| |
| |||||||
Log-Analyse und Auswertung: Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2013, 03:31
| #1 |
| |  Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab... Hallo zusammen, ich kümmere mich hier um den Laptop eines Freundes, und hier muss wirklich ein Problem sehr tief sitzen... Zwei Trojaner wurden mit Avira AntiVir bereits entfern (sorry, ich habe mir nicht notiert, welche genau - und der Export der Funde klappt nicht (ist wohl ein bekannter Fehler)), aber mit dem Laptop stimmt immer noch was nicht... Von Zeit zu Zeit geht er einfach ohne erkennbaren Grund aus und fragt beim nächsten Einschalten dann, ob man Windows normal oder abgesichert starten möchte... Daher poste ich zunächst mal folgende Logfiles: frst.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by YouDoNotHaveToKnow (administrator) on YOUDONOTHAVETOKNOW-PC on 23-12-2013 00:15:16
Running from C:\Users\YouDoNotHaveToKnow\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\WINDOWS\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {cf1de230-a0ce-11e0-96d0-001f16498824} - G:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**ps://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {2AD9BACB-2264-4A41-A318-6F1BDE25A2A7} URL = h**p://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615} URL = h**p://slirsredirect.search.aol.com/slirs_h**p/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2AD9BACB-2264-4A41-A318-6F1BDE25A2A7} URL =
SearchScopes: HKCU - {D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615} URL =
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\YouDoNotHaveToKnow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
==================== Drivers (Whitelisted) ====================
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-23 00:15 - 2013-12-23 00:15 - 00010637 _____ C:\Users\YouDoNotHaveToKnow\Desktop\FRST.txt
2013-12-23 00:15 - 2013-12-23 00:15 - 00000000 ____D C:\FRST
2013-12-23 00:14 - 2013-12-23 00:14 - 01061231 _____ (Farbar) C:\Users\YouDoNotHaveToKnow\Desktop\FRST.exe
2013-12-23 00:14 - 2013-12-23 00:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 00:14 - 2013-12-23 00:14 - 00000000 _____ C:\Windows\setupact.log
2013-12-23 00:12 - 2013-12-23 00:12 - 00000488 _____ C:\Users\YouDoNotHaveToKnow\Desktop\defogger_disable.log
2013-12-23 00:12 - 2013-12-23 00:12 - 00000000 _____ C:\Users\YouDoNotHaveToKnow\defogger_reenable
2013-12-23 00:11 - 2013-12-23 00:11 - 00050477 _____ C:\Users\YouDoNotHaveToKnow\Desktop\Defogger.exe
2013-12-23 00:01 - 2013-12-23 00:08 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\Desktop\hjt
2013-12-22 23:25 - 2013-12-22 23:52 - 00001780 ____H C:\Users\YouDoNotHaveToKnow\Downloads\Documents\Default.rdp
2013-12-22 18:15 - 2013-12-22 18:15 - 00000596 _____ C:\Windows\PFRO.log
2013-12-22 16:45 - 2013-12-22 16:45 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 15:50 - 2013-12-22 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-22 15:50 - 2013-12-22 15:50 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-22 14:46 - 2013-12-22 14:47 - 04745728 _____ (AVAST Software) C:\Users\YouDoNotHaveToKnow\Desktop\aswMBR.exe
2013-12-21 19:44 - 2013-12-21 19:45 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Roaming\QuickScan
2013-12-21 19:35 - 2013-12-21 19:34 - 00054824 ____N (Agere Systems) C:\Windows\system32\agrsmdel.exe
2013-12-21 19:35 - 2013-12-21 19:34 - 00014336 ____N (Agere Systems) C:\Windows\system32\agrsco64.dll
2013-12-21 19:34 - 2013-12-21 19:34 - 00000000 ____D C:\Windows\Options
2013-12-16 21:52 - 2013-12-16 21:52 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Roaming\Malwarebytes
2013-12-16 21:52 - 2013-12-16 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 21:48 - 2013-12-22 18:16 - 00088592 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-12-11 03:17 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 03:17 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 03:17 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 03:17 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 03:17 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 03:17 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 03:17 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 03:17 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 03:17 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 03:17 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 03:17 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 03:17 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 03:17 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:17 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 03:17 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 03:17 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Windows\pss
2013-12-10 23:17 - 2013-12-22 18:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 22:56 - 2013-12-10 22:56 - 00000000 ____D C:\ProgramData\LightScribe
