| |
| |||||||
Log-Analyse und Auswertung: Avast blockt verschiedene Seiten, svchost beteiligtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.03.2015, 13:54
| #1 |
 |  Avast blockt verschiedene Seiten, svchost beteiligt Hallo! Avast blockt immer wieder Seiten - auch ohne dass ein Browser offen ist bzw. die Seiten aufgerufen werden - und svchost wird dabei ebenfalls angezeigt. Es handelt sich dabei z.B. um die Seite blackled.info/* Eine Seite, die ich nie aufgerufen habe und die mir bisher unbekannt war. Das Ganze tritt nur auf, wenn ich als Administrator angemeldet bin (normalerweise bin ich mit einem eingeschränkten Benutzerkonto unterwegs). Ich habe bereits mit Avast einen Scan der Betriebssystem-Festplatte (WIN7) gemacht und es wurde nicht gefunden. Auch Malwarebytes Anti-Malware hat nichts gefunden (Log ebenfalls am Ende). Ich bin dann doch schnell mit meinem Latein am Ende und bräuchte Hilfe: Hier die Logs, die FRST ausgibt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Administrator (administrator) on KRAXI on 01-03-2015 13:15:04
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Standart & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Guillemot Corporation S.A.) C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(AVAST Software) C:\Program Files\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Almico Software (www.almico.com)) D:\Portable Programme\K10Stat\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Avast\ng\vbox\aswFe.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [CamserviceExchange] => C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe [3228968 2011-09-07] (Guillemot Corporation S.A.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] => C:\Windows\SuRun.exe [678912 2013-10-19] (hxxp://kay-bruns.de)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3658721051-4004364685-709729734-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\K10STAT.lnk
ShortcutTarget: K10STAT.lnk -> D:\Portable Programme\K10Stat\K10STAT.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Speedfan.lnk
ShortcutTarget: Speedfan.lnk -> D:\Portable Programme\K10Stat\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3658721051-4004364685-709729734-500 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3658721051-4004364685-709729734-500 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll [175616 2013-10-19] (hxxp://kay-bruns.de)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\searchplugins\yahoo-avast.xml
FF Extension: HTTPS-Everywhere - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\https-everywhere@eff.org [2014-11-08]
FF Extension: FoxLingo - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2014-06-01]
FF Extension: Disconnect - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\2.0@disconnect.me.xpi [2014-06-01]
FF Extension: Copy Plain Text 2 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\copyplaintext@teo.pl.xpi [2014-06-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-23]
FF Extension: Extended Copy Menu (fix version) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\extended.copy.menu@fix.version.xpi [2014-06-01]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\firefox1@myibay.com.xpi [2014-06-01]
FF Extension: Imgur Uploader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\giorgio@gilestro.tk.xpi [2014-06-01]
FF Extension: RequestPolicy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\requestpolicy@requestpolicy.com.xpi [2014-06-01]
FF Extension: Stylish - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-01-01]
FF Extension: NoScript - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-01]
FF Extension: BBCodeXtra - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2015-01-01]
FF Extension: RightToClick - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-06-01]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-01]
FF Extension: BetterPrivacy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-01]
FF Extension: Plain Text Links - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi [2014-06-01]
FF Extension: Download Manager Tweak - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2014-06-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Avast\WebRep\FF [2013-10-15]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-19] (Avast Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2013-10-13] (Microsoft Corporation)
R2 SuRunSVC; C:\Windows\SuRun.exe [678912 2013-10-19] (hxxp://kay-bruns.de) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-10-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R2 VBoxAswDrv; C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-19] (Avast Software)
S4 ALSysIO; \??\C:\Users\Admin.KRAXI\AppData\Local\Temp\ALSysIO.sys [X]
U3 Bonjour Service; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-01 13:15 - 2015-03-01 13:15 - 00014040 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-03-01 13:14 - 2015-03-01 13:14 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2015-03-01 13:14 - 2015-03-01 13:14 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-03-01 13:13 - 2015-03-01 13:13 - 01132032 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00000217 _____ () C:\Windows\system32\2015-03-01-12-13-52.024-aswFe.exe-5716.log
2015-03-01 13:13 - 2015-03-01 13:13 - 00000167 _____ () C:\Windows\system32\2015-03-01-12-13-48.096-AvastVBoxSVC.exe-2504.log
2015-03-01 10:32 - 2015-03-01 10:32 - 00000167 _____ () C:\Windows\system32\2015-03-01-09-32-14.098-AvastVBoxSVC.exe-2232.log
2015-02-28 18:38 - 2015-02-28 18:38 - 00000217 _____ () C:\Windows\system32\2015-02-28-17-38-47.093-aswFe.exe-5404.log
2015-02-28 18:34 - 2015-02-28 18:38 - 00000217 _____ () C:\Windows\system32\2015-02-28-17-34-12.097-aswFe.exe-5492.log
2015-02-28 18:34 - 2015-02-28 18:34 - 00000167 _____ () C:\Windows\system32\2015-02-28-17-34-09.053-AvastVBoxSVC.exe-4476.log
2015-02-28 11:06 - 2015-02-28 11:07 - 00000167 _____ () C:\Windows\system32\2015-02-28-10-06-36.060-AvastVBoxSVC.exe-2616.log
2015-02-28 08:23 - 2015-02-28 08:23 - 00000217 _____ () C:\Windows\system32\2015-02-28-07-23-35.070-aswFe.exe-6108.log
2015-02-28 08:18 - 2015-02-28 08:23 - 00000217 _____ () C:\Windows\system32\2015-02-28-07-18-10.011-aswFe.exe-3812.log
2015-02-28 08:18 - 2015-02-28 08:18 - 00000167 _____ () C:\Windows\system32\2015-02-28-07-18-08.003-AvastVBoxSVC.exe-4276.log
2015-02-27 19:44 - 2015-02-27 19:44 - 00000167 _____ () C:\Windows\system32\2015-02-27-18-44-18.066-AvastVBoxSVC.exe-2452.log
2015-02-27 17:16 - 2015-02-28 22:27 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\XnViewMP
2015-02-27 17:12 - 2015-02-27 17:12 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\XnConvert
2015-02-27 17:05 - 2015-02-27 17:06 - 00000167 _____ () C:\Windows\system32\2015-02-27-16-05-57.036-AvastVBoxSVC.exe-2412.log
2015-02-27 09:33 - 2015-02-27 09:33 - 00000167 _____ () C:\Windows\system32\2015-02-27-08-33-58.047-AvastVBoxSVC.exe-3732.log
2015-02-27 08:20 - 2015-02-27 08:20 - 00000167 _____ () C:\Windows\system32\2015-02-27-07-20-24.001-AvastVBoxSVC.exe-3524.log
2015-02-26 17:24 - 2015-02-26 17:24 - 00000167 _____ () C:\Windows\system32\2015-02-26-16-24-18.081-AvastVBoxSVC.exe-2616.log
2015-02-26 14:09 - 2015-02-26 14:09 - 00000167 _____ () C:\Windows\system32\2015-02-26-13-09-51.066-AvastVBoxSVC.exe-2416.log
2015-02-26 09:03 - 2015-02-26 09:03 - 00000217 _____ () C:\Windows\system32\2015-02-26-08-03-26.024-aswFe.exe-1776.log
2015-02-26 08:58 - 2015-02-26 09:03 - 00000217 _____ () C:\Windows\system32\2015-02-26-07-58-39.049-aswFe.exe-2576.log
2015-02-26 08:58 - 2015-02-26 08:58 - 00000167 _____ () C:\Windows\system32\2015-02-26-07-58-36.027-AvastVBoxSVC.exe-4032.log
2015-02-26 06:02 - 2015-02-26 06:03 - 00000167 _____ () C:\Windows\system32\2015-02-26-05-02-54.015-AvastVBoxSVC.exe-2752.log
2015-02-25 16:41 - 2015-02-25 16:41 - 00000167 _____ () C:\Windows\system32\2015-02-25-15-41-41.043-AvastVBoxSVC.exe-2476.log
2015-02-25 10:12 - 2015-02-25 10:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-25 08:58 - 2015-01-09 00:45 - 00419648 _____ () C:\Windows\system32\locale.nls
2015-02-25 08:54 - 2015-02-25 08:54 - 00000167 _____ () C:\Windows\system32\2015-02-25-07-54-49.067-AvastVBoxSVC.exe-2788.log
2015-02-24 09:21 - 2015-02-24 09:21 - 00000167 _____ () C:\Windows\system32\2015-02-24-08-21-39.044-AvastVBoxSVC.exe-2432.log
2015-02-23 08:57 - 2015-02-23 08:57 - 00000000 __HDC () C:\ProgramData\{68D9EB6A-D28F-437C-ACB3-C801259CFA2B}
2015-02-23 08:55 - 2015-02-23 08:55 - 00000000 __HDC () C:\ProgramData\{D4F46F7B-EA64-43A2-9BE5-84321CB4D190}
2015-02-23 08:54 - 2015-02-23 08:54 - 00000000 __HDC () C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}
2015-02-23 08:06 - 2015-02-23 08:06 - 00000167 _____ () C:\Windows\system32\2015-02-23-07-06-01.052-AvastVBoxSVC.exe-2672.log
2015-02-22 08:14 - 2015-02-22 08:14 - 00000167 _____ () C:\Windows\system32\2015-02-22-07-14-35.044-AvastVBoxSVC.exe-2636.log
2015-02-21 23:07 - 2015-02-21 23:07 - 00000167 _____ () C:\Windows\system32\2015-02-21-22-07-01.079-AvastVBoxSVC.exe-2556.log
2015-02-21 19:00 - 2015-02-25 15:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mp3tag
2015-02-21 10:15 - 2015-02-21 10:15 - 00000167 _____ () C:\Windows\system32\2015-02-21-09-15-16.064-AvastVBoxSVC.exe-2428.log
2015-02-20 20:35 - 2015-02-20 20:35 - 00000167 _____ () C:\Windows\system32\2015-02-20-19-35-43.041-AvastVBoxSVC.exe-2536.log
2015-02-20 14:38 - 2015-02-20 14:38 - 00000167 _____ () C:\Windows\system32\2015-02-20-13-38-22.066-AvastVBoxSVC.exe-2484.log
2015-02-20 11:04 - 2015-02-20 11:09 - 00000217 _____ () C:\Windows\system32\2015-02-20-10-04-37.038-aswFe.exe-5696.log
2015-02-19 21:13 - 2015-02-19 21:13 - 00000167 _____ () C:\Windows\system32\2015-02-19-20-13-17.047-AvastVBoxSVC.exe-2832.log
2015-02-19 17:14 - 2015-02-19 17:14 - 00000167 _____ () C:\Windows\system32\2015-02-19-16-14-24.036-AvastVBoxSVC.exe-2468.log
2015-02-19 09:30 - 2015-02-19 09:30 - 00000167 _____ () C:\Windows\system32\2015-02-19-08-30-00.060-AvastVBoxSVC.exe-2604.log
2015-02-18 19:59 - 2015-02-18 20:00 - 00000167 _____ () C:\Windows\system32\2015-02-18-18-59-55.076-AvastVBoxSVC.exe-2528.log
2015-02-18 14:46 - 2015-02-18 14:46 - 00000217 _____ () C:\Windows\system32\2015-02-18-13-46-29.036-aswFe.exe-724.log
2015-02-18 14:41 - 2015-02-18 14:46 - 00000217 _____ () C:\Windows\system32\2015-02-18-13-41-36.016-aswFe.exe-1088.log
2015-02-18 14:41 - 2015-02-18 14:41 - 00000167 _____ () C:\Windows\system32\2015-02-18-13-41-33.037-AvastVBoxSVC.exe-776.log
2015-02-18 09:39 - 2015-02-18 09:39 - 00000167 _____ () C:\Windows\system32\2015-02-18-08-39-13.065-AvastVBoxSVC.exe-2644.log
2015-02-17 18:24 - 2015-02-17 18:24 - 00000217 _____ () C:\Windows\system32\2015-02-17-17-24-51.000-aswFe.exe-1288.log
2015-02-17 18:20 - 2015-02-17 18:24 - 00000217 _____ () C:\Windows\system32\2015-02-17-17-20-07.018-aswFe.exe-3428.log
2015-02-17 18:20 - 2015-02-17 18:20 - 00000167 _____ () C:\Windows\system32\2015-02-17-17-20-04.085-AvastVBoxSVC.exe-3876.log
2015-02-17 12:07 - 2015-02-17 12:07 - 00000167 _____ () C:\Windows\system32\2015-02-17-11-07-23.043-AvastVBoxSVC.exe-2588.log
2015-02-17 08:50 - 2015-02-17 08:51 - 00000167 _____ () C:\Windows\system32\2015-02-17-07-50-58.083-AvastVBoxSVC.exe-2784.log
2015-02-16 08:41 - 2015-02-16 08:41 - 00000167 _____ () C:\Windows\system32\2015-02-16-07-41-01.064-AvastVBoxSVC.exe-2412.log
2015-02-15 21:36 - 2015-02-15 21:37 - 00000167 _____ () C:\Windows\system32\2015-02-15-20-36-40.001-AvastVBoxSVC.exe-2552.log
2015-02-15 15:01 - 2015-02-15 15:01 - 00000167 _____ () C:\Windows\system32\2015-02-15-14-01-41.006-AvastVBoxSVC.exe-2532.log
2015-02-15 13:53 - 2015-02-15 13:53 - 00000167 _____ () C:\Windows\system32\2015-02-15-12-53-26.012-AvastVBoxSVC.exe-2508.log
2015-02-14 22:27 - 2015-02-14 22:28 - 00000167 _____ () C:\Windows\system32\2015-02-14-21-27-46.039-AvastVBoxSVC.exe-2532.log
2015-02-14 08:34 - 2015-02-14 08:35 - 00000167 _____ () C:\Windows\system32\2015-02-14-07-34-58.041-AvastVBoxSVC.exe-2552.log
2015-02-13 09:34 - 2015-02-13 09:34 - 00000167 _____ () C:\Windows\system32\2015-02-13-08-34-19.039-AvastVBoxSVC.exe-2428.log
2015-02-12 21:25 - 2015-02-12 21:25 - 00000217 _____ () C:\Windows\system32\2015-02-12-20-25-43.097-aswFe.exe-2492.log
2015-02-12 21:20 - 2015-02-12 21:25 - 00000217 _____ () C:\Windows\system32\2015-02-12-20-20-15.063-aswFe.exe-3384.log
