| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2014, 23:07
| #1 |
| |  XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! Ich wollte auf meinem Zweitrechner die Bootprogramme editieren da sind mir einige Dinge aufgefallen. Sixth.exe das aber nicht mehr da ist.. Seventh.exe genau diese Version https://www.virustotal.com/de/file/6346947d1648abedcfbbb930dd954301ee3757471d39dd04b34ef993d58815b9/analysis/ SCheck und Intermediate exe die so lua teile in den Anwendungsdaten sind, diese haben aber nur eine Erkennung in Virustotal, und so ein Datamgr der aber auch "clean" aussieht.. Installiert ist dort Avast, das schon mal die seventh exe nicht erkennt, der Rechner soll möglichst wenig gebremst werden deswegen avast (keine Ahnung ob das perfekt ist) Dann hatte ich die Anwendungsdaten von meinem Hauptrechner aus mit Avira gescant, weil es ja die Seventh erkennt. (Der alte rechner kann soweit ich weiss nicht auf meinen Hauptrechner zugreifen, bzw ich bekomm nur in eine richtung netzwerkzugriff.) hier informationen von avira hxxp://www.avira.com/de/support-threats-summary/tid/8516/threat/TR.Agent.83648 der Ordner "Common/" wurde wie dort erwähnt auf dem Rechner erstellt. Jetzt wollte ich die Checkliste abarbeiten aber wenn ich FRST auf den Rechner kopiere verschwindet es sofort wieder auch nach umbenennung..  Das ist natürlich recht beunruhigend. Beide Rechner sind an meiner Easybox angeschlossen und haben dadurch Netzwerk. Da ich fast nie das Internet über den alten öffne, und diese Seventh.exe nicht auf win7 vorkommt.. naja weiss ich auch nicht so recht. Bitte zu hilf  (hmm nach dem fbar Problem ist Avast acuh mal abgestürzt und gestern ist Avira auf meinem Hauptrechner glaube ich auch Abgestürzt) Komisch da ist auch ewig ein Gast im Thread ist denn das ein spezieller Freund Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 1. November 2014 20:43
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Starter
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Windows
Computername : WINDOWS-PC
Versionsinformationen:
BUILD.DAT : 14.0.7.306 92015 Bytes 24.09.2014 12:44:00
AVSCAN.EXE : 14.0.7.266 1014576 Bytes 24.09.2014 10:44:21
AVSCANRC.DLL : 14.0.7.220 65272 Bytes 24.09.2014 10:44:21
LUKE.DLL : 14.0.7.220 59696 Bytes 24.09.2014 10:44:26
AVSCPLR.DLL : 14.0.7.266 94512 Bytes 24.09.2014 10:44:21
REPAIR.DLL : 14.0.7.266 366328 Bytes 24.09.2014 10:44:21
REPAIR.RDF : 1.0.2.30 596694 Bytes 24.10.2014 12:39:41
AVREG.DLL : 14.0.7.220 264952 Bytes 24.09.2014 10:44:21
AVLODE.DLL : 14.0.7.266 563448 Bytes 24.09.2014 10:44:21
AVLODE.RDF : 14.0.4.46 64835 Bytes 24.09.2014 10:44:21
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00208.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00209.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00210.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00211.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00212.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00213.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00214.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00215.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00216.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:58
