlinescanner lies sich leider zunächst nicht installieren (gleiches Problem wie ganz am Anfang. Habe testweise mal wieder versucht, die NokiaSuite zu installieren; kein Erfolg. Ich habe die Installationsdatei ganz normal gestartet, ein paar Sekunden wurde dann die Ladeanimation am Curser angezeigt - und aus.) Nun habe ich den ESET Onlinescanner (wie auch schon zuvor die anderen Programme) über einen zweiten Rechner runtergeladen und mit einen USB-Stick, den ich jedesmal gescannt habe auf den Problemrechner gebracht. So lässt sich ESET einwandfrei installieren. Der Scan wird wohl noch eine Zeitlang brauchen - Läuft schon seit fast 2h, log folgt. Bislang Seven Infected Files: PHP/Obfuscated.F application 3x Win32/OpenCandy application 2x a variant of Win32/Bundled.Toolbar.Ask application 2x eset log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=fe2517ff5f7eaa418ceecdfeab67c983 # engine=13583 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-04-09 07:16:08 # local_time=2013-04-09 09:16:08 (+0100, W. Europe Daylight Time) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1799 16775165 100 96 2178928 3574683 2171513 0 # compatibility_mode=5893 16776573 100 94 9378 117985101 0 0 # scanned=522452 # found=10 # cleaned=0 # scan_time=8812 sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll" sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe" sh=8193F65601B85D34051C4A7378B3681517665488 ft=1 fh=156cd8ecd2fe6ec0 vn="Win32/OpenCandy application" ac=I fn="C:\Users\***\Downloads\winamp563_full_emusic-7plus_de-de.exe" sh=5483FF56F29297E1531E47307B1937EE77F2C27A ft=1 fh=e4aa479a6b6912b2 vn="Win32/OpenCandy application" ac=I fn="J:\Daten von *** Laptop\downloads\SUPERsetup.exe" sh=6C8520A67D42788DEDDBC011A4E4D25DCB90F47F ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\gbook17.zip" sh=E39F42A4A191F2955DA82FC74042C0223F690BF2 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\gbook17\gbook.php" sh=E39F42A4A191F2955DA82FC74042C0223F690BF2 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\***\center\gaestebuch\gbook.php" sh=C89865B729E1F6027A461E7B48CFA68A54590A2D ft=1 fh=30a236b0a4800cbe vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="J:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll" sh=085E2EFA6A258EEC88044241035A37DFF3DE3AE9 ft=1 fh=561b7be0126badba vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="J:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe" sh=8193F65601B85D34051C4A7378B3681517665488 ft=1 fh=156cd8ecd2fe6ec0 vn="Win32/OpenCandy application" ac=I fn="J:\Program Files (x86)\Winamp\Skins\winamp563_full_emusic-7plus_de-de.exe" |
Themen zu Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich |
0xc0000006, acrobat update, adblock, adobe reader xi, antivirus, autorun, avira, bluescreen, canon, desktop, dringend, error, failed, festplatte, festplatte angeblich defekt, firefox, flash player, frage, google, hängen, installation, installationsprobleme, logfile, mozilla, nicht möglich, problem, pum.hijack.startmenu, registry, security, software, super, svchost.exe, system, windows |