2013-12-10 22:41 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-10 22:41 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 22:41 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:41 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 22:41 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 22:41 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 22:41 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-10 22:41 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 22:41 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 22:41 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-10 22:41 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-10 22:41 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-10 22:41 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-10 22:41 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-10 22:41 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-10 22:41 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-10 22:41 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-10 22:41 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-10 22:41 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-10 22:41 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-10 22:41 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-10 22:41 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-10 22:41 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-10 22:41 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-10 22:41 - 2013-07-03 03:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-10 22:41 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-10 22:41 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-10 22:41 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-10 22:41 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-10 22:41 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-10 22:41 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-10 22:41 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-10 22:40 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 22:40 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-10 22:40 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-10 22:40 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-12-10 22:40 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-10 22:40 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-10 22:40 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-10 22:40 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-10 22:15 - 2013-12-10 22:15 - 00000510 ___SH C:\Windows\KLIF.spi
2013-12-10 21:43 - 2013-12-10 21:43 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Local\avgchrome
2013-12-10 21:36 - 2013-12-10 21:34 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-10 21:35 - 2013-12-10 21:34 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-10 21:35 - 2013-12-10 21:34 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-10 21:35 - 2013-12-10 21:34 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-10 21:34 - 2013-12-10 21:34 - 00000000 ____D C:\Program Files\Java
2013-12-10 21:32 - 2013-12-10 21:32 - 00002220 _____ C:\Users\YouDoNotHaveToKnow\Desktop\Programme und Funktionen - Verknüpfung.lnk
==================== One Month Modified Files and Folders =======
2013-12-23 00:15 - 2013-12-23 00:15 - 00010637 _____ C:\Users\YouDoNotHaveToKnow\Desktop\FRST.txt
2013-12-23 00:15 - 2013-12-23 00:15 - 00000000 ____D C:\FRST
2013-12-23 00:14 - 2013-12-23 00:14 - 01061231 _____ (Farbar) C:\Users\YouDoNotHaveToKnow\Desktop\FRST.exe
2013-12-23 00:14 - 2013-12-23 00:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 00:14 - 2013-12-23 00:14 - 00000000 _____ C:\Windows\setupact.log
2013-12-23 00:12 - 2013-12-23 00:12 - 00000488 _____ C:\Users\YouDoNotHaveToKnow\Desktop\defogger_disable.log
2013-12-23 00:12 - 2013-12-23 00:12 - 00000000 _____ C:\Users\YouDoNotHaveToKnow\defogger_reenable
2013-12-23 00:12 - 2010-10-23 20:45 - 00000000 ____D C:\Users\YouDoNotHaveToKnow
2013-12-23 00:11 - 2013-12-23 00:11 - 00050477 _____ C:\Users\YouDoNotHaveToKnow\Desktop\Defogger.exe
2013-12-23 00:08 - 2013-12-23 00:01 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\Desktop\hjt
2013-12-22 23:52 - 2013-12-22 23:25 - 00001780 ____H C:\Users\YouDoNotHaveToKnow\Downloads\Documents\Default.rdp
2013-12-22 23:40 - 2011-03-10 15:15 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 23:25 - 2010-10-23 20:20 - 01913749 _____ C:\Windows\WindowsUpdate.log
2013-12-22 23:25 - 2006-11-02 11:33 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 23:19 - 2011-03-10 15:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 23:19 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 23:19 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 23:19 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 18:19 - 2013-12-10 23:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 18:16 - 2013-12-16 21:48 - 00088592 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-12-22 18:15 - 2013-12-22 18:15 - 00000596 _____ C:\Windows\PFRO.log
2013-12-22 18:15 - 2006-11-02 13:47 - 00334560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-22 16:55 - 2006-11-02 14:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-22 16:50 - 2012-04-18 20:43 - 00000000 ____D C:\Windows\Minidump