XBV00217.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00218.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00219.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00220.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00221.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00222.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00223.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00224.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00225.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00226.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00227.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00228.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00229.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00230.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00231.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:28:59
XBV00232.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00233.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00234.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00235.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00236.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00237.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00238.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00239.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00240.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00241.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00242.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00243.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00244.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00245.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:00
XBV00246.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00247.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00248.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00249.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00250.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00251.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00252.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00253.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00254.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00255.VDF : 8.11.178.32 2048 Bytes 14.10.2014 03:29:01
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:44:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:44:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:44:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:44:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:44:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:44:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:44:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:44:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 10:44:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 10:44:30
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 03:28:45
XBV00042.VDF : 8.11.178.58 29696 Bytes 14.10.2014 03:28:45
XBV00043.VDF : 8.11.178.60 2048 Bytes 14.10.2014 03:28:45
XBV00044.VDF : 8.11.178.86 21504 Bytes 14.10.2014 03:28:45
XBV00045.VDF : 8.11.178.88 11776 Bytes 15.10.2014 04:29:42
XBV00046.VDF : 8.11.178.92 17408 Bytes 15.10.2014 04:29:42
XBV00047.VDF : 8.11.178.94 2048 Bytes 15.10.2014 04:29:42
XBV00048.VDF : 8.11.178.116 7680 Bytes 15.10.2014 04:29:42
XBV00049.VDF : 8.11.178.136 21504 Bytes 15.10.2014 04:29:42
XBV00050.VDF : 8.11.178.140 2048 Bytes 15.10.2014 04:29:42
XBV00051.VDF : 8.11.178.162 32768 Bytes 15.10.2014 04:29:42
XBV00052.VDF : 8.11.178.164 2048 Bytes 15.10.2014 04:29:42
XBV00053.VDF : 8.11.178.166 14336 Bytes 15.10.2014 04:29:42
XBV00054.VDF : 8.11.178.170 12800 Bytes 15.10.2014 04:29:42
XBV00055.VDF : 8.11.178.190 4608 Bytes 15.10.2014 04:29:42
XBV00056.VDF : 8.11.178.210 5120 Bytes 15.10.2014 04:29:43
XBV00057.VDF : 8.11.178.230 17920 Bytes 16.10.2014 05:30:59
XBV00058.VDF : 8.11.178.234 8704 Bytes 16.10.2014 05:31:00
XBV00059.VDF : 8.11.178.236 13312 Bytes 16.10.2014 05:31:00