2015-02-12 21:20 - 2015-02-12 21:20 - 00000167 _____ () C:\Windows\system32\2015-02-12-20-20-10.037-AvastVBoxSVC.exe-3132.log
2015-02-12 19:17 - 2015-02-12 19:17 - 00000167 _____ () C:\Windows\system32\2015-02-12-18-17-47.057-AvastVBoxSVC.exe-2652.log
2015-02-12 15:27 - 2015-02-12 15:27 - 00000167 _____ () C:\Windows\system32\2015-02-12-14-27-38.042-AvastVBoxSVC.exe-2336.log
2015-02-12 07:07 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:07 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 06:58 - 2015-02-12 06:58 - 00000167 _____ () C:\Windows\system32\2015-02-12-05-58-44.061-AvastVBoxSVC.exe-2576.log
2015-02-11 20:22 - 2015-02-11 20:22 - 00000167 _____ () C:\Windows\system32\2015-02-11-19-22-27.064-AvastVBoxSVC.exe-2436.log
2015-02-11 17:53 - 2015-02-11 17:53 - 00000167 _____ () C:\Windows\system32\2015-02-11-16-53-25.052-AvastVBoxSVC.exe-2156.log
2015-02-11 16:12 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 16:12 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 16:12 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 15:28 - 2015-02-11 15:29 - 00000167 _____ () C:\Windows\system32\2015-02-11-14-28-48.088-AvastVBoxSVC.exe-2544.log
2015-02-11 10:55 - 2015-02-11 10:55 - 00000167 _____ () C:\Windows\system32\2015-02-11-09-55-39.029-AvastVBoxSVC.exe-2232.log
2015-02-11 09:05 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:05 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:05 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:05 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:05 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:05 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:05 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:05 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:05 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-11 09:03 - 2015-01-13 03:49 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:03 - 2015-01-09 02:52 - 02388992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:02 - 2015-01-15 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-01-15 09:09 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:02 - 2015-01-15 09:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:02 - 2015-01-15 05:22 - 00369976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-01-14 07:25 - 03977656 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 09:02 - 2015-01-14 07:25 - 03921848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:02 - 2014-12-12 06:38 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2014-12-08 04:03 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:02 - 2014-10-30 03:14 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:00 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:00 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:00 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:00 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:54 - 2015-02-11 08:54 - 00000167 _____ () C:\Windows\system32\2015-02-11-07-54-48.017-AvastVBoxSVC.exe-3512.log
2015-02-10 21:40 - 2015-02-10 21:40 - 00000217 _____ () C:\Windows\system32\2015-02-10-20-40-18.087-aswFe.exe-5832.log
2015-02-10 21:35 - 2015-02-10 21:40 - 00000217 _____ () C:\Windows\system32\2015-02-10-20-35-29.069-aswFe.exe-5856.log
2015-02-10 21:35 - 2015-02-10 21:35 - 00000167 _____ () C:\Windows\system32\2015-02-10-20-35-24.082-AvastVBoxSVC.exe-2032.log
2015-02-10 13:30 - 2015-02-10 13:30 - 00000167 _____ () C:\Windows\system32\2015-02-10-12-30-13.073-AvastVBoxSVC.exe-2468.log
2015-02-10 11:01 - 2015-02-10 11:01 - 00000167 _____ () C:\Windows\system32\2015-02-10-10-01-43.011-AvastVBoxSVC.exe-2424.log
2015-02-10 09:30 - 2015-02-10 09:30 - 00000167 _____ () C:\Windows\system32\2015-02-10-08-30-34.068-AvastVBoxSVC.exe-2464.log
2015-02-09 19:58 - 2015-02-09 19:58 - 00000167 _____ () C:\Windows\system32\2015-02-09-18-58-24.060-AvastVBoxSVC.exe-2456.log
2015-02-09 14:45 - 2015-02-09 14:45 - 00000167 _____ () C:\Windows\system32\2015-02-09-13-45-47.051-AvastVBoxSVC.exe-2364.log
2015-02-09 09:51 - 2015-02-09 09:51 - 00000167 _____ () C:\Windows\system32\2015-02-09-08-51-38.080-AvastVBoxSVC.exe-2328.log
2015-02-08 20:17 - 2015-02-08 20:17 - 00000167 _____ () C:\Windows\system32\2015-02-08-19-17-34.070-AvastVBoxSVC.exe-2248.log
2015-02-08 14:44 - 2015-02-08 14:44 - 00000167 _____ () C:\Windows\system32\2015-02-08-13-44-08.026-AvastVBoxSVC.exe-2396.log
2015-02-08 09:17 - 2015-02-08 09:17 - 00000167 _____ () C:\Windows\system32\2015-02-08-08-17-42.073-AvastVBoxSVC.exe-2568.log
2015-02-07 22:36 - 2015-02-07 22:37 - 00000167 _____ () C:\Windows\system32\2015-02-07-21-36-15.035-AvastVBoxSVC.exe-2512.log
2015-02-07 18:13 - 2015-02-07 18:13 - 00000167 _____ () C:\Windows\system32\2015-02-07-17-13-25.075-AvastVBoxSVC.exe-2488.log
2015-02-07 17:09 - 2015-02-07 17:10 - 00000167 _____ () C:\Windows\system32\2015-02-07-16-09-55.036-AvastVBoxSVC.exe-2376.log
2015-02-07 14:06 - 2015-02-07 14:06 - 00000167 _____ () C:\Windows\system32\2015-02-07-13-06-05.063-AvastVBoxSVC.exe-2536.log
2015-02-07 13:14 - 2015-02-07 13:14 - 00000167 _____ () C:\Windows\system32\2015-02-07-12-14-16.000-AvastVBoxSVC.exe-2544.log
2015-02-07 12:09 - 2015-02-07 12:09 - 00000167 _____ () C:\Windows\system32\2015-02-07-11-09-12.059-AvastVBoxSVC.exe-2588.log
2015-02-07 10:07 - 2015-02-07 10:07 - 00000167 _____ () C:\Windows\system32\2015-02-07-09-07-27.017-AvastVBoxSVC.exe-2528.log
2015-02-06 18:31 - 2015-02-06 18:31 - 00000167 _____ () C:\Windows\system32\2015-02-06-17-31-04.069-AvastVBoxSVC.exe-2576.log
2015-02-06 13:52 - 2015-02-06 13:52 - 00000167 _____ () C:\Windows\system32\2015-02-06-12-52-42.026-AvastVBoxSVC.exe-2572.log
2015-02-06 08:02 - 2015-02-06 08:02 - 00000167 _____ () C:\Windows\system32\2015-02-06-07-02-19.006-AvastVBoxSVC.exe-2536.log
2015-02-05 16:31 - 2015-02-05 16:31 - 00000167 _____ () C:\Windows\system32\2015-02-05-15-31-06.099-AvastVBoxSVC.exe-2548.log
2015-02-05 13:38 - 2015-02-05 13:39 - 00000167 _____ () C:\Windows\system32\2015-02-05-12-38-33.053-AvastVBoxSVC.exe-3096.log
2015-02-05 08:45 - 2015-02-05 08:45 - 00000167 _____ () C:\Windows\system32\2015-02-05-07-45-16.039-AvastVBoxSVC.exe-2384.log
2015-02-04 18:05 - 2015-02-04 18:05 - 00000167 _____ () C:\Windows\system32\2015-02-04-17-05-07.024-AvastVBoxSVC.exe-2824.log
2015-02-04 14:24 - 2015-02-04 14:24 - 00000167 _____ () C:\Windows\system32\2015-02-04-13-24-03.001-AvastVBoxSVC.exe-2624.log
2015-02-04 12:06 - 2015-02-04 12:06 - 00000167 _____ () C:\Windows\system32\2015-02-04-11-06-32.051-AvastVBoxSVC.exe-976.log
2015-02-04 08:13 - 2015-02-04 08:13 - 00000167 _____ () C:\Windows\system32\2015-02-04-07-13-31.045-AvastVBoxSVC.exe-2548.log
2015-02-03 20:30 - 2015-02-03 20:30 - 00000167 _____ () C:\Windows\system32\2015-02-03-19-30-07.064-AvastVBoxSVC.exe-2512.log
2015-02-03 13:57 - 2015-02-03 13:57 - 00000167 _____ () C:\Windows\system32\2015-02-03-12-57-18.013-AvastVBoxSVC.exe-2556.log
2015-02-03 12:59 - 2015-02-03 12:59 - 00000167 _____ () C:\Windows\system32\2015-02-03-11-59-37.071-AvastVBoxSVC.exe-2488.log
2015-02-03 09:17 - 2015-02-03 09:18 - 00000167 _____ () C:\Windows\system32\2015-02-03-08-17-55.005-AvastVBoxSVC.exe-2544.log
2015-02-02 19:16 - 2015-02-02 19:16 - 00000167 _____ () C:\Windows\system32\2015-02-02-18-16-04.014-AvastVBoxSVC.exe-2528.log
2015-02-02 09:06 - 2015-02-02 09:06 - 00000167 _____ () C:\Windows\system32\2015-02-02-08-06-02.045-AvastVBoxSVC.exe-2408.log
2015-02-01 16:40 - 2015-02-01 16:40 - 00000167 _____ () C:\Windows\system32\2015-02-01-15-40-48.079-AvastVBoxSVC.exe-2552.log
2015-02-01 11:19 - 2015-02-01 11:19 - 00000167 _____ () C:\Windows\system32\2015-02-01-10-19-47.097-AvastVBoxSVC.exe-2464.log
2015-01-31 18:42 - 2015-01-31 18:42 - 00000167 _____ () C:\Windows\system32\2015-01-31-17-42-10.038-AvastVBoxSVC.exe-2484.log
2015-01-31 15:56 - 2015-01-31 15:56 - 00000167 _____ () C:\Windows\system32\2015-01-31-14-56-42.071-AvastVBoxSVC.exe-2576.log
2015-01-31 15:00 - 2015-01-31 15:00 - 00000167 _____ () C:\Windows\system32\2015-01-31-14-00-50.072-AvastVBoxSVC.exe-2336.log
2015-01-31 10:51 - 2015-01-31 10:52 - 00000167 _____ () C:\Windows\system32\2015-01-31-09-51-59.086-AvastVBoxSVC.exe-2264.log
2015-01-30 19:22 - 2015-01-30 19:22 - 00000167 _____ () C:\Windows\system32\2015-01-30-18-22-12.055-AvastVBoxSVC.exe-2656.log
2015-01-30 14:59 - 2015-01-30 15:00 - 00000167 _____ () C:\Windows\system32\2015-01-30-13-59-54.039-AvastVBoxSVC.exe-2796.log
2015-01-30 11:45 - 2015-01-30 11:45 - 00000167 _____ () C:\Windows\system32\2015-01-30-10-45-39.008-AvastVBoxSVC.exe-2292.log
2015-01-30 09:07 - 2015-01-30 09:07 - 00000167 _____ () C:\Windows\system32\2015-01-30-08-07-53.048-AvastVBoxSVC.exe-2372.log
2015-01-30 07:07 - 2015-01-30 07:07 - 00000167 _____ () C:\Windows\system32\2015-01-30-06-07-39.050-AvastVBoxSVC.exe-2684.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-01 13:15 - 2015-01-01 10:46 - 00000000 ____D () C:\FRST
2015-03-01 13:14 - 2013-10-14 18:04 - 00000000 ____D () C:\Users\Administrator
2015-03-01 13:14 - 2009-07-14 05:34 - 00030880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 13:14 - 2009-07-14 05:34 - 00030880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 13:10 - 2013-10-14 17:34 - 01834421 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 13:05 - 2013-10-15 21:11 - 00000000 ____D () C:\Temp
2015-03-01 13:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 19:11 - 2013-10-18 19:13 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\uTorrent
2015-02-28 09:09 - 2014-10-04 11:33 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\Mp3tag
2015-02-25 16:42 - 2013-10-19 11:06 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Local\CrashDumps
2015-02-25 16:39 - 2014-06-01 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-24 10:26 - 2013-10-16 13:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-02-23 16:40 - 2015-01-01 09:52 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 08:53 - 2013-10-14 17:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-22 14:30 - 2013-10-15 22:18 - 00000000 ____D () C:\Users\Administrator\.VirtualBox
2015-02-21 23:12 - 2014-10-01 18:15 - 00000000 ____D () C:\Program Files\QNAP
2015-02-21 23:04 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 09:18 - 1899-12-30 01:00 - 00000000 ___RD () C:\Users\Administrator\Desktop\Arbeitsordner
2015-02-12 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-11 10:53 - 2009-07-14 05:33 - 00269664 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 09:38 - 2014-12-10 16:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 09:38 - 2014-04-23 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 09:14 - 2013-10-14 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 09:08 - 2013-10-15 11:23 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 09:04 - 2013-10-14 17:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:04 - 2013-10-14 17:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 15:39 - 2013-10-17 17:45 - 00000000 ___RD () C:\Users\Admin.KRAXI\Desktop\Arbeitsordner
==================== Files in the root of some directories =======
2013-10-14 19:08 - 2005-12-09 03:52 - 0000060 ____R () C:\Program Files\BRINST.INI
2013-10-27 12:46 - 2013-10-27 12:46 - 0007633 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-10-14 18:31 - 2013-10-14 18:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Admin.KRAXI\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 21:51
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Administrator at 2015-03-01 13:15:42
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µtorrent 3.0.0 (build 25422) Leecher Pack (HKLM\...\µtorrent 3.0.0 (build 25422) Leecher Pack by seba14_is1) (Version: - seba14)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.0 - Sereby Corporation)
AMD Catalyst Install Manager (HKLM\...\{5C085A19-B4A1-6686-0103-E9E6F7B2831A}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Brother Driver Deployment Wizard (HKLM\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite DCP-195C (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Default Programs Editor (HKLM\...\Default Programs Editor) (Version: 2.7.2675.2253 - factormystic.net)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
Dualpix Exchange (HKLM\...\{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}) (Version: 4.0.2.1 - Hercules)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.)