2013-12-22 16:50 - 2008-07-08 14:16 - 00000000 ____D C:\Windows\panther
2013-12-22 16:45 - 2013-12-22 16:45 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 16:16 - 2013-12-22 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-22 15:50 - 2013-12-22 15:50 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-22 14:47 - 2013-12-22 14:46 - 04745728 _____ (AVAST Software) C:\Users\YouDoNotHaveToKnow\Desktop\aswMBR.exe
2013-12-21 20:53 - 2008-07-08 05:25 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-21 20:53 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-21 20:49 - 2011-03-10 15:15 - 00000000 ____D C:\Program Files\Google
2013-12-21 20:48 - 2008-07-08 04:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-21 20:47 - 2008-07-08 05:42 - 00000000 ____D C:\Program Files\CyberLink
2013-12-21 19:45 - 2013-12-21 19:44 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Roaming\QuickScan
2013-12-21 19:34 - 2013-12-21 19:35 - 00054824 ____N (Agere Systems) C:\Windows\system32\agrsmdel.exe
2013-12-21 19:34 - 2013-12-21 19:35 - 00014336 ____N (Agere Systems) C:\Windows\system32\agrsco64.dll
2013-12-21 19:34 - 2013-12-21 19:34 - 00000000 ____D C:\Windows\Options
2013-12-17 21:40 - 2008-07-08 04:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-12-17 21:34 - 2013-02-16 14:05 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\Downloads\Documents\Schaaatz♥
2013-12-17 21:25 - 2010-10-23 20:40 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-17 21:14 - 2013-05-06 17:51 - 00001807 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-17 06:18 - 2013-03-05 17:03 - 00000000 ____D C:\Windows\Festo USB Driver
2013-12-16 21:52 - 2013-12-16 21:52 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Roaming\Malwarebytes
2013-12-16 21:52 - 2013-12-16 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 21:40 - 2013-08-30 19:34 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 08:37 - 2011-03-10 15:19 - 00001923 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-11 04:25 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-12-11 04:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 04:05 - 2010-10-24 12:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-11 04:03 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 03:45 - 2008-07-08 05:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 23:27 - 2012-03-31 13:05 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Roaming\vlc
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Windows\pss
2013-12-10 23:19 - 2013-03-01 20:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 23:19 - 2013-03-01 20:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 22:56 - 2013-12-10 22:56 - 00000000 ____D C:\ProgramData\LightScribe
2013-12-10 22:50 - 2013-05-06 17:50 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-10 22:15 - 2013-12-10 22:15 - 00000510 ___SH C:\Windows\KLIF.spi
2013-12-10 21:43 - 2013-12-10 21:43 - 00000000 ____D C:\Users\YouDoNotHaveToKnow\AppData\Local\avgchrome
2013-12-10 21:34 - 2013-12-10 21:36 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-10 21:34 - 2013-12-10 21:35 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-10 21:34 - 2013-12-10 21:35 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-10 21:34 - 2013-12-10 21:35 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-10 21:34 - 2013-12-10 21:34 - 00000000 ____D C:\Program Files\Java
2013-12-10 21:32 - 2013-12-10 21:32 - 00002220 _____ C:\Users\YouDoNotHaveToKnow\Desktop\Programme und Funktionen - Verknüpfung.lnk
2013-12-09 11:37 - 2013-05-06 17:50 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-05-06 17:50 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 14:42 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
Some content of TEMP:
====================
C:\Users\YouDoNotHaveToKnow\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-22 23:26
==================== End Of Log ============================
--- --- --- addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by YouDoNotHaveToKnow at 2013-12-23 00:16:17
Running from C:\Users\YouDoNotHaveToKnow\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader 8.1.2 - Deutsch (Version: 8.1.2)
Adobe Shockwave Player (Version: 10.2.0.023)
Alarm für Cobra 11 - Das Syndikat
Atheros Driver Installation Program (Version: 5.0)
Avira Free Antivirus (Version: 14.0.2.286)
AVS Video Editor 6 (Version: 6.3.2.234)
CCleaner (Version: 4.09)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Cobra 11 - Highway Nights (remove only)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink YouCam (Version: 2.0.1616)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON-Drucker-Software
ESU for Microsoft Vista (Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Festo USB Driver (Version: 1.0)
FluidSIM 4.5b Pneumatik MecLab
Free YouTube to MP3 Converter version 3.12.2.426 (Version: 3.12.2.426)
FUSSBALL MANAGER 09
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
HP Active Support Library (Version: 3.1.4.1)
HP Doc Viewer (Version: 1.01.0005)
HP User Guides 0118 (Version: 1.00.0000)
HPNetworkAssistant (Version: 1.1.70)