XBV00060.VDF : 8.11.178.240 50176 Bytes 16.10.2014 05:31:00
XBV00061.VDF : 8.11.179.4 2048 Bytes 16.10.2014 05:31:00
XBV00062.VDF : 8.11.179.6 2048 Bytes 16.10.2014 05:31:00
XBV00063.VDF : 8.11.179.8 2048 Bytes 16.10.2014 05:31:00
XBV00064.VDF : 8.11.179.12 27136 Bytes 16.10.2014 05:31:00
XBV00065.VDF : 8.11.179.18 29696 Bytes 17.10.2014 06:32:06
XBV00066.VDF : 8.11.179.20 2048 Bytes 17.10.2014 06:32:07
XBV00067.VDF : 8.11.179.22 8192 Bytes 17.10.2014 06:32:07
XBV00068.VDF : 8.11.179.44 12800 Bytes 17.10.2014 06:32:07
XBV00069.VDF : 8.11.179.62 6656 Bytes 17.10.2014 06:32:07
XBV00070.VDF : 8.11.179.80 10752 Bytes 17.10.2014 06:32:07
XBV00071.VDF : 8.11.179.82 2048 Bytes 17.10.2014 06:32:07
XBV00072.VDF : 8.11.179.100 5632 Bytes 17.10.2014 06:32:07
XBV00073.VDF : 8.11.179.106 22528 Bytes 17.10.2014 06:32:07
XBV00074.VDF : 8.11.179.108 2560 Bytes 17.10.2014 06:32:07
XBV00075.VDF : 8.11.179.110 9216 Bytes 17.10.2014 06:32:07
XBV00076.VDF : 8.11.179.114 18432 Bytes 18.10.2014 07:33:18
XBV00077.VDF : 8.11.179.116 3072 Bytes 18.10.2014 07:33:18
XBV00078.VDF : 8.11.179.118 38912 Bytes 18.10.2014 07:33:18
XBV00079.VDF : 8.11.179.120 2048 Bytes 18.10.2014 07:33:18
XBV00080.VDF : 8.11.179.122 52224 Bytes 19.10.2014 08:33:58
XBV00081.VDF : 8.11.179.140 2048 Bytes 19.10.2014 08:33:58
XBV00082.VDF : 8.11.179.160 25600 Bytes 19.10.2014 08:33:58
XBV00083.VDF : 8.11.179.162 2048 Bytes 19.10.2014 08:33:58
XBV00084.VDF : 8.11.179.180 35328 Bytes 20.10.2014 08:33:58
XBV00085.VDF : 8.11.179.182 2048 Bytes 20.10.2014 08:33:58
XBV00086.VDF : 8.11.179.184 12800 Bytes 20.10.2014 08:33:59
XBV00087.VDF : 8.11.179.186 7168 Bytes 20.10.2014 09:36:10
XBV00088.VDF : 8.11.179.188 23040 Bytes 20.10.2014 09:36:10
XBV00089.VDF : 8.11.179.190 2048 Bytes 20.10.2014 09:36:10
XBV00090.VDF : 8.11.179.192 2048 Bytes 20.10.2014 09:36:10
XBV00091.VDF : 8.11.179.194 13312 Bytes 20.10.2014 09:36:10
XBV00092.VDF : 8.11.179.196 2048 Bytes 20.10.2014 09:36:10
XBV00093.VDF : 8.11.179.216 36352 Bytes 20.10.2014 09:36:10
XBV00094.VDF : 8.11.179.232 2048 Bytes 20.10.2014 09:36:10
XBV00095.VDF : 8.11.179.234 2048 Bytes 20.10.2014 09:36:10
XBV00096.VDF : 8.11.180.12 32256 Bytes 21.10.2014 09:36:10
XBV00097.VDF : 8.11.180.30 17408 Bytes 21.10.2014 09:36:10
XBV00098.VDF : 8.11.180.32 2048 Bytes 21.10.2014 09:36:11
XBV00099.VDF : 8.11.180.34 16384 Bytes 21.10.2014 09:36:11
XBV00100.VDF : 8.11.180.40 8704 Bytes 21.10.2014 09:36:11
XBV00101.VDF : 8.11.180.42 10240 Bytes 21.10.2014 10:37:07
XBV00102.VDF : 8.11.180.44 31744 Bytes 21.10.2014 10:37:08
XBV00103.VDF : 8.11.180.60 2048 Bytes 21.10.2014 10:37:08
XBV00104.VDF : 8.11.180.64 24576 Bytes 21.10.2014 10:37:08
XBV00105.VDF : 8.11.180.66 6144 Bytes 21.10.2014 10:37:08
XBV00106.VDF : 8.11.180.70 2560 Bytes 21.10.2014 10:37:08
XBV00107.VDF : 8.11.180.88 33280 Bytes 22.10.2014 10:37:08
XBV00108.VDF : 8.11.180.104 2560 Bytes 22.10.2014 10:37:08
XBV00109.VDF : 8.11.180.106 2048 Bytes 22.10.2014 10:37:08
XBV00110.VDF : 8.11.180.122 25600 Bytes 22.10.2014 10:37:08
XBV00111.VDF : 8.11.180.138 11264 Bytes 22.10.2014 10:37:08
XBV00112.VDF : 8.11.180.140 20992 Bytes 22.10.2014 11:37:49
XBV00113.VDF : 8.11.180.142 2048 Bytes 22.10.2014 11:37:49
XBV00114.VDF : 8.11.180.144 2048 Bytes 22.10.2014 11:37:49
XBV00115.VDF : 8.11.180.150 43520 Bytes 22.10.2014 11:37:49
XBV00116.VDF : 8.11.180.154 2048 Bytes 22.10.2014 11:37:49
XBV00117.VDF : 8.11.180.172 12288 Bytes 22.10.2014 11:37:49
XBV00118.VDF : 8.11.180.174 2048 Bytes 22.10.2014 11:37:49
XBV00119.VDF : 8.11.180.188 7168 Bytes 22.10.2014 11:37:49
XBV00120.VDF : 8.11.180.204 11776 Bytes 23.10.2014 11:37:49
XBV00121.VDF : 8.11.180.206 3584 Bytes 23.10.2014 11:37:49