Hercules Webcam Station Evolution SE (HKLM\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 3.2.2.1 - Hercules)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
M-Audio FireWire 6.0.4 (x86) (HKLM\...\{CF9FEB7B-3BBF-47D6-801B-09530B7DA7CA}) (Version: 6.0.4 - M-Audio)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version: - Microsoft Corporation)
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3-Info extension V3.4.23 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.23 - Michael Mutschler)
Mp3tag v2.66 (HKLM\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 1.4.0dev2_win_20141219105800 - MusicBrainz)
Oracle VM VirtualBox 4.2.18 (HKLM\...\{2C00465A-EA83-4D9B-9482-9180FBEBD4AC}) (Version: 4.2.18 - Oracle Corporation)
QNAP Qfinder (HKLM\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Super User Run (SuRun) (HKLM\...\SuRun) (Version: 1.2.1.0 - Kay Bruns)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3658721051-4004364685-709729734-500_Classes\CLSID\{6D68FD0E-A1D4-67DA-F02A-E60DD72474B6}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2DEB7EB8-F744-45DC-9809-1ECA206E5584} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {31AA4E9C-8A7D-4CC8-BD24-09A5973B0558} - System32\Tasks\{5D562E85-38F0-46DC-AC54-EBF248A2517F} => pcalua.exe -a "H:\WaveLab LE 7 for Windows\Setup.exe" -d "H:\WaveLab LE 7 for Windows"
Task: {67705D0E-6E0F-4ADA-ABB7-AD9D3F8A9A66} - System32\Tasks\K10Stat Autostart => D:\Portable Programme\K10Stat\K10STAT.exe [2011-08-06] ()
Task: {7C6C99B4-0EBF-47AB-8325-46AEDAE223EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ACFD7EC4-0390-40B9-926C-01AD056ABCDA} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: {E3AF7CB3-9AB9-4CD5-BCC9-9777EDD37DF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2015-02-28 22:25 - 2015-02-28 22:25 - 02913792 _____ () C:\Program Files\Avast\defs\15022801\algo.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 02151544 _____ () C:\Program Files\Avast\ng\vbox\VBoxVMM.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00021488 _____ () C:\Program Files\Avast\ng\vbox\VBoxREM.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 04474224 _____ () C:\Program Files\Avast\ng\vbox\VBoxRT.dll
2015-03-01 13:08 - 2015-03-01 13:08 - 02913792 _____ () C:\Program Files\Avast\defs\15030100\algo.dll
2013-10-14 19:26 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2013-11-04 16:03 - 2009-03-13 15:33 - 00593920 _____ () C:\Program Files\Hercules\Dualpix Exchange\highgui110.dll
2013-11-04 16:03 - 2009-03-13 15:32 - 00958464 _____ () C:\Program Files\Hercules\Dualpix Exchange\cxcore110.dll
2013-11-04 16:03 - 2009-03-13 15:33 - 00876544 _____ () C:\Program Files\Hercules\Dualpix Exchange\cv110.dll
2010-07-04 20:51 - 2010-07-04 20:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-11-19 20:44 - 2014-11-19 20:44 - 38562088 _____ () C:\Program Files\Avast\libcef.dll
2015-03-01 13:08 - 2015-03-01 13:08 - 00158720 _____ () C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
2013-10-15 17:41 - 2015-03-01 13:08 - 00192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00317632 _____ () C:\Program Files\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00028712 _____ () C:\Program Files\Avast\ng\vbox\VBoxSharedClipboard.DLL
2014-11-19 20:44 - 2014-11-19 20:44 - 00042616 _____ () C:\Program Files\Avast\ng\vbox\VBoxDragAndDropSvc.DLL
2014-11-19 20:44 - 2014-11-19 20:44 - 00040056 _____ () C:\Program Files\Avast\ng\vbox\VBoxGuestControlSvc.DLL
2014-11-19 20:44 - 2014-11-19 20:44 - 01129784 _____ () C:\Program Files\Avast\ng\vbox\VBoxREM64.DLL
2014-11-19 20:44 - 2014-11-19 20:44 - 01274448 _____ () C:\Program Files\Avast\ng\vbox\VBoxDD.DLL
2014-11-19 20:44 - 2014-11-19 20:44 - 00198152 _____ () C:\Program Files\Avast\ng\vbox\VBoxDD2.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00037984 _____ () C:\Program Files\Avast\ng\vbox\VBoxSharedFolders.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\MAFWTray.exe
==================== Accounts: =============================
Administrator (S-1-5-21-3658721051-4004364685-709729734-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3658721051-4004364685-709729734-501 - Limited - Disabled)
Standart (S-1-5-21-3658721051-4004364685-709729734-1002 - Limited - Enabled) => C:\Users\Admin.KRAXI
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2015 03:58:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm TagRename.exe, Version 3.8.1.41 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1324
Startzeit: 01d04f6573daaae6
Endzeit: 131
Anwendungspfad: D:\Portable Programme\TagRename 3.81\TagRename.exe
Berichts-ID: 6cdf6817-bb6c-11e4-ab04-40618667f7ca
Error: (02/22/2015 08:12:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/21/2015 11:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/21/2015 10:13:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 08:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 10:54:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 09:12:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 05:12:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/01/2015 01:06:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/01/2015 10:30:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/28/2015 06:23:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/28/2015 11:05:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/28/2015 08:07:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/27/2015 07:42:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/27/2015 05:03:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/27/2015 09:30:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/27/2015 08:17:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/26/2015 05:22:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (02/23/2015 03:58:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TagRename.exe3.8.1.41132401d04f6573daaae6131D:\Portable Programme\TagRename 3.81\TagRename.exe6cdf6817-bb6c-11e4-ab04-40618667f7ca
Error: (02/22/2015 08:12:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/21/2015 11:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/21/2015 10:13:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 08:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 02:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/20/2015 10:54:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 09:12:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/19/2015 05:12:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 54%
Total physical RAM: 3327.18 MB
Available physical RAM: 1519.9 MB
Total Pagefile: 6652.66 MB
Available Pagefile: 4649.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.6 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:78.03 GB) (Free:52.42 GB) NTFS
Drive d: (Temp) (Fixed) (Total:219.96 GB) (Free:164.7 GB) NTFS
Drive e: (Privat) (Fixed) (Total:48.83 GB) (Free:15.41 GB) NTFS
Drive f: (Musik) (Fixed) (Total:833.84 GB) (Free:832.61 GB) NTFS
Drive g: (Software) (Fixed) (Total:48.83 GB) (Free:23.3 GB) NTFS
Drive x: () (Network) (Total:1374.26 GB) (Free:580.2 GB)
Drive z: () (Network) (Total:1374.26 GB) (Free:580.2 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D9D0D9D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Hier der Log von GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-01 13:52:05
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AVVS-63L2B0 rev.01.03A01 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Administrator\AppData\Local\Temp\pgddqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90C50AC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x90D0C0BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90C515A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90C5D63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90C5D688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90C5D822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90C5D5AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90D0C494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90C5D5F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90D0C724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90D0C80E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90C5D7DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90C52390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90C50B2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90C55B86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x90C50716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90D0C574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90C50B90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90C55F7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90C52E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90C5D666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90C5D6AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90C5D846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90C5D5D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90C5547E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90C5D75A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90C5D61A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90C5586A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90C5D800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90D0C312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90C52CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90C529FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90C50BF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90C50C5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90D0C670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90C507B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90C50982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90C50910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90C5255A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90C526BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90C50A0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90D0C3E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90C521EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90C50CC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90D0C244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestPort + 14A9 82C3DE65 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77812 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C7EA30 4 Bytes [C4, 0A, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C7EA58 4 Bytes [BA, C0, D0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C7EAB8 4 Bytes [A2, 15, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C7EB0C 8 Bytes [3C, D6, C5, 90, 88, D6, C5, ...] {CMP AL, 0xd6; LDS EDX, [EAX-0x6f3a2978]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C7EB18 4 Bytes [22, D8, C5, 90]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E3A9BF 4 Bytes CALL 90C5355F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E54748 4 Bytes CALL 90C53575 \SystemRoot\system32\drivers\aswSnx.sys
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A06000, 0x3C8045, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtCreateFile 772555E8 5 Bytes JMP 5DEB43A3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtFlushBuffersFile 77255978 5 Bytes JMP 5DEB40E3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtQueryFullAttributesFile 77256008 5 Bytes JMP 5DEB421B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtReadFile 772562D8 5 Bytes JMP 5DEB411D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtReadFileScatter 772562E8 5 Bytes JMP 5E1CD260 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtWriteFile 77256A88 5 Bytes JMP 5DEB4547 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!NtWriteFileGather 77256A98 5 Bytes JMP 5E1CD2B0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!LdrUnloadDll 7726C8EE 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!LdrLoadDll 772722BE 5 Bytes JMP 698C9662 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 76FB94E6 7 Bytes JMP 5E1B8526 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] KERNEL32.dll!QueryPerformanceCounter + 13 76FBC4F5 7 Bytes JMP 5E1B9C50 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] KERNEL32.dll!LoadAppInitDlls + 355 76FBF5B6 7 Bytes JMP 5DF61F21 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] user32.dll!GetWindowInfo 76744B2E 5 Bytes JMP 5EC499FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1264] GDI32.dll!GetViewportOrgEx + 26C 773D884B 7 Bytes JMP 5E1B6CFC C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Avast\AvastSvc.exe[1548] kernel32.dll!SetUnhandledExceptionFilter 76FBF5BB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\Avast\avastui.exe[2292] kernel32.dll!SetUnhandledExceptionFilter 76FBF5BB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Windows\Explorer.EXE[2344] SHELL32.dll!SHFileOperationW 75B396EC 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
---- EOF - GMER 2.1 ----
Malware-Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.02.2015 Suchlauf-Zeit: 16:42:00 Logdatei: Malware23.2.15.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.23.04 Rootkit Datenbank: v2015.02.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 626542 Verstrichene Zeit: 1 Std, 37 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
01.03.2015, 14:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast blockt verschiedene Seiten, svchost beteiligt Hi,
__________________Zitat:
 damit kannst du deine Hardware nicht vollständig ausreizen - hat zwar so nix mit deinem Problem zu tun, ich wollte aber schon drauf hinweisen. Leider kann man nicht zwischen den Editionen hin und herwechseln, es muss immer ne Neuinstallation her 
__________________ |
|
01.03.2015, 23:11
| #3 |
| | Avast blockt verschiedene Seiten, svchost beteiligt Tja
__________________ ich habe mich vor dem Wechsel von 32bit auf 64bit bisher immer noch gescheut, da ich mitbekommen habe, dass nicht so viel Software 32bit-fähig ist und ich ev. so einige Programme dann nicht mehr benutzen könnte (vielleicht sind es inzwischen Vorurteile?).Ansonsten ist die Hardware eigentlich auch schon 3-5 Jahre alt und ich bezweifel, dass ich sie mit meinen stinknormalen Nutzer-Gewohnheiten wirklich ausreize (und ausreizen muss). Gegen mehr an Komfort und Schnelligkeit und Sicherheit will ich mich aber natürlich auch nicht wehren  Da es aktuell gerade eine Meldung von Avast gab, gebe ich dir hier mal genau wieder: Infektion blockiert. Infektionsdetails: URL: hxxp://reddie.net/3333/SegmentProlonger_1422755360720403.dll Infektion: URL:Mal Process: C:\Windows\system32\svchost.exe Und als weitere Ergänzung: Infektion blockiert. Infektionsdetails: URL: hxxp://blackled.info/3333/LibrarySystem_142275478724102.dll Infektion: URL:Mal Process: C:\Windows\system32\svchost.exe und ergänzend noch Eset Online Scan Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4cdeebb1f896a5409e3147b962b5d983
# engine=22704
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 10:09:07
# local_time=2015-03-01 11:09:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 224694 176878938 0 0
# scanned=152779
# found=1
# cleaned=0
# scan_time=3429
sh=B318B551AE9907E449D1470EA02499EFD90168E4 ft=1 fh=09b1bc953fa364d0 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Free mp3 Wma Converter\Uninstall.exe"
|
|
01.03.2015, 23:32
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligtZitat:
Selbst deutlich ältere Hardware war schon 64-bit-fähig (amd64, selbst mein alter Sempron von 2005 konnte das). Der größte Nachteil ist, dass du bei nem 32-Bit-Windows niemals vollständig 4 GiB und mehr RAM nutzen kannst: Zitat:
Nun solltest du entscheiden was sinnvoller ist. Ein auf alter 32-Bit-Technik basierendes aber aktuelles Windows hinbiegen oder ne Neuinstallation eines 64-Bit-Windows.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.03.2015, 09:06
| #5 |
| | Avast blockt verschiedene Seiten, svchost beteiligt Ich für alle 1-2 Jahre eine Neuinstallation durch - da mein System aber erst mal noch gut läuft und der Aufwand doch immer recht groß ist, will ich das erst Mal so lassen. Das kommt bei der nächsten Neuinstallation mit auf die Liste. Bei einem Scan mit aswMBR hängt sich das Programm immer bei C:\Users\Administrator auf ... hmm und zum Schluss noch Mal die Log-Files von OTL: Code:
ATTFilter OTL logfile created on: 02.03.2015 08:41:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free 6,50 Gb Paging File | 4,88 Gb Available in Paging File | 75,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,03 Gb Total Space | 52,19 Gb Free Space | 66,89% Space Free | Partition Type: NTFS Drive D: | 219,96 Gb Total Space | 164,69 Gb Free Space | 74,87% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 15,41 Gb Free Space | 31,55% Space Free | Partition Type: NTFS Drive F: | 833,84 Gb Total Space | 832,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 23,30 Gb Free Space | 47,72% Space Free | Partition Type: NTFS Drive X: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Drive Z: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Computer Name: KRAXI | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avast\avastui.exe (AVAST Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software) PRC - C:\Windows\SuRun.exe (hxxp://kay-bruns.de) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - D:\Portable Programme\K10Stat\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe (Guillemot Corporation S.A.) PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Program Files\Avast\libcef.dll () MOD - C:\Program Files\Unlocker\UnlockerCOM.dll () MOD - C:\Program Files\Unlocker\UnlockerHook.dll () MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe () MOD - C:\Program Files\Hercules\Dualpix Exchange\highgui110.dll () MOD - C:\Program Files\Hercules\Dualpix Exchange\cv110.dll () MOD - C:\Program Files\Hercules\Dualpix Exchange\cxcore110.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Program Files\Avast\AvastSvc.exe (AVAST Software) SRV - (AvastVBoxSvc) -- C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software) SRV - (SuRunSVC) -- C:\Windows\SuRun.exe (hxxp://kay-bruns.de) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswMBR) -- C:\Users\Administrator\AppData\Local\Temp\aswMBR.sys File not found DRV - (ALSysIO) -- C:\Users\Admin.KRAXI\AppData\Local\Temp\ALSysIO.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswsnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswStm) -- C:\Windows\System32\drivers\aswstm.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys () DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (VBoxAswDrv) -- C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys (Avast Software) DRV - (ampa) -- C:\Windows\System32\ampa.sys () DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys () DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11} IE - HKU\.DEFAULT\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11} IE - HKU\S-1-5-18\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11} IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.highlightCount: 0 FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:newtab" FF - prefs.js..extensions.enabledAddons: %7Baf79f858-4b25-4ca4-822b-b5db1be628fc%7D:0.4.1 FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.28 FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.15 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:4.0.2 FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.15.3 FF - prefs.js..extensions.enabledAddons: copyplaintext%40teo.pl:1.3.2 FF - prefs.js..extensions.enabledAddons: extended.copy.menu%40fix.version:1.6.1c FF - prefs.js..extensions.enabledAddons: giorgio%40gilestro.tk:1.0.6 FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:1.0.8 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF [2015.01.27 12:13:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.06.01 13:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2013.10.14 20:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions [2013.10.15 10:36:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2013.10.15 10:36:06 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\5jsiwlc9.default\extensions\https-everywhere@eff.org [2015.03.01 14:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions [2014.06.01 13:23:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2015.01.01 10:01:22 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\k9u6a6ot.default\extensions\https-everywhere@eff.org [2013.10.14 20:53:28 | 001,097,649 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\2.0@disconnect.me.xpi [2013.10.14 20:53:28 | 000,048,746 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\copyplaintext@teo.pl.xpi [2013.10.14 20:53:28 | 000,019,423 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\extended.copy.menu@fix.version.xpi [2013.10.14 20:53:28 | 000,020,699 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\firefox1@myibay.com.xpi [2013.10.14 20:53:28 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\giorgio@gilestro.tk.xpi [2013.10.14 20:53:27 | 000,172,839 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\requestpolicy@requestpolicy.com.xpi [2013.10.14 20:53:27 | 000,534,789 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.10.14 20:53:27 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013.10.14 20:32:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.10.14 20:53:27 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.10.14 20:53:27 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\5jsiwlc9.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi [2015.02.21 18:59:19 | 000,947,844 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\2.0@disconnect.me.xpi [2015.01.01 11:02:41 | 000,061,214 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\copyplaintext@teo.pl.xpi [2015.02.19 17:27:45 | 000,127,486 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.10.14 21:20:54 | 000,019,423 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\extended.copy.menu@fix.version.xpi [2014.11.23 09:59:22 | 000,020,693 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\firefox1@myibay.com.xpi [2013.10.14 21:20:54 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\giorgio@gilestro.tk.xpi [2014.11.20 11:40:54 | 000,160,837 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\requestpolicy@requestpolicy.com.xpi [2015.03.01 14:36:41 | 000,202,627 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015.02.20 14:40:11 | 000,544,463 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014.09.30 16:11:51 | 000,071,151 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2013.10.14 21:20:54 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015.01.15 11:32:51 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.10.14 21:20:53 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.10.14 21:20:53 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi [2015.01.01 11:02:41 | 000,133,650 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015.03.01 10:53:06 | 000,005,783 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\searchplugins\startpage-https---deutsch.xml [2014.05.31 09:34:35 | 000,009,419 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\searchplugins\yahoo-avast.xml [2015.02.25 10:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2015.02.25 10:12:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CamserviceExchange] C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe (Guillemot Corporation S.A.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [SuRun Systemmenü-Erweiterung] C:\Windows\SuRun.exe (hxxp://kay-bruns.de) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CF0AE36-5C3D-4AD9-9FE1-19C17ABCEF27}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll (hxxp://kay-bruns.de) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.03.02 08:17:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2015.03.02 08:02:44 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswmbr.exe [2015.03.01 13:13:38 | 001,132,032 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe [2015.02.25 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2015.02.23 08:57:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{68D9EB6A-D28F-437C-ACB3-C801259CFA2B} [2015.02.23 08:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D4F46F7B-EA64-43A2-9BE5-84321CB4D190} [2015.02.23 08:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B} [2015.02.21 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mp3tag [2015.02.12 07:07:27 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2015.02.11 16:12:19 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perftrack.dll [2015.02.11 16:12:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powertracker.dll [2015.02.11 09:05:27 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2015.02.11 09:05:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2015.02.11 09:05:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2015.02.11 09:05:25 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2015.02.11 09:05:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2015.02.11 09:05:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2015.02.11 09:05:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2015.02.11 09:05:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2015.02.11 09:05:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2015.02.11 09:05:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2015.02.11 09:05:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2015.02.11 09:05:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2015.02.11 09:03:00 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2015.02.11 09:02:56 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2015.02.11 09:02:41 | 003,921,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2015.02.11 09:02:40 | 003,977,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2015.02.11 09:00:30 | 001,167,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe [2015.02.11 09:00:30 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2015.02.11 09:00:30 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll [2015.02.11 09:00:30 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll [2015.02.11 09:00:30 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2015.02.11 09:00:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll [2015.02.11 09:00:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2015.02.11 09:00:29 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll ========== Files - Modified Within 30 Days ========== [2015.03.02 08:23:10 | 000,030,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.03.02 08:23:10 | 000,030,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.03.02 08:17:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2015.03.02 08:03:07 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswmbr.exe [2015.03.02 07:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.03.02 07:48:03 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2015.03.01 13:30:51 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015.03.01 13:13:53 | 000,380,416 | ---- | M] () -- C:\Users\Administrator\Desktop\Gmer-19357.exe [2015.03.01 13:13:45 | 001,132,032 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe [2015.03.01 13:13:16 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe [2015.02.11 10:53:00 | 000,269,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2015.02.05 09:04:25 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2015.02.05 09:04:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2015.02.04 03:54:02 | 000,482,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2015.02.04 03:53:44 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll [2015.02.04 03:53:39 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll [2015.02.04 03:53:37 | 000,767,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll [2015.02.04 03:53:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2015.02.04 03:53:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll [2015.02.04 03:49:50 | 000,886,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll ========== Files Created - No Company Name ========== [2015.03.02 08:23:31 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat [2015.03.01 13:13:51 | 000,380,416 | ---- | C] () -- C:\Users\Administrator\Desktop\Gmer-19357.exe [2015.03.01 13:13:13 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe [2014.12.18 20:18:13 | 001,806,960 | ---- | C] () -- C:\Windows\ampa.exe [2014.12.18 20:18:13 | 000,014,448 | ---- | C] () -- C:\Windows\System32\ampa.sys [2014.04.23 18:07:54 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2014.01.27 13:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2013.11.26 18:31:56 | 000,000,017 | ---- | C] () -- C:\Windows\spwdrt.INI [2013.11.04 16:03:08 | 000,009,728 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll [2013.10.27 12:46:44 | 000,007,633 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2013.10.19 23:35:59 | 000,002,865 | ---- | C] () -- C:\Windows\System32\k10stat.dat [2013.10.15 15:46:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2013.10.15 15:46:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2013.10.15 13:13:41 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.10.15 13:13:40 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.10.15 13:05:15 | 005,694,504 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat [2013.10.15 13:05:11 | 000,620,273 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2013.10.15 13:04:55 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll [2013.10.14 19:33:05 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll [2013.10.14 19:31:47 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2013.10.14 19:30:49 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2013.10.14 19:30:49 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2013.10.14 19:30:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2013.10.14 19:30:49 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2013.10.14 19:30:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2013.10.14 19:27:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.10.14 19:09:58 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2013.10.14 19:08:13 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI [2013.10.14 18:44:59 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2013.10.14 18:44:59 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2013.10.14 18:44:59 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2013.10.14 18:31:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.10.14 18:12:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.10.14 17:50:20 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe [2013.10.14 17:50:20 | 000,012,137 | ---- | C] () -- C:\Windows\unins002.dat [2013.10.14 17:50:11 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2013.10.14 17:50:10 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll [2013.10.14 17:50:10 | 000,138,752 | ---- | C] () -- C:\Windows\System32\libpng15.dll [2013.10.14 17:50:09 | 001,199,179 | ---- | C] () -- C:\Windows\unins001.exe [2013.10.14 17:50:09 | 000,017,847 | ---- | C] () -- C:\Windows\unins001.dat [2013.10.14 17:49:11 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe [2013.10.14 17:49:11 | 000,007,966 | ---- | C] () -- C:\Windows\unins000.dat [2013.10.14 00:21:24 | 000,000,338 | ---- | C] () -- C:\Windows\System32\WinToolkitRunOnce.exe.config [2013.10.13 23:09:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.10.13 22:00:43 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:37:22 | 012,877,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.10.15 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AIMP3 [2014.04.18 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\.kde [2015.01.02 12:17:40 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\AIMP3 [2013.10.22 10:46:18 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\AVAST Software [2014.11.30 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\FileZilla [2014.02.08 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\FreeAudioPack [2014.04.22 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\gnupg [2015.02.28 09:09:57 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\Mp3tag [2014.12.27 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\MusicBrainz [2014.04.18 18:37:24 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\PyBitmessage [2015.02.28 19:11:40 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\uTorrent [2015.02.27 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\XnConvert [2015.02.28 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Admin.KRAXI\AppData\Roaming\XnViewMP [2013.10.22 11:27:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software [2013.10.19 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ElevatedShortcut [2014.01.27 13:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack [2014.04.22 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gnupg [2015.03.01 22:47:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mp3tag [2015.01.01 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MusicBrainz [2014.09.12 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oracle [2015.02.24 10:26:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.03.2015 08:41:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free
6,50 Gb Paging File | 4,88 Gb Available in Paging File | 75,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 52,19 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 164,69 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 15,41 Gb Free Space | 31,55% Space Free | Partition Type: NTFS
Drive F: | 833,84 Gb Total Space | 832,61 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 23,30 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
Drive X: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Drive Z: | 1374,26 Gb Total Space | 580,18 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Computer Name: KRAXI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Value error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Value error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [SuRun] -- Reg Error: Invalid data type.