Java 7 Update 45 (Version: 7.0.450)
LightScribe System Software 1.12.33.2 (Version: 1.12.33.2)
Media Go (Version: 2.0.317)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Need for Speed™ The Run (Version: 1.0.0.0)
NetWaiting (Version: 2.5.52)
NVIDIA Drivers (Version: 1.10)
PlayStation(R)Store (Version: 4.5.16.13625)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PVSonyDll (Version: 1.00.0001)
RarZilla Free Unrar (Version: 4.80)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
RollerCoaster Tycoon 2
Sony Ericsson Update Engine (Version: 2.11.11.21)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.1 (Version: 2.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Zahlenbuch 3
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0E72BF69-4FB5-4855-8233-6FDAF1F06F9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {109B5423-4899-40DC-BC8A-8900CE3648D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {1C701FCD-C67D-4F3A-991B-7D03A3CCE381} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D75B55D-1F62-4D90-8E74-1778FBDA3482} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {232286C7-7E5C-4E17-BDE4-E132410D75C5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {32FCBF64-EA82-40CD-877E-876AD1FE5D38} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {35F6EBBD-250C-4EE6-BC5E-1DD41A1115A6} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\WINDOWS\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {597EDF04-437E-47EE-95FD-07929B83AF83} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {7A7579AE-5CEC-481A-9729-55B289EA0C26} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {7FD91658-80CB-4618-90FD-D4C581630053} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()
Task: {AE85C443-FE1D-4E3B-B45C-50697E3ECB8B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {D19FEC0E-91B6-4D16-8B6A-495E05A64449} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F350198D-4682-4C7D-BAA0-03A9B20F455D} - System32\Tasks\Microsoft\Windows\RestartManager\{F030902E-E385-46dd-B9B5-7AC475B48F7B} => C:\WINDOWS\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-11 08:36 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-11 08:36 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-11 08:36 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-11 08:36 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-11 08:36 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2013 11:20:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 06:17:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 04:22:22 PM) (Source: Google Update) (User: YouDoNotHaveToKnow-PC)
Description: Network Request Error.
Error: 0x80072ee7. H**p status code: 0.
Url=h**ps://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinH**P.
Send request returned 0x80072ee7
Error: (12/22/2013 04:20:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:36:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:28:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:22:14 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung aswMBR.exe, Version 0.9.9.1771, Zeitstempel 0x5147644e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066609,
Prozess-ID 0x6dc, Anwendungsstartzeit aswMBR.exe0.
Error: (12/22/2013 03:17:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:16:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (12/22/2013 02:55:47 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung aswMBR.exe, Version 0.9.9.1771, Zeitstempel 0x5147644e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066609,
Prozess-ID 0x8d4, Anwendungsstartzeit aswMBR.exe0.
System errors:
=============
Error: (12/22/2013 11:24:42 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse 00234E37775B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/22/2013 11:20:30 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/22/2013 11:18:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 22.12.2013 um 18:43:31 unerwartet heruntergefahren.
Error: (12/22/2013 06:17:07 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/22/2013 04:20:51 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/22/2013 03:36:09 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/22/2013 03:34:33 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 22.12.2013 um 15:32:42 unerwartet heruntergefahren.
Error: (12/22/2013 03:28:54 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/22/2013 03:17:28 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (12/22/2013 03:17:28 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Microsoft Office Sessions:
=========================
Error: (12/22/2013 11:20:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 06:17:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 04:22:22 PM) (Source: Google Update)(User: YouDoNotHaveToKnow-PC)
Description: Network Request Error.
Error: 0x80072ee7. H**p status code: 0.
Url=h**ps://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying WinH**P.
Send request returned 0x80072ee7. H**p status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. H**p status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinH**P.