XBV00122.VDF : 8.11.180.208 22016 Bytes 23.10.2014 11:37:50
XBV00123.VDF : 8.11.180.210 20992 Bytes 23.10.2014 12:39:39
XBV00124.VDF : 8.11.180.212 2048 Bytes 23.10.2014 12:39:39
XBV00125.VDF : 8.11.180.214 2560 Bytes 23.10.2014 12:39:39
XBV00126.VDF : 8.11.180.220 32768 Bytes 23.10.2014 12:39:39
XBV00127.VDF : 8.11.180.222 2048 Bytes 23.10.2014 12:39:39
XBV00128.VDF : 8.11.180.224 2048 Bytes 23.10.2014 12:39:39
XBV00129.VDF : 8.11.180.226 15872 Bytes 23.10.2014 12:39:39
XBV00130.VDF : 8.11.180.228 2048 Bytes 23.10.2014 12:39:39
XBV00131.VDF : 8.11.180.232 28672 Bytes 24.10.2014 12:39:39
XBV00132.VDF : 8.11.180.234 2048 Bytes 24.10.2014 12:39:40
XBV00133.VDF : 8.11.180.236 38912 Bytes 24.10.2014 13:40:26
XBV00134.VDF : 8.11.180.250 2048 Bytes 24.10.2014 13:40:26
XBV00135.VDF : 8.11.180.252 2048 Bytes 24.10.2014 13:40:27
XBV00136.VDF : 8.11.181.10 14336 Bytes 24.10.2014 13:40:27
XBV00137.VDF : 8.11.181.24 6144 Bytes 24.10.2014 13:40:27
XBV00138.VDF : 8.11.181.36 21504 Bytes 24.10.2014 13:40:27
XBV00139.VDF : 8.11.181.38 2048 Bytes 24.10.2014 13:40:27
XBV00140.VDF : 8.11.181.40 25088 Bytes 24.10.2014 13:40:27
XBV00141.VDF : 8.11.181.42 2048 Bytes 25.10.2014 13:40:27
XBV00142.VDF : 8.11.181.44 2048 Bytes 25.10.2014 13:40:27
XBV00143.VDF : 8.11.181.48 62976 Bytes 25.10.2014 14:41:35
XBV00144.VDF : 8.11.181.50 2048 Bytes 25.10.2014 14:41:35
XBV00145.VDF : 8.11.181.52 27136 Bytes 25.10.2014 14:41:36
XBV00146.VDF : 8.11.181.54 2048 Bytes 25.10.2014 14:41:36
XBV00147.VDF : 8.11.181.56 2048 Bytes 25.10.2014 14:41:36
XBV00148.VDF : 8.11.181.72 64000 Bytes 26.10.2014 14:41:36
XBV00149.VDF : 8.11.181.84 2048 Bytes 26.10.2014 14:41:36
XBV00150.VDF : 8.11.181.96 2048 Bytes 26.10.2014 14:41:36
XBV00151.VDF : 8.11.181.108 2048 Bytes 26.10.2014 14:41:36
XBV00152.VDF : 8.11.181.120 14336 Bytes 26.10.2014 15:43:50
XBV00153.VDF : 8.11.181.132 2048 Bytes 26.10.2014 15:43:50
XBV00154.VDF : 8.11.181.146 54272 Bytes 27.10.2014 15:43:50
XBV00155.VDF : 8.11.181.148 2048 Bytes 27.10.2014 15:43:50
XBV00156.VDF : 8.11.181.150 6656 Bytes 27.10.2014 15:43:50
XBV00157.VDF : 8.11.181.152 7680 Bytes 27.10.2014 15:43:50
XBV00158.VDF : 8.11.181.154 6656 Bytes 27.10.2014 15:43:50
XBV00159.VDF : 8.11.181.156 13824 Bytes 27.10.2014 15:43:50
XBV00160.VDF : 8.11.181.158 2048 Bytes 27.10.2014 15:43:50
XBV00161.VDF : 8.11.181.172 35840 Bytes 27.10.2014 16:43:30
XBV00162.VDF : 8.11.181.184 2048 Bytes 27.10.2014 16:43:30
XBV00163.VDF : 8.11.181.186 2048 Bytes 27.10.2014 16:43:30
XBV00164.VDF : 8.11.181.200 6144 Bytes 27.10.2014 16:43:30
XBV00165.VDF : 8.11.181.214 5632 Bytes 28.10.2014 16:43:30
XBV00166.VDF : 8.11.181.218 2560 Bytes 28.10.2014 16:43:30
XBV00167.VDF : 8.11.181.220 3072 Bytes 28.10.2014 16:43:30
XBV00168.VDF : 8.11.181.222 11776 Bytes 28.10.2014 16:43:30
XBV00169.VDF : 8.11.181.224 27136 Bytes 28.10.2014 16:43:30
XBV00170.VDF : 8.11.181.226 2048 Bytes 28.10.2014 16:43:30
XBV00171.VDF : 8.11.181.228 2048 Bytes 28.10.2014 16:43:31
XBV00172.VDF : 8.11.181.234 27136 Bytes 28.10.2014 17:44:29
XBV00173.VDF : 8.11.181.240 2048 Bytes 28.10.2014 17:44:29
XBV00174.VDF : 8.11.181.246 14336 Bytes 28.10.2014 17:44:29
XBV00175.VDF : 8.11.181.250 58880 Bytes 29.10.2014 17:44:30
XBV00176.VDF : 8.11.182.6 2048 Bytes 29.10.2014 17:44:30
XBV00177.VDF : 8.11.182.16 2048 Bytes 29.10.2014 17:44:30
XBV00178.VDF : 8.11.182.18 2048 Bytes 29.10.2014 17:44:30
XBV00179.VDF : 8.11.182.28 25088 Bytes 29.10.2014 17:44:30
XBV00180.VDF : 8.11.182.38 29184 Bytes 29.10.2014 17:44:30
XBV00181.VDF : 8.11.182.40 2048 Bytes 29.10.2014 17:44:30
XBV00182.VDF : 8.11.182.42 2048 Bytes 29.10.2014 17:44:30