Directory [TO] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037E67B2-B0F6-4860-8F76-DD5484DBADC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19412C55-A430-42B8-A5BF-00F344FBAA8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23E8BC34-59D3-4A1B-BEB7-B729576259C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{326637DD-B420-41A0-8299-6E405DA7E26E}" = rport=137 | protocol=17 | dir=out | app=system |
"{636A3D33-6CFB-4B73-BB33-B03B09073A24}" = lport=138 | protocol=17 | dir=in | app=system |
"{647B9F91-9012-4FDD-B597-AAB1F150BE61}" = lport=445 | protocol=6 | dir=in | app=system |
"{80AC0FFB-2EEE-4BD0-AE55-E950D5942508}" = lport=137 | protocol=17 | dir=in | app=system |
"{85E8F301-5B54-48C7-B753-10BB96E06DD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EC24B38-DB17-4973-BBD6-14CA160DD59E}" = lport=139 | protocol=6 | dir=in | app=system |
"{92644C14-DAC9-48F9-8E07-778E14ECE321}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC72979C-0D0D-4B9B-B5F6-05D48FD34863}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDF4FC38-4608-42D5-B8CD-059DF8916716}" = rport=138 | protocol=17 | dir=out | app=system |
"{C400FB06-A936-496E-9800-C27944D2221D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C753DD23-7CD0-4972-8870-32BBB11AE7D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F6DAD5-B202-4D8B-A9A1-5EBFE5E33AA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A1CE1D1-64B3-4195-8030-663E718DFB9F}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{14544858-6FA0-4B82-B534-CEBF855017BA}" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"{1A141DFD-24D8-4CF8-BCB8-473FB8374988}" = protocol=6 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"{28DA3ADD-05B7-4898-8B1A-73CB5C55B983}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{343DFC1D-9356-4328-A1F4-49AF7CE69BC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | |
"{434E9B45-D0EE-48F8-B929-8A143573FDB5}" = protocol=6 | dir=in | app=c:\program files\avast\ng\vbox\aswfe.exe |
"{51DBB5F8-BE97-417F-9F1B-5F2C0270D2D2}" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"{53721C41-FC4F-4CAB-828E-2FF46F2ADD6F}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"{5A7D079C-6B76-40F1-9AD0-2F23655E05C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CBFE664-6DBA-43AF-BCDB-439A3A150501}" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"{69AD79E3-84FD-4522-958A-9CF8DAA3402E}" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"{731B0E59-1E1B-4EBD-9CF8-F213180BF77F}" = protocol=6 | dir=in | app=c:\program files\fiddler2\fiddler.exe |
"{75746B0E-C872-4613-A759-D72C4844FAE8}" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"{75F0AAFB-6787-4A90-B447-92B48C899AC5}" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"{84F56EB0-B8DD-46B2-8137-E4A8C956A757}" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"{86B59496-E7BA-4810-B215-3DDA3839B60F}" = protocol=6 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"{8CDA6D61-83A7-4563-AB43-3ADE43AB1F20}" = protocol=6 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"{915591FC-2EB1-4C7A-9263-76F4BBF4DA76}" = protocol=6 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"{98D4EA87-C341-49F9-81E2-227FCFF84DED}" = protocol=6 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"{9CCD1706-E1AB-4EB8-9CB2-705754605C9D}" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"{A10A71E9-C252-4229-9B4F-9F833BC02542}" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"{A4B5D983-3AF1-423A-9DC1-50745CFC4B24}" = protocol=17 | dir=in | app=c:\program files\avast\ng\vbox\aswfe.exe |
"{A5C11146-A95F-40A0-B6B6-95035E713C39}" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe ||
"{C1527039-9D46-4118-A61A-48E385E70A32}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"{C47D29D0-B38F-45F3-B7D7-A64397CC10CA}" = protocol=17 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"{C48C385B-C037-4CF0-967C-447D59654F18}" = protocol=17 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"{C49065BF-1B94-44B2-9737-B08511108257}" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"{CEFF7408-39E3-43AB-A122-D162728F5565}" = protocol=17 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"{D1A2615F-D49D-4397-B31D-701DC43F02C3}" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"{D7934FDD-F202-4900-B4A9-C56BF54F8290}" = protocol=6 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"{E08E8195-A67D-4E83-9278-6178A782AABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA7372BB-58F7-4DEF-BE39-CDBE59E6AC90}" = protocol=17 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"{EC103DC0-7BE2-4E8B-95D0-9BC225CD8CBF}" = protocol=17 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"{EDCE411A-4292-434E-A50F-B8396CCE62A1}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EE574110-B938-44A3-8046-C7B312847037}" = protocol=6 | dir=in | app=c:\program files\μtorrent 3.0 leecher\utorrent 3.0.0 (25422)_org.exe |
"{F67C8139-D43F-4C97-B38D-20C612FCA0D9}" = protocol=6 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"{F82CA4D0-DB48-4F01-B427-DC9B7FD85BC0}" = protocol=17 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"{FFEFFFBC-7FC6-40A3-8683-CF00877DFE10}" = protocol=17 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"TCP Query User{0B4FFFC0-5551-4EC5-BE90-428000F9A506}D:\portable programme\operator 3.5\opera\opera.exe" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"TCP Query User{1D737C87-6F5D-46E1-BC6C-0240F4EB10E5}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"TCP Query User{1E71912D-8EE7-4AFE-9732-E55393C9C5F2}C:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"TCP Query User{26B80AA4-768F-45C1-9788-FC7B03CA6CEA}D:\portable programme\filezilla 3.73\filezilla.exe" = protocol=6 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"TCP Query User{3F126A14-A519-4C19-83A1-9B2888F769BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{423ED87B-A127-4521-A881-3E2CFEBAEFD8}C:\program files\hercules\dualpix exchange\xtrctrlex.exe" = protocol=6 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrlex.exe |
"TCP Query User{43B520FC-4281-49A7-BEA8-9C9711D1D0B2}D:\portable programme\operator 3.5\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"TCP Query User{4B2C9678-4A71-475F-B7C3-BE5D7BC9B763}C:\program files\qnap\qfinder\qfinder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"TCP Query User{5CEC2FB0-8242-4711-A58C-E9D4739324B4}D:\portable programme\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"TCP Query User{657901A1-0293-4314-9965-9C7C94B45737}D:\portable programme\totalcommander suite 5.0\totalcmd.exe" = protocol=6 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"TCP Query User{8BCE6A79-F972-4C84-AF50-572FF2F7DB08}C:\users\admin.kraxi\desktop\bitmessage.exe" = protocol=6 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"TCP Query User{8E1AF40B-7BB1-4F0E-8100-B03F9D262D4F}C:\program files\qnap\finder\qfinder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"TCP Query User{8E9EFE4D-5141-499F-B05B-8907EA6E1E15}D:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"TCP Query User{903B118D-AB55-4A59-94DE-208A0A94A5F9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A0326C43-AE9E-478D-9F95-E187D058FBEF}D:\portable programme\toropera 3.5\bitmessage 0.42.exe" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"TCP Query User{D4D9D3F1-B852-4ABB-9C02-0CE3EDD586CA}D:\portable programme\foobar2000 old\foobar2000.exe" = protocol=6 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"TCP Query User{E0958C98-7A76-4BBC-9E5C-DBFA6CA7FF1E}C:\program files\hercules\dualpix exchange\xtrctrl.exe" = protocol=6 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrl.exe |
"TCP Query User{EC7D8EF6-6569-436A-982B-183FFDE2C673}C:\program files\java\jre1.8.0_31\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"TCP Query User{F12187F0-F169-4833-B79F-28189C82F620}D:\portable programme\toropera 3.5\opera\opera.exe" = protocol=6 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"TCP Query User{F2579E26-E1FF-4D66-AE83-DCFC159B82A0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{086DE2E8-ECB5-43D2-B647-33A6CD107C9C}C:\program files\hercules\dualpix exchange\xtrctrl.exe" = protocol=17 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrl.exe |
"UDP Query User{121C4A42-0654-48A2-AFC2-525C6FCAA191}C:\program files\java\jre1.8.0_31\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"UDP Query User{184DA726-F935-43F1-87F5-38F40A4F86A2}C:\users\admin.kraxi\desktop\bitmessage.exe" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\bitmessage.exe |
"UDP Query User{29F8BD9C-BB99-424B-BEC6-82D076146DB8}D:\portable programme\totalcommander suite 5.0\totalcmd.exe" = protocol=17 | dir=in | app=d:\portable programme\totalcommander suite 5.0\totalcmd.exe |
"UDP Query User{365F5E39-B48D-46D9-B963-F9622FF6602E}D:\portable programme\filezilla 3.73\filezilla.exe" = protocol=17 | dir=in | app=d:\portable programme\filezilla 3.73\filezilla.exe |
"UDP Query User{3D7DB3BE-9F62-4556-9DB0-049F76F648E5}C:\program files\qnap\finder\qfinder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\qfinder.exe |
"UDP Query User{41FAA023-F3FC-44AA-9A20-E480AB153733}D:\portable programme\foobar2000 old\foobar2000.exe" = protocol=17 | dir=in | app=d:\portable programme\foobar2000 old\foobar2000.exe |
"UDP Query User{4351E5A5-617B-4D41-9C7B-9EDDE2D3B539}D:\portable programme\toropera 3.5\opera\opera.exe" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\opera\opera.exe |
"UDP Query User{4F0DED22-4310-4B4B-AEEB-40C3A3E0522D}D:\portable programme\toropera 3.5\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\toropera 3.5\bitmessage 0.42.exe |
"UDP Query User{85B335F7-A12E-494D-9F17-3B937067F9EF}D:\portable programme\operator 3.5\opera\opera.exe" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\opera\opera.exe |
"UDP Query User{9115AD7B-30B8-4EA7-BE87-A84A57058D03}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"UDP Query User{BBB57DBB-B75C-43C4-8506-F7903402B2CF}D:\portable programme\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=d:\portable programme\foobar2000\foobar2000.exe |
"UDP Query User{C1DE50F7-9807-4FE3-B245-A3023A008D6E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{CE358951-0B2F-4D5A-ADBE-89AFF82068C9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DC960BD9-29FA-4CCD-99FD-A16D10C229D6}D:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\torfirefox 3.6b\bitmessage 0.42.exe |
"UDP Query User{EA4036ED-BE36-4F92-A219-131C5C48FEF0}C:\program files\qnap\qfinder\qfinder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\qfinder\qfinder.exe |
"UDP Query User{EB81AAB2-31DA-423F-BED8-39ADA2219C97}C:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe" = protocol=17 | dir=in | app=c:\users\admin.kraxi\desktop\foobar 1.37b\foobar2000.exe |
"UDP Query User{EC3959C3-D76F-4F2E-8B88-3BED7A77CEB4}D:\portable programme\operator 3.5\bitmessage 0.42.exe" = protocol=17 | dir=in | app=d:\portable programme\operator 3.5\bitmessage 0.42.exe |
"UDP Query User{F36CBB39-DDF3-407C-A484-91E4609450EE}C:\program files\hercules\dualpix exchange\xtrctrlex.exe" = protocol=17 | dir=in | app=c:\program files\hercules\dualpix exchange\xtrctrlex.exe |
"UDP Query User{F77B7717-8AFC-44C8-B828-21F267D18BA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000EF65-BE80-3B99-BDE5-84C515C3F64C}" = Microsoft .NET Framework 4.5.2 (DEU)
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2C00465A-EA83-4D9B-9482-9180FBEBD4AC}" = Oracle VM VirtualBox 4.2.18
"{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}" = Dualpix Exchange
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50AF8559-F490-381F-A6E7-06A07DE227DC}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830
"{5C085A19-B4A1-6686-0103-E9E6F7B2831A}" = AMD Catalyst Install Manager
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9dba0447-b749-41ea-90bc-2aa19a9eb580}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}" = Adobe Shockwave Player 12.0
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CF9FEB7B-3BBF-47D6-801B-09530B7DA7CA}" = M-Audio FireWire 6.0.4 (x86)