Send request returned 0x80072ee7
Error: (12/22/2013 04:20:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:36:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:28:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:22:14 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.0.6002.1888151da3e27c0000005000666096dc01ceff20a863e026
Error: (12/22/2013 03:17:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/22/2013 03:16:20 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (12/22/2013 02:55:47 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.0.6002.1888151da3e27c0000005000666098d401ceff1c5b05df28
CodeIntegrity Errors:
===================================
Date: 2013-12-17 00:12:48.231
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:47.822
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:47.410
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:47.008
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:46.583
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:46.179
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:45.572
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:45.169
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:44.758
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-17 00:12:44.355
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3068.45 MB
Available physical RAM: 1755.98 MB
Total Pagefile: 6375.1 MB
Available Pagefile: 4830.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.1 GB) (Free:221.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gmer.txt Code:
ATTFilter GMER 2.1.19163 - h**p://www.gmer.net
Rootkit scan 2013-12-23 01:28:35
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13 298,09GB
Running: gmer.exe; Driver: C:\Users\YouDoNotHaveToKnow\AppData\Local\Temp\axtyyfog.sys
---- System - GMER 2.1 ----
SSDT 9228A51E ZwCreateSection
SSDT 9228A528 ZwRequestWaitReplyPort
SSDT 9228A523 ZwSetContextThread
SSDT 9228A52D ZwSetSecurityObject
SSDT 9228A532 ZwSystemDebugControl
SSDT 9228A4BF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 840FC860 2 Bytes [1E, A5] {PUSH DS; MOVSD }
.text ntkrnlpa.exe!KeSetEvent + 218 840FC863 1 Byte [92]
.text ntkrnlpa.exe!KeSetEvent + 539 840FCB84 4 Bytes [28, A5, 28, 92]
.text ntkrnlpa.exe!KeSetEvent + 56D 840FCBB8 4 Bytes [23, A5, 28, 92]
.text ntkrnlpa.exe!KeSetEvent + 5D1 840FCC1C 4 Bytes [2D, A5, 28, 92]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA15F169D]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtCreateFile + 6 77AC426A 4 Bytes [28, 40, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtCreateFile + B 77AC426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtMapViewOfSection + 6 77AC49BA 4 Bytes [28, 43, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtMapViewOfSection + B 77AC49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenFile + 6 77AC4A4A 4 Bytes [68, 40, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenFile + B 77AC4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcess + 6 77AC4ACA 4 Bytes [A8, 41, FF, 00] {TEST AL, 0x41; INC DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcess + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessToken + B 77AC4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4AEA 4 Bytes [A8, 42, FF, 00] {TEST AL, 0x42; INC DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenProcessTokenEx + B 77AC4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThread + 6 77AC4B3A 4 Bytes [68, 41, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThread + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadToken + 6 77AC4B4A 4 Bytes [68, 42, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadToken + B 77AC4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryAttributesFile + 6 77AC4BEA 4 Bytes [A8, 40, FF, 00] {TEST AL, 0x40; INC DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryAttributesFile + B 77AC4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationFile + 6 77AC517A 4 Bytes [28, 41, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationFile + B 77AC517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationThread + 6 77AC51CA 4 Bytes [28, 42, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtSetInformationThread + B 77AC51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtUnmapViewOfSection + 6 77AC546A 4 Bytes [68, 43, FF, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!NtUnmapViewOfSection + B 77AC546F 1 Byte [E2]
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[1164] kernel32.dll!SetUnhandledExceptionFilter 76DEA8B5 5 Bytes JMP 5A127DBC C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll
.text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[1164] ole32.dll!OleLoadFromStream 76C91E80 5 Bytes JMP 5A64C706 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtCreateFile + 6 77AC426A 4 Bytes [28, 68, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtCreateFile + B 77AC426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtMapViewOfSection + 6 77AC49BA 4 Bytes [28, 6B, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtMapViewOfSection + B 77AC49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenFile + 6 77AC4A4A 4 Bytes [68, 68, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenFile + B 77AC4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenProcess + 6 77AC4ACA 4 Bytes [A8, 69, 08, 01] {TEST AL, 0x69; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenProcess + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenProcessToken + B 77AC4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4AEA 4 Bytes [A8, 6A, 08, 01] {TEST AL, 0x6a; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenProcessTokenEx + B 77AC4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenThread + 6 77AC4B3A 4 Bytes [68, 69, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenThread + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenThreadToken + 6 77AC4B4A 4 Bytes [68, 6A, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenThreadToken + B 