XBV00183.VDF : 8.11.182.46 43520 Bytes 29.10.2014 18:46:05
XBV00184.VDF : 8.11.182.48 2048 Bytes 29.10.2014 18:46:05
XBV00185.VDF : 8.11.182.50 2048 Bytes 29.10.2014 18:46:05
XBV00186.VDF : 8.11.182.52 10752 Bytes 29.10.2014 18:46:05
XBV00187.VDF : 8.11.182.64 31232 Bytes 30.10.2014 18:46:05
XBV00188.VDF : 8.11.182.74 2048 Bytes 30.10.2014 18:46:05
XBV00189.VDF : 8.11.182.76 2048 Bytes 30.10.2014 18:46:05
XBV00190.VDF : 8.11.182.78 2048 Bytes 30.10.2014 18:46:05
XBV00191.VDF : 8.11.182.90 36352 Bytes 30.10.2014 18:46:06
XBV00192.VDF : 8.11.182.92 9216 Bytes 30.10.2014 18:46:06
XBV00193.VDF : 8.11.182.94 2048 Bytes 30.10.2014 18:46:06
XBV00194.VDF : 8.11.182.96 2048 Bytes 30.10.2014 18:46:06
XBV00195.VDF : 8.11.182.106 2048 Bytes 30.10.2014 18:46:06
XBV00196.VDF : 8.11.182.116 26624 Bytes 30.10.2014 18:46:06
XBV00197.VDF : 8.11.182.120 24576 Bytes 30.10.2014 19:46:54
XBV00198.VDF : 8.11.182.124 2048 Bytes 30.10.2014 19:46:54
XBV00199.VDF : 8.11.182.126 9728 Bytes 31.10.2014 19:46:54
XBV00200.VDF : 8.11.182.128 25088 Bytes 31.10.2014 19:46:54
XBV00201.VDF : 8.11.182.130 13824 Bytes 31.10.2014 19:46:54
XBV00202.VDF : 8.11.182.140 10752 Bytes 31.10.2014 19:46:54
XBV00203.VDF : 8.11.182.142 2560 Bytes 31.10.2014 19:46:55
XBV00204.VDF : 8.11.182.144 2048 Bytes 31.10.2014 19:46:55
XBV00205.VDF : 8.11.182.152 18944 Bytes 31.10.2014 19:46:55
XBV00206.VDF : 8.11.182.156 26112 Bytes 31.10.2014 19:46:55
XBV00207.VDF : 8.11.182.158 2048 Bytes 31.10.2014 19:46:55
LOCAL000.VDF : 8.11.182.158 113276928 Bytes 31.10.2014 19:47:15
Engineversion : 8.3.26.2
AEVDF.DLL : 8.3.1.6 133992 Bytes 24.09.2014 10:44:20
AESCRIPT.DLL : 8.2.2.6 526248 Bytes 31.10.2014 19:46:53
AESCN.DLL : 8.3.2.2 139456 Bytes 24.09.2014 10:44:20
AESBX.DLL : 8.2.20.24 1409224 Bytes 24.09.2014 10:44:20
AERDL.DLL : 8.2.1.16 743328 Bytes 29.10.2014 17:44:28
AEPACK.DLL : 8.4.0.54 788392 Bytes 13.10.2014 20:42:22
AEOFFICE.DLL : 8.3.0.38 224112 Bytes 31.10.2014 19:46:52
AEHEUR.DLL : 8.1.4.1370 7727984 Bytes 31.10.2014 19:46:52
AEHELP.DLL : 8.3.1.0 278728 Bytes 24.09.2014 10:44:20
AEGEN.DLL : 8.1.7.32 452512 Bytes 31.10.2014 19:46:37
AEEXP.DLL : 8.4.2.32 247712 Bytes 24.09.2014 10:44:20
AEEMU.DLL : 8.1.3.4 399264 Bytes 24.09.2014 10:44:20
AEDROID.DLL : 8.4.2.24 442568 Bytes 24.09.2014 10:44:20
AECORE.DLL : 8.3.2.6 243712 Bytes 24.09.2014 10:44:20
AEBB.DLL : 8.1.2.0 60448 Bytes 24.09.2014 10:44:20
AVWINLL.DLL : 14.0.7.220 25904 Bytes 24.09.2014 10:44:22
AVPREF.DLL : 14.0.7.220 52016 Bytes 24.09.2014 10:44:21
AVREP.DLL : 14.0.7.220 220976 Bytes 24.09.2014 10:44:21
AVARKT.DLL : 14.0.7.220 227632 Bytes 24.09.2014 10:44:20
AVEVTLOG.DLL : 14.0.7.220 185080 Bytes 24.09.2014 10:44:20
SQLITE3.DLL : 14.0.7.220 453936 Bytes 24.09.2014 10:44:28
AVSMTP.DLL : 14.0.7.220 79096 Bytes 24.09.2014 10:44:22
NETNT.DLL : 14.0.7.220 15152 Bytes 24.09.2014 10:44:27
RCIMAGE.DLL : 14.0.7.220 4865328 Bytes 24.09.2014 10:44:27
RCTEXT.DLL : 14.0.7.240 77048 Bytes 24.09.2014 10:44:27
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Windows\AppData\Local\Temp\9282b0c4.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 1. November 2014 20:43
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in '\\PALOMINO\Administrator'
\\PALOMINO\Administrator\Anwendungsdaten\Seventh\Seventh.exe
[FUND] Ist das Trojanische Pferd TR/Agent.83648
\\PALOMINO\Administrator\Desktop\Seventh.exe
[FUND] Ist das Trojanische Pferd TR/Agent.83648 (hatte es auf Desktop kopiert zum hochladen)
Beginne mit der Desinfektion:
\\PALOMINO\Administrator\Desktop\Seventh.exe
[FUND] Ist das Trojanische Pferd TR/Agent.83648
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50bf9cd1.qua' verschoben!