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68B404C-0E04-337F-A132-796508EE337A}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"avast" = Avast Free Antivirus
"Default Programs Editor" = Default Programs Editor
"eLicenser Control" = eLicenser Control
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"M928366" =
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 36.0 (x86 de)" = Mozilla Firefox 36.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Info extension_is1" = MP3-Info extension V3.4.23
"Mp3tag" = Mp3tag v2.66
"MusicBrainz Picard" = MusicBrainz Picard
"QNAP_FINDER" = QNAP Qfinder
"SpeedFan" = SpeedFan (remove only)
"SuRun" = Super User Run (SuRun)
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2015 09:37:20 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2015 15:33:43 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2015 05:13:15 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2015 18:05:00 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2015 03:12:32 | Computer Name = Kraxi | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2015 10:58:32 | Computer Name = Kraxi | Source = Application Hang | ID = 1002
Description = Programm TagRename.exe, Version 3.8.1.41 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1324 Startzeit:
01d04f6573daaae6 Endzeit: 131 Anwendungspfad: D:\Portable Programme\TagRename 3.81\TagRename.exe
Berichts-ID:
6cdf6817-bb6c-11e4-ab04-40618667f7ca
Error - 01.03.2015 17:04:32 | Computer Name = Kraxi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16609 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: d10 Startzeit: 01d05463186a4130 Endzeit: 10 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.03.2015 02:59:10 | Computer Name = Kraxi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16609,
Zeitstempel: 0x54b5c951 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0e301368 ID des fehlerhaften
Prozesses: 0xa08 Startzeit der fehlerhaften Anwendung: 0x01d054b5589de9e7 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 9fe4c4dc-c0a9-11e4-b552-40618667f7ca
[ System Events ]
Error - 27.02.2015 12:03:43 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.02.2015 14:42:05 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 03:07:44 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 06:05:11 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.02.2015 13:23:48 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 05:30:04 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 08:06:33 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 09:29:33 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.03.2015 11:10:59 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 02.03.2015 02:48:18 | Computer Name = Kraxi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Geändert von OleHB (02.03.2015 um 08:40 Uhr) |
|
02.03.2015, 09:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligt Niemand sagt, du sollst OTL und/oder aswMBR ausführen Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Avast blockt verschiedene Seiten, svchost beteiligt |
|
02.03.2015, 12:39
| #7 |
| | Avast blockt verschiedene Seiten, svchost beteiligt o.k., ich dachte, dass könnte ev. helfen, aswMBR lief dann doch noch ohne Fehlermeldung durch. Ich hab die drei Durchläufe gemacht (Logs folgen). Allerdings kam von Avast nach dem Neustart vom adwCleaner sofort eine Blockmeldung und nachdem ich JRT hab durchlaufen lassen, hab ich das System auch noch mal neu gestartet - und es kam ebenfalls sofort eine Blockmeldung (blackled.info etc.). Hier die Logs: adwCleaner: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 02/03/2015 um 12:15:01
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Administrator - KRAXI
# Gestarted von : C:\Users\Administrator\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\QuickSet
Ordner Gelöscht : C:\ProgramData\748a61dce34122dd
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7zbwjogz.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
Ordner Gelöscht : C:\Users\Admin.KRAXI\AppData\Roaming\Mozilla\Firefox\Profiles\12jt8oey.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5jsiwlc9.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\surf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Mozilla Firefox v36.0 (x86 de)
*************************
AdwCleaner[R0].txt - [2907 Bytes] - [02/03/2015 12:11:07]
AdwCleaner[S0].txt - [2738 Bytes] - [02/03/2015 12:15:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2797 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x86
Ran by Administrator on 02.03.2015 at 12:20:42,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\SPEEDFAN.EXE-C5D8B2C1.pf
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\extensions\firefox1@myibay.com.xpi
Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\prefs.js
user_pref("extensions.requestpolicy.allowedOrigins", "niederschlagsradar.de elitwork.com mozilla.org web.de
user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "163.com|netease.com amazon.ca|images-amazon.com amazon.ca|ssl-images-amazon.com amazon.cn|images-amazon.com
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\k9u6a6ot.default\minidumps [145 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2015 at 12:22:35,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by Administrator (administrator) on KRAXI on 02-03-2015 12:24:01
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Standart & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Guillemot Corporation S.A.) C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(AVAST Software) C:\Program Files\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [CamserviceExchange] => C:\Program Files\Hercules\Dualpix Exchange\XtrCtrlEx.exe [3228968 2011-09-07] (Guillemot Corporation S.A.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] => C:\Windows\SuRun.exe [678912 2013-10-19] (hxxp://kay-bruns.de)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3658721051-4004364685-709729734-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\K10STAT.lnk
ShortcutTarget: K10STAT.lnk -> D:\Portable Programme\K10Stat\K10STAT.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Speedfan.lnk
ShortcutTarget: Speedfan.lnk -> D:\Portable Programme\K10Stat\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3658721051-4004364685-709729734-500 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll [175616 2013-10-19] (hxxp://kay-bruns.de)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\searchplugins\yahoo-avast.xml
FF Extension: HTTPS-Everywhere - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\https-everywhere@eff.org [2014-11-08]
FF Extension: Disconnect - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\2.0@disconnect.me.xpi [2014-06-01]
FF Extension: Copy Plain Text 2 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\copyplaintext@teo.pl.xpi [2014-06-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-23]
FF Extension: Extended Copy Menu (fix version) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\extended.copy.menu@fix.version.xpi [2014-06-01]
FF Extension: Imgur Uploader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\giorgio@gilestro.tk.xpi [2014-06-01]
FF Extension: RequestPolicy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\requestpolicy@requestpolicy.com.xpi [2014-06-01]
FF Extension: Stylish - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-01-01]
FF Extension: NoScript - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-01]
FF Extension: BBCodeXtra - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2015-01-01]
FF Extension: RightToClick - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-06-01]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-01]
FF Extension: BetterPrivacy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-01]
FF Extension: Plain Text Links - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi [2014-06-01]
FF Extension: Download Manager Tweak - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2014-06-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Avast\WebRep\FF [2013-10-15]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k9u6a6ot.default\extensions\firefox1@myibay.com.xpi [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-19] (Avast Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2013-10-13] (Microsoft Corporation)
R2 SuRunSVC; C:\Windows\SuRun.exe [678912 2013-10-19] (hxxp://kay-bruns.de) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-10-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R2 VBoxAswDrv; C:\Program Files\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-19] (Avast Software)
S4 ALSysIO; \??\C:\Users\Admin.KRAXI\AppData\Local\Temp\ALSysIO.sys [X]
U3 Bonjour Service; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 12:24 - 2015-03-02 12:24 - 00013231 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-03-02 12:22 - 2015-03-02 12:23 - 00001416 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-03-02 12:20 - 2015-03-02 12:20 - 00000167 _____ () C:\Windows\system32\2015-03-02-11-20-20.065-AvastVBoxSVC.exe-2668.log
2015-03-02 12:10 - 2015-03-02 12:15 - 00000000 ____D () C:\AdwCleaner
2015-03-02 09:52 - 2015-03-02 09:52 - 02126848 _____ () C:\Users\Administrator\Desktop\AdwCleaner_4.111.exe
2015-03-02 09:52 - 2015-03-02 09:52 - 01388333 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2015-03-02 09:09 - 2015-03-02 09:09 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-03-02 08:52 - 2015-03-02 09:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\XnViewMP
2015-03-01 16:13 - 2015-03-01 16:13 - 00000167 _____ () C:\Windows\system32\2015-03-01-15-13-06.060-AvastVBoxSVC.exe-2552.log
2015-03-01 13:54 - 2015-03-01 13:54 - 00000260 _____ () C:\Users\Administrator\Desktop\defogger_enable.log
2015-03-01 13:19 - 2015-03-01 13:19 - 00000217 _____ () C:\Windows\system32\2015-03-01-12-19-03.031-aswFe.exe-4644.log
2015-03-01 13:14 - 2015-03-02 09:09 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2015-03-01 13:13 - 2015-03-01 13:18 - 00000217 _____ () C:\Windows\system32\2015-03-01-12-13-52.024-aswFe.exe-5716.log
2015-03-01 13:13 - 2015-03-01 13:13 - 01132032 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00050477 _____ () C:\Users\Administrator\Desktop\Defogger.exe
2015-03-01 13:13 - 2015-03-01 13:13 - 00000167 _____ () C:\Windows\system32\2015-03-01-12-13-48.096-AvastVBoxSVC.exe-2504.log
2015-03-01 10:32 - 2015-03-01 10:32 - 00000167 _____ () C:\Windows\system32\2015-03-01-09-32-14.098-AvastVBoxSVC.exe-2232.log
2015-02-28 18:38 - 2015-02-28 18:38 - 00000217 _____ () C:\Windows\system32\2015-02-28-17-38-47.093-aswFe.exe-5404.log
2015-02-28 18:34 - 2015-02-28 18:38 - 00000217 _____ () C:\Windows\system32\2015-02-28-17-34-12.097-aswFe.exe-5492.log
2015-02-28 18:34 - 2015-02-28 18:34 - 00000167 _____ () C:\Windows\system32\2015-02-28-17-34-09.053-AvastVBoxSVC.exe-4476.log
2015-02-28 11:06 - 2015-02-28 11:07 - 00000167 _____ () C:\Windows\system32\2015-02-28-10-06-36.060-AvastVBoxSVC.exe-2616.log
2015-02-28 08:23 - 2015-02-28 08:23 - 00000217 _____ () C:\Windows\system32\2015-02-28-07-23-35.070-aswFe.exe-6108.log
2015-02-28 08:18 - 2015-02-28 08:23 - 00000217 _____ () C:\Windows\system32\2015-02-28-07-18-10.011-aswFe.exe-3812.log
2015-02-28 08:18 - 2015-02-28 08:18 - 00000167 _____ () C:\Windows\system32\2015-02-28-07-18-08.003-AvastVBoxSVC.exe-4276.log
2015-02-27 19:44 - 2015-02-27 19:44 - 00000167 _____ () C:\Windows\system32\2015-02-27-18-44-18.066-AvastVBoxSVC.exe-2452.log
2015-02-27 17:16 - 2015-02-28 22:27 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\XnViewMP
2015-02-27 17:12 - 2015-02-27 17:12 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\XnConvert
2015-02-27 17:05 - 2015-02-27 17:06 - 00000167 _____ () C:\Windows\system32\2015-02-27-16-05-57.036-AvastVBoxSVC.exe-2412.log
2015-02-27 09:33 - 2015-02-27 09:33 - 00000167 _____ () C:\Windows\system32\2015-02-27-08-33-58.047-AvastVBoxSVC.exe-3732.log