77AC4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtQueryAttributesFile + 6 77AC4BEA 4 Bytes [A8, 68, 08, 01] {TEST AL, 0x68; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtQueryAttributesFile + B 77AC4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtSetInformationFile + 6 77AC517A 4 Bytes [28, 69, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtSetInformationFile + B 77AC517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtSetInformationThread + 6 77AC51CA 4 Bytes [28, 6A, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtSetInformationThread + B 77AC51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtUnmapViewOfSection + 6 77AC546A 4 Bytes [68, 6B, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352] ntdll.dll!NtUnmapViewOfSection + B 77AC546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 77AC426A 4 Bytes [28, B0, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 77AC426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 77AC49BA 4 Bytes [28, B3, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 77AC49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 77AC4A4A 4 Bytes [68, B0, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 77AC4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 77AC4ACA 4 Bytes [A8, B1, CD, 00] {TEST AL, 0xb1; INT 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 77AC4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4AEA 4 Bytes [A8, B2, CD, 00] {TEST AL, 0xb2; INT 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 77AC4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 77AC4B3A 4 Bytes [68, B1, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 77AC4B4A 4 Bytes [68, B2, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 77AC4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 77AC4BEA 4 Bytes [A8, B0, CD, 00] {TEST AL, 0xb0; INT 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 77AC4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 77AC517A 4 Bytes [28, B1, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 77AC517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 77AC51CA 4 Bytes [28, B2, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 77AC51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 77AC546A 4 Bytes [68, B3, CD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 77AC546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateFile + 6 77AC426A 4 Bytes [28, 8C, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateFile + B 77AC426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtMapViewOfSection + 6 77AC49BA 4 Bytes [28, 8F, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtMapViewOfSection + B 77AC49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenFile + 6 77AC4A4A 4 Bytes [68, 8C, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenFile + B 77AC4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcess + 6 77AC4ACA 4 Bytes [A8, 8D, 8D, 00] {TEST AL, 0x8d; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcess + B 77AC4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessToken + B 77AC4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessTokenEx + 6 77AC4AEA 4 Bytes [A8, 8E, 8D, 00] {TEST AL, 0x8e; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessTokenEx + B 77AC4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThread + 6 77AC4B3A 4 Bytes [68, 8D, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThread + B 77AC4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadToken + 6 77AC4B4A 4 Bytes [68, 8E, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadToken + B 77AC4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadTokenEx + B 77AC4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryAttributesFile + 6 77AC4BEA 4 Bytes [A8, 8C, 8D, 00] {TEST AL, 0x8c; LEA EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryAttributesFile + B 77AC4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryFullAttributesFile + B 77AC4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationFile + 6 77AC517A 4 Bytes [28, 8D, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationFile + B 77AC517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationThread + 6 77AC51CA 4 Bytes [28, 8E, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationThread + B 77AC51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtUnmapViewOfSection + 6 77AC546A 4 Bytes [68, 8F, 8D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtUnmapViewOfSection + B 77AC546F 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- EOF - GMER 2.1 ----
Vielen Dank im Voraus  GERADE EBEN kam ein Bluescreen, ohne dass was gemacht wurde!!! Es stand was von "kernel" und von "ataport.sys" da, falls euch das was hilft... |
|
23.12.2013, 07:53
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab... Hi,
__________________schau mal im Ordner C:\Windows\Minidump, dort müsste ein DMP File von dem Bluescreen liegen, bitte zippen und anhängen.
__________________ |
|
23.12.2013, 19:00
| #3 |
| | Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab... Hallo,
__________________vielen Dank zunächst, dass du dich meinem Problem annimmst und sorry, dass ich so spät antworte. Im Anhang findest du die Minidump-Dateien (waren 2 drin). Des Weiteren konnte ich heute Nach noch einen Schnappschuss vom Bluescreen machen, diesen habe ich auch angehängt. Danke & Gruß Padde86 |
|
24.12.2013, 10:42
| #4 |
| /// the machine /// TB-Ausbilder | Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab... Bite mal alle Treiber vom Board und der Festplatte erneuern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Vista: Laptop Compaq Presario CQ70 stürzt ohne erkennbaren Grund immer wieder ab... |
| adblock, antivir, antivirus, avira, browser, converter, device driver, downloader, excel, fehler, flash player, google, home, homepage, installation, mp3, ntdll.dll, plug-in, problem, programme und funktionen, registry, rundll, scan, security, starten, svchost.exe, system, trojaner, vista, windows |
Linear-Darstellung