\\PALOMINO\Administrator\Anwendungsdaten\Seventh\Seventh.exe
[FUND] Ist das Trojanische Pferd TR/Agent.83648
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4828b376.qua' verschoben!
Ende des Suchlaufs: Samstag, 1. November 2014 21:10
Benötigte Zeit: 25:50 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
1415 Verzeichnisse wurden überprüft
24509 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
24507 Dateien ohne Befall
157 Archive wurden durchsucht
0 Warnungen
2 Hinweise
Geändert von mac11 (01.11.2014 um 23:31 Uhr) |
|
01.11.2014, 23:45
| #2 |
| /// the machine /// TB-Ausbilder    |  XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.11.2014, 23:53
| #3 |
| | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! Oh jetzt geht es, es war der stille Modus in Avast, da hab ich nichts mitbekommen.
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Administrator (administrator) on PALOMINO on 01-11-2014 23:49:58
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\Programme\Creative\Shared Files\CTAudSvc.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [20992 2003-12-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-26] (AVAST Software)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\LogonUI.EXE [515072 2008-04-14] (Microsoft Corporation)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [SCheck] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [DataMgr] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [Intermediate] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [StartMenuLogOff] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\MountPoints2: {4bf7e97c-c885-11de-9d32-0030849af90d} - J:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECA244E4A892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {FB8903A1-C95F-4B51-A32F-70F51770D026} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {C333CF63-767F-4831-94AC-E683D962C63C} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984
FF DefaultSearchUrl: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\plugins\npcoolirisplugin.dll ()
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\ich@maltegoetz.de.xpi [2014-10-13]
FF Extension: OfferMosquito - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\om@offermosquito.com.xpi [2013-12-19]
FF Extension: Simple New Tab - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: StopTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\stoptube@kashiif.com.xpi [2013-05-30]
FF Extension: Zoom Page - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\zoompage@DW-dev.xpi [2013-06-25]
FF Extension: Resurrect Pages - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-05-30]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-06]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-08-25] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-26] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-28] (Creative Labs)
R2 CTAudSvcService; C:\Programme\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-14] (Creative Technology Ltd)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S2 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-18] (Mozilla Foundation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [575008 2014-04-24] (Baidu Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 Al_elp; No ImagePath
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-26] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-26] ()
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-04] (ATI Technologies Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] ()
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-06-05] (Baidu, Inc.)