2015-02-27 08:20 - 2015-02-27 08:20 - 00000167 _____ () C:\Windows\system32\2015-02-27-07-20-24.001-AvastVBoxSVC.exe-3524.log
2015-02-26 17:24 - 2015-02-26 17:24 - 00000167 _____ () C:\Windows\system32\2015-02-26-16-24-18.081-AvastVBoxSVC.exe-2616.log
2015-02-26 14:09 - 2015-02-26 14:09 - 00000167 _____ () C:\Windows\system32\2015-02-26-13-09-51.066-AvastVBoxSVC.exe-2416.log
2015-02-26 09:03 - 2015-02-26 09:03 - 00000217 _____ () C:\Windows\system32\2015-02-26-08-03-26.024-aswFe.exe-1776.log
2015-02-26 08:58 - 2015-02-26 09:03 - 00000217 _____ () C:\Windows\system32\2015-02-26-07-58-39.049-aswFe.exe-2576.log
2015-02-26 08:58 - 2015-02-26 08:58 - 00000167 _____ () C:\Windows\system32\2015-02-26-07-58-36.027-AvastVBoxSVC.exe-4032.log
2015-02-26 06:02 - 2015-02-26 06:03 - 00000167 _____ () C:\Windows\system32\2015-02-26-05-02-54.015-AvastVBoxSVC.exe-2752.log
2015-02-25 16:41 - 2015-02-25 16:41 - 00000167 _____ () C:\Windows\system32\2015-02-25-15-41-41.043-AvastVBoxSVC.exe-2476.log
2015-02-25 10:12 - 2015-02-25 10:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-25 08:58 - 2015-01-09 00:45 - 00419648 _____ () C:\Windows\system32\locale.nls
2015-02-25 08:54 - 2015-02-25 08:54 - 00000167 _____ () C:\Windows\system32\2015-02-25-07-54-49.067-AvastVBoxSVC.exe-2788.log
2015-02-24 09:21 - 2015-02-24 09:21 - 00000167 _____ () C:\Windows\system32\2015-02-24-08-21-39.044-AvastVBoxSVC.exe-2432.log
2015-02-23 08:57 - 2015-02-23 08:57 - 00000000 __HDC () C:\ProgramData\{68D9EB6A-D28F-437C-ACB3-C801259CFA2B}
2015-02-23 08:55 - 2015-02-23 08:55 - 00000000 __HDC () C:\ProgramData\{D4F46F7B-EA64-43A2-9BE5-84321CB4D190}
2015-02-23 08:54 - 2015-02-23 08:54 - 00000000 __HDC () C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}
2015-02-23 08:06 - 2015-02-23 08:06 - 00000167 _____ () C:\Windows\system32\2015-02-23-07-06-01.052-AvastVBoxSVC.exe-2672.log
2015-02-22 08:14 - 2015-02-22 08:14 - 00000167 _____ () C:\Windows\system32\2015-02-22-07-14-35.044-AvastVBoxSVC.exe-2636.log
2015-02-22 08:12 - 2015-03-02 12:17 - 00001456 _____ () C:\Windows\setupact.log
2015-02-22 08:12 - 2015-02-22 08:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 23:07 - 2015-02-21 23:07 - 00000167 _____ () C:\Windows\system32\2015-02-21-22-07-01.079-AvastVBoxSVC.exe-2556.log
2015-02-21 19:00 - 2015-03-02 12:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mp3tag
2015-02-21 10:15 - 2015-02-21 10:15 - 00000167 _____ () C:\Windows\system32\2015-02-21-09-15-16.064-AvastVBoxSVC.exe-2428.log
2015-02-20 20:35 - 2015-02-20 20:35 - 00000167 _____ () C:\Windows\system32\2015-02-20-19-35-43.041-AvastVBoxSVC.exe-2536.log
2015-02-20 14:38 - 2015-02-20 14:38 - 00000167 _____ () C:\Windows\system32\2015-02-20-13-38-22.066-AvastVBoxSVC.exe-2484.log
2015-02-20 11:04 - 2015-02-20 11:09 - 00000217 _____ () C:\Windows\system32\2015-02-20-10-04-37.038-aswFe.exe-5696.log
2015-02-19 21:13 - 2015-02-19 21:13 - 00000167 _____ () C:\Windows\system32\2015-02-19-20-13-17.047-AvastVBoxSVC.exe-2832.log
2015-02-19 17:14 - 2015-02-19 17:14 - 00000167 _____ () C:\Windows\system32\2015-02-19-16-14-24.036-AvastVBoxSVC.exe-2468.log
2015-02-19 09:30 - 2015-02-19 09:30 - 00000167 _____ () C:\Windows\system32\2015-02-19-08-30-00.060-AvastVBoxSVC.exe-2604.log
2015-02-18 19:59 - 2015-02-18 20:00 - 00000167 _____ () C:\Windows\system32\2015-02-18-18-59-55.076-AvastVBoxSVC.exe-2528.log
2015-02-18 14:46 - 2015-02-18 14:46 - 00000217 _____ () C:\Windows\system32\2015-02-18-13-46-29.036-aswFe.exe-724.log
2015-02-18 14:41 - 2015-02-18 14:46 - 00000217 _____ () C:\Windows\system32\2015-02-18-13-41-36.016-aswFe.exe-1088.log
2015-02-18 14:41 - 2015-02-18 14:41 - 00000167 _____ () C:\Windows\system32\2015-02-18-13-41-33.037-AvastVBoxSVC.exe-776.log
2015-02-18 09:39 - 2015-02-18 09:39 - 00000167 _____ () C:\Windows\system32\2015-02-18-08-39-13.065-AvastVBoxSVC.exe-2644.log
2015-02-17 18:24 - 2015-02-17 18:24 - 00000217 _____ () C:\Windows\system32\2015-02-17-17-24-51.000-aswFe.exe-1288.log
2015-02-17 18:20 - 2015-02-17 18:24 - 00000217 _____ () C:\Windows\system32\2015-02-17-17-20-07.018-aswFe.exe-3428.log
2015-02-17 18:20 - 2015-02-17 18:20 - 00000167 _____ () C:\Windows\system32\2015-02-17-17-20-04.085-AvastVBoxSVC.exe-3876.log
2015-02-17 12:07 - 2015-02-17 12:07 - 00000167 _____ () C:\Windows\system32\2015-02-17-11-07-23.043-AvastVBoxSVC.exe-2588.log
2015-02-17 08:50 - 2015-02-17 08:51 - 00000167 _____ () C:\Windows\system32\2015-02-17-07-50-58.083-AvastVBoxSVC.exe-2784.log
2015-02-16 08:41 - 2015-02-16 08:41 - 00000167 _____ () C:\Windows\system32\2015-02-16-07-41-01.064-AvastVBoxSVC.exe-2412.log
2015-02-15 21:36 - 2015-02-15 21:37 - 00000167 _____ () C:\Windows\system32\2015-02-15-20-36-40.001-AvastVBoxSVC.exe-2552.log
2015-02-15 15:01 - 2015-02-15 15:01 - 00000167 _____ () C:\Windows\system32\2015-02-15-14-01-41.006-AvastVBoxSVC.exe-2532.log
2015-02-15 13:53 - 2015-02-15 13:53 - 00000167 _____ () C:\Windows\system32\2015-02-15-12-53-26.012-AvastVBoxSVC.exe-2508.log
2015-02-14 22:27 - 2015-02-14 22:28 - 00000167 _____ () C:\Windows\system32\2015-02-14-21-27-46.039-AvastVBoxSVC.exe-2532.log
2015-02-14 08:34 - 2015-02-14 08:35 - 00000167 _____ () C:\Windows\system32\2015-02-14-07-34-58.041-AvastVBoxSVC.exe-2552.log
2015-02-13 09:34 - 2015-02-13 09:34 - 00000167 _____ () C:\Windows\system32\2015-02-13-08-34-19.039-AvastVBoxSVC.exe-2428.log
2015-02-12 21:25 - 2015-02-12 21:25 - 00000217 _____ () C:\Windows\system32\2015-02-12-20-25-43.097-aswFe.exe-2492.log
2015-02-12 21:20 - 2015-02-12 21:25 - 00000217 _____ () C:\Windows\system32\2015-02-12-20-20-15.063-aswFe.exe-3384.log
2015-02-12 21:20 - 2015-02-12 21:20 - 00000167 _____ () C:\Windows\system32\2015-02-12-20-20-10.037-AvastVBoxSVC.exe-3132.log
2015-02-12 19:17 - 2015-02-12 19:17 - 00000167 _____ () C:\Windows\system32\2015-02-12-18-17-47.057-AvastVBoxSVC.exe-2652.log
2015-02-12 15:27 - 2015-02-12 15:27 - 00000167 _____ () C:\Windows\system32\2015-02-12-14-27-38.042-AvastVBoxSVC.exe-2336.log
2015-02-12 07:07 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:07 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 06:58 - 2015-02-12 06:58 - 00000167 _____ () C:\Windows\system32\2015-02-12-05-58-44.061-AvastVBoxSVC.exe-2576.log
2015-02-11 20:22 - 2015-02-11 20:22 - 00000167 _____ () C:\Windows\system32\2015-02-11-19-22-27.064-AvastVBoxSVC.exe-2436.log
2015-02-11 17:53 - 2015-02-11 17:53 - 00000167 _____ () C:\Windows\system32\2015-02-11-16-53-25.052-AvastVBoxSVC.exe-2156.log
2015-02-11 16:12 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 16:12 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 16:12 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 15:28 - 2015-02-11 15:29 - 00000167 _____ () C:\Windows\system32\2015-02-11-14-28-48.088-AvastVBoxSVC.exe-2544.log
2015-02-11 10:55 - 2015-02-11 10:55 - 00000167 _____ () C:\Windows\system32\2015-02-11-09-55-39.029-AvastVBoxSVC.exe-2232.log
2015-02-11 09:05 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:05 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:05 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:05 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:05 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:05 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:05 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:05 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:05 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:05 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:05 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-11 09:03 - 2015-01-13 03:49 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:03 - 2015-01-09 02:52 - 02388992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:02 - 2015-01-15 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-01-15 09:09 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:02 - 2015-01-15 09:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:02 - 2015-01-15 05:22 - 00369976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-01-14 07:25 - 03977656 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 09:02 - 2015-01-14 07:25 - 03921848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:02 - 2014-12-12 06:38 - 01175040 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2014-12-08 04:03 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:02 - 2014-10-30 03:14 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:00 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:00 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:00 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:00 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:00 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:54 - 2015-02-11 08:54 - 00000167 _____ () C:\Windows\system32\2015-02-11-07-54-48.017-AvastVBoxSVC.exe-3512.log
2015-02-10 21:40 - 2015-02-10 21:40 - 00000217 _____ () C:\Windows\system32\2015-02-10-20-40-18.087-aswFe.exe-5832.log
2015-02-10 21:35 - 2015-02-10 21:40 - 00000217 _____ () C:\Windows\system32\2015-02-10-20-35-29.069-aswFe.exe-5856.log
2015-02-10 21:35 - 2015-02-10 21:35 - 00000167 _____ () C:\Windows\system32\2015-02-10-20-35-24.082-AvastVBoxSVC.exe-2032.log
2015-02-10 13:30 - 2015-02-10 13:30 - 00000167 _____ () C:\Windows\system32\2015-02-10-12-30-13.073-AvastVBoxSVC.exe-2468.log
2015-02-10 11:01 - 2015-02-10 11:01 - 00000167 _____ () C:\Windows\system32\2015-02-10-10-01-43.011-AvastVBoxSVC.exe-2424.log
2015-02-10 09:30 - 2015-02-10 09:30 - 00000167 _____ () C:\Windows\system32\2015-02-10-08-30-34.068-AvastVBoxSVC.exe-2464.log
2015-02-09 19:58 - 2015-02-09 19:58 - 00000167 _____ () C:\Windows\system32\2015-02-09-18-58-24.060-AvastVBoxSVC.exe-2456.log
2015-02-09 14:45 - 2015-02-09 14:45 - 00000167 _____ () C:\Windows\system32\2015-02-09-13-45-47.051-AvastVBoxSVC.exe-2364.log
2015-02-09 09:51 - 2015-02-09 09:51 - 00000167 _____ () C:\Windows\system32\2015-02-09-08-51-38.080-AvastVBoxSVC.exe-2328.log
2015-02-08 20:17 - 2015-02-08 20:17 - 00000167 _____ () C:\Windows\system32\2015-02-08-19-17-34.070-AvastVBoxSVC.exe-2248.log
2015-02-08 14:44 - 2015-02-08 14:44 - 00000167 _____ () C:\Windows\system32\2015-02-08-13-44-08.026-AvastVBoxSVC.exe-2396.log
2015-02-08 09:17 - 2015-02-08 09:17 - 00000167 _____ () C:\Windows\system32\2015-02-08-08-17-42.073-AvastVBoxSVC.exe-2568.log
2015-02-07 22:36 - 2015-02-07 22:37 - 00000167 _____ () C:\Windows\system32\2015-02-07-21-36-15.035-AvastVBoxSVC.exe-2512.log
2015-02-07 18:13 - 2015-02-07 18:13 - 00000167 _____ () C:\Windows\system32\2015-02-07-17-13-25.075-AvastVBoxSVC.exe-2488.log
2015-02-07 17:09 - 2015-02-07 17:10 - 00000167 _____ () C:\Windows\system32\2015-02-07-16-09-55.036-AvastVBoxSVC.exe-2376.log
2015-02-07 14:06 - 2015-02-07 14:06 - 00000167 _____ () C:\Windows\system32\2015-02-07-13-06-05.063-AvastVBoxSVC.exe-2536.log
2015-02-07 13:14 - 2015-02-07 13:14 - 00000167 _____ () C:\Windows\system32\2015-02-07-12-14-16.000-AvastVBoxSVC.exe-2544.log
2015-02-07 12:09 - 2015-02-07 12:09 - 00000167 _____ () C:\Windows\system32\2015-02-07-11-09-12.059-AvastVBoxSVC.exe-2588.log
2015-02-07 10:07 - 2015-02-07 10:07 - 00000167 _____ () C:\Windows\system32\2015-02-07-09-07-27.017-AvastVBoxSVC.exe-2528.log
2015-02-06 18:31 - 2015-02-06 18:31 - 00000167 _____ () C:\Windows\system32\2015-02-06-17-31-04.069-AvastVBoxSVC.exe-2576.log
2015-02-06 13:52 - 2015-02-06 13:52 - 00000167 _____ () C:\Windows\system32\2015-02-06-12-52-42.026-AvastVBoxSVC.exe-2572.log
2015-02-06 08:02 - 2015-02-06 08:02 - 00000167 _____ () C:\Windows\system32\2015-02-06-07-02-19.006-AvastVBoxSVC.exe-2536.log
2015-02-05 16:31 - 2015-02-05 16:31 - 00000167 _____ () C:\Windows\system32\2015-02-05-15-31-06.099-AvastVBoxSVC.exe-2548.log
2015-02-05 13:38 - 2015-02-05 13:39 - 00000167 _____ () C:\Windows\system32\2015-02-05-12-38-33.053-AvastVBoxSVC.exe-3096.log
2015-02-05 08:45 - 2015-02-05 08:45 - 00000167 _____ () C:\Windows\system32\2015-02-05-07-45-16.039-AvastVBoxSVC.exe-2384.log
2015-02-04 18:05 - 2015-02-04 18:05 - 00000167 _____ () C:\Windows\system32\2015-02-04-17-05-07.024-AvastVBoxSVC.exe-2824.log
2015-02-04 14:24 - 2015-02-04 14:24 - 00000167 _____ () C:\Windows\system32\2015-02-04-13-24-03.001-AvastVBoxSVC.exe-2624.log
2015-02-04 12:06 - 2015-02-04 12:06 - 00000167 _____ () C:\Windows\system32\2015-02-04-11-06-32.051-AvastVBoxSVC.exe-976.log
2015-02-04 08:13 - 2015-02-04 08:13 - 00000167 _____ () C:\Windows\system32\2015-02-04-07-13-31.045-AvastVBoxSVC.exe-2548.log
2015-02-03 20:30 - 2015-02-03 20:30 - 00000167 _____ () C:\Windows\system32\2015-02-03-19-30-07.064-AvastVBoxSVC.exe-2512.log
2015-02-03 13:57 - 2015-02-03 13:57 - 00000167 _____ () C:\Windows\system32\2015-02-03-12-57-18.013-AvastVBoxSVC.exe-2556.log
2015-02-03 12:59 - 2015-02-03 12:59 - 00000167 _____ () C:\Windows\system32\2015-02-03-11-59-37.071-AvastVBoxSVC.exe-2488.log
2015-02-03 09:17 - 2015-02-03 09:18 - 00000167 _____ () C:\Windows\system32\2015-02-03-08-17-55.005-AvastVBoxSVC.exe-2544.log
2015-02-02 19:16 - 2015-02-02 19:16 - 00000167 _____ () C:\Windows\system32\2015-02-02-18-16-04.014-AvastVBoxSVC.exe-2528.log
2015-02-02 09:06 - 2015-02-02 09:06 - 00000167 _____ () C:\Windows\system32\2015-02-02-08-06-02.045-AvastVBoxSVC.exe-2408.log
2015-02-01 16:40 - 2015-02-01 16:40 - 00000167 _____ () C:\Windows\system32\2015-02-01-15-40-48.079-AvastVBoxSVC.exe-2552.log
2015-02-01 11:19 - 2015-02-01 11:19 - 00000167 _____ () C:\Windows\system32\2015-02-01-10-19-47.097-AvastVBoxSVC.exe-2464.log
2015-01-31 18:42 - 2015-01-31 18:42 - 00000167 _____ () C:\Windows\system32\2015-01-31-17-42-10.038-AvastVBoxSVC.exe-2484.log
2015-01-31 15:56 - 2015-01-31 15:56 - 00000167 _____ () C:\Windows\system32\2015-01-31-14-56-42.071-AvastVBoxSVC.exe-2576.log
2015-01-31 15:00 - 2015-01-31 15:00 - 00000167 _____ () C:\Windows\system32\2015-01-31-14-00-50.072-AvastVBoxSVC.exe-2336.log
2015-01-31 10:51 - 2015-01-31 10:52 - 00000167 _____ () C:\Windows\system32\2015-01-31-09-51-59.086-AvastVBoxSVC.exe-2264.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 12:24 - 2015-01-01 10:46 - 00000000 ____D () C:\FRST
2015-03-02 12:21 - 2013-10-14 17:34 - 01864640 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 12:18 - 2013-10-15 21:11 - 00000000 ____D () C:\Temp
2015-03-02 12:18 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 11:07 - 2014-01-27 13:31 - 00000000 ____D () C:\Program Files\Free mp3 Wma Converter
2015-03-02 09:09 - 2013-10-14 18:04 - 00000000 ____D () C:\Users\Administrator
2015-03-02 08:23 - 2009-07-14 05:34 - 00030880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 08:23 - 2009-07-14 05:34 - 00030880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 07:59 - 2013-10-19 10:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-03-01 13:30 - 2015-01-01 09:52 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:11 - 2013-10-18 19:13 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\uTorrent
2015-02-28 09:09 - 2014-10-04 11:33 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Roaming\Mp3tag
2015-02-25 16:42 - 2013-10-19 11:06 - 00000000 ____D () C:\Users\Admin.KRAXI\AppData\Local\CrashDumps
2015-02-25 16:39 - 2014-06-01 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-23 08:53 - 2013-10-14 17:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-22 14:30 - 2013-10-15 22:18 - 00000000 ____D () C:\Users\Administrator\.VirtualBox
2015-02-21 23:12 - 2014-10-01 18:15 - 00000000 ____D () C:\Program Files\QNAP
2015-02-21 23:04 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 09:18 - 1899-12-30 01:00 - 00000000 ___RD () C:\Users\Administrator\Desktop\Arbeitsordner
2015-02-12 09:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-11 16:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-11 10:53 - 2009-07-14 05:33 - 00269664 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 09:38 - 2014-12-10 16:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 09:38 - 2014-04-23 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 09:14 - 2013-10-14 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 09:08 - 2013-10-15 11:23 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 09:04 - 2013-10-14 17:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:04 - 2013-10-14 17:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2013-10-14 19:08 - 2005-12-09 03:52 - 0000060 ____R () C:\Program Files\BRINST.INI
2013-10-27 12:46 - 2013-10-27 12:46 - 0007633 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-10-14 18:31 - 2013-10-14 18:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Admin.KRAXI\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Admin.KRAXI\AppData\Local\Temp\sfareca00001.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 21:51
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by Administrator at 2015-03-02 12:24:48
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.0 - Sereby Corporation)
AMD Catalyst Install Manager (HKLM\...\{5C085A19-B4A1-6686-0103-E9E6F7B2831A}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Brother Driver Deployment Wizard (HKLM\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite DCP-195C (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Default Programs Editor (HKLM\...\Default Programs Editor) (Version: 2.7.2675.2253 - factormystic.net)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
Dualpix Exchange (HKLM\...\{2FDDE008-7BAA-4CAC-9AC3-92C0C1111A3A}) (Version: 4.0.2.1 - Hercules)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.)
Hercules Webcam Station Evolution SE (HKLM\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 3.2.2.1 - Hercules)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
M-Audio FireWire 6.0.4 (x86) (HKLM\...\{CF9FEB7B-3BBF-47D6-801B-09530B7DA7CA}) (Version: 6.0.4 - M-Audio)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version: - Microsoft Corporation)
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3-Info extension V3.4.23 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.23 - Michael Mutschler)
Mp3tag v2.66 (HKLM\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MusicBrainz Picard (HKLM\...\MusicBrainz Picard) (Version: 1.4.0dev2_win_20141219105800 - MusicBrainz)
Oracle VM VirtualBox 4.2.18 (HKLM\...\{2C00465A-EA83-4D9B-9482-9180FBEBD4AC}) (Version: 4.2.18 - Oracle Corporation)
QNAP Qfinder (HKLM\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Super User Run (SuRun) (HKLM\...\SuRun) (Version: 1.2.1.0 - Kay Bruns)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3658721051-4004364685-709729734-500_Classes\CLSID\{6D68FD0E-A1D4-67DA-F02A-E60DD72474B6}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2DEB7EB8-F744-45DC-9809-1ECA206E5584} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {67705D0E-6E0F-4ADA-ABB7-AD9D3F8A9A66} - System32\Tasks\K10Stat Autostart => D:\Portable Programme\K10Stat\K10STAT.exe [2011-08-06] ()
Task: {7C6C99B4-0EBF-47AB-8325-46AEDAE223EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ACFD7EC4-0390-40B9-926C-01AD056ABCDA} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: {E3AF7CB3-9AB9-4CD5-BCC9-9777EDD37DF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2015-03-02 09:55 - 2015-03-02 09:55 - 02913792 _____ () C:\Program Files\Avast\defs\15030200\algo.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 02151544 _____ () C:\Program Files\Avast\ng\vbox\VBoxVMM.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00021488 _____ () C:\Program Files\Avast\ng\vbox\VBoxREM.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 04474224 _____ () C:\Program Files\Avast\ng\vbox\VBoxRT.dll
2013-10-14 19:26 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-11-19 20:44 - 2014-11-19 20:44 - 00317632 _____ () C:\Program Files\Avast\ng\vbox\VBoxDDU.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2013-11-04 16:03 - 2009-03-13 15:33 - 00593920 _____ () C:\Program Files\Hercules\Dualpix Exchange\highgui110.dll
2013-11-04 16:03 - 2009-03-13 15:32 - 00958464 _____ () C:\Program Files\Hercules\Dualpix Exchange\cxcore110.dll
2013-11-04 16:03 - 2009-03-13 15:33 - 00876544 _____ () C:\Program Files\Hercules\Dualpix Exchange\cv110.dll
2010-07-04 20:51 - 2010-07-04 20:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2014-11-19 20:44 - 2014-11-19 20:44 - 38562088 _____ () C:\Program Files\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\MAFWTray.exe
==================== Accounts: =============================
Administrator (S-1-5-21-3658721051-4004364685-709729734-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3658721051-4004364685-709729734-501 - Limited - Disabled)
Standart (S-1-5-21-3658721051-4004364685-709729734-1002 - Limited - Enabled) => C:\Users\Admin.KRAXI
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 29%
Total physical RAM: 3327.18 MB
Available physical RAM: 2343.38 MB
Total Pagefile: 6652.66 MB
Available Pagefile: 5678.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.66 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:78.03 GB) (Free:52.24 GB) NTFS
Drive d: (Temp) (Fixed) (Total:219.96 GB) (Free:164.69 GB) NTFS
Drive e: (Privat) (Fixed) (Total:48.83 GB) (Free:15.41 GB) NTFS
Drive f: (Musik) (Fixed) (Total:833.84 GB) (Free:832.61 GB) NTFS
Drive g: (Software) (Fixed) (Total:48.83 GB) (Free:23.3 GB) NTFS
Drive x: () (Network) (Total:1374.26 GB) (Free:580.16 GB)
Drive z: () (Network) (Total:1374.26 GB) (Free:580.16 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D9D0D9D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
02.03.2015, 12:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligt FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2015, 13:16
| #9 |
| | Avast blockt verschiedene Seiten, svchost beteiligt Fixlist ausgeführt. Nach dem Neustart gab es (zumindest bisher) keine Blockmeldung von Avast Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015
Ran by Administrator at 2015-03-02 13:06:36 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Standart & Administrator (Available profiles: Standart & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Hosts:
*****************
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3658721051-4004364685-709729734-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3658721051-4004364685-709729734-500\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 507.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 13:10:20 ====
|
|
02.03.2015, 14:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligt Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2015, 21:24
| #11 |
| | Avast blockt verschiedene Seiten, svchost beteiligt Melde positiven Vollzug, Sir! Beide Programme zeigen nichts an und das Problem ist bisher auch nicht wieder aufgetaucht. Vielen, vielen Dank!!! Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.03.2015 Suchlauf-Zeit: 14:57:23 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.02.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 608706 Verstrichene Zeit: 1 Std, 26 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4cdeebb1f896a5409e3147b962b5d983
# engine=22716
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-02 07:36:10
# local_time=2015-03-02 08:36:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 79879 176956161 0 0
# scanned=136762
# found=0
# cleaned=0
# scan_time=3292
|
|
02.03.2015, 21:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligt Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2015, 09:34
| #13 |
| | Avast blockt verschiedene Seiten, svchost beteiligt Ja, sieht so aus, als ob alles o.k. ist. Ghostery sagt mir was, hab ich glaub ich Mal ausprobiert. Tatsächlich lasse ich fast alle Cookies am Sitzungsende löschen (dafür verwaltet Firefox die meißten Passworter). |
|
03.03.2015, 09:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast blockt verschiedene Seiten, svchost beteiligt Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avast blockt verschiedene Seiten, svchost beteiligt |
| adware, antivirus, askbar, blackled.info, bonjour, browser, converter, defender, ebay, firefox, flash player, helper, homepage, mozilla, mp3, musik, realtek, registry, scan, schutz, security, services.exe, software, svchost, svchost.exe, windows, wma |
Linear-Darstellung