S2 BT848; C:\WINDOWS\System32\DRIVERS\BT848.sys [371349 2011-01-25] (Illusion & Hope.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798744 2009-06-23] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2009-06-23] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2009-06-23] (Creative Technology Ltd)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2006-03-13] (MCCI)
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2006-03-13] (MCCI)
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2006-03-13] (MCCI)
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2006-03-13] (MCCI)
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2006-03-13] (MCCI)
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51582 2003-12-11] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37916 2003-12-11] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2004-08-04] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
S3 Spring; C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [96608 2014-06-13] ()
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [682232 2009-09-09] (Duplex Secure Ltd.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [570168 2009-10-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [527800 2009-10-06] (eMPIA Technology, Inc.)
R2 vcs; F:\Programme\AV VCS 3.0\vcs.sys [6852 2002-12-10] ()
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [32000 2008-04-14] (Microsoft Corporation)
S3 BioNT_BS; \??\C:\Programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [X]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PCFApiUtil; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 23:49 - 2014-11-01 23:50 - 00000000 ____D () C:\FRST
2014-11-01 21:56 - 2014-11-01 21:56 - 00000020 _____ () C:\Dokumente und Einstellungen\Administrator\defogger_reenable
2014-11-01 18:46 - 2014-11-01 21:57 - 03162278 ____N () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.BAK
2014-11-01 15:51 - 2014-11-01 15:51 - 00000109 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\hjghghj.txt
2014-11-01 15:15 - 2014-11-01 23:50 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2014-11-01 15:11 - 2013-07-21 14:24 - 00168824 _____ (HTTO Group, Ltd.) C:\Dokumente und Einstellungen\Administrator\Desktop\DataMgr.exe
2014-10-18 17:39 - 2014-10-19 03:47 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\mr brave
2014-10-13 10:28 - 2014-10-13 10:29 - 00000287 _____ () C:\WINDOWS\nsw.log
2014-10-13 10:06 - 2014-10-13 10:06 - 00000252 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Windows-pc.lnk
2014-10-13 10:06 - 2014-10-13 10:06 - 00000249 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Easybox.lnk
2014-10-09 16:48 - 2014-10-09 16:48 - 00000000 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument (4).txt
2014-10-08 17:05 - 2014-10-13 09:44 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 23:49 - 2013-07-01 09:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
2014-11-01 23:09 - 2014-04-22 00:17 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 22:44 - 2013-08-06 16:15 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-01 22:40 - 2013-09-24 17:08 - 01160190 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-01 22:39 - 2014-06-15 09:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-01 22:39 - 2014-06-15 09:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-01 22:39 - 2014-04-22 00:17 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 22:38 - 2013-05-02 06:55 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-01 22:38 - 2009-04-04 12:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 22:23 - 2013-09-16 15:18 - 00001050 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
2014-11-01 21:57 - 2014-05-26 05:48 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-01 21:57 - 2013-02-28 13:27 - 03162278 _____ () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.CDF
2014-11-01 21:57 - 2009-04-04 12:12 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-11-01 21:56 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-11-01 21:10 - 2014-08-19 15:07 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
2014-11-01 18:55 - 2014-06-15 10:04 - 00689934 _____ () C:\WINDOWS\setupapi.log
2014-11-01 18:53 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-01 16:23 - 2013-09-16 15:18 - 00001028 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
2014-10-27 20:24 - 2009-04-04 12:32 - 01069336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-20 11:04 - 2009-04-04 12:32 - 00000000 ____D () C:\Programme
2014-10-19 03:58 - 2014-04-22 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\BOTS
2014-10-19 03:55 - 2013-08-06 17:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2014-10-18 09:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-10-18 09:02 - 2013-09-24 07:03 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-10-16 14:40 - 2014-07-19 20:50 - 00000266 _____ () C:\WINDOWS\setupact.log
2014-10-15 13:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-10-13 11:01 - 2014-06-10 18:05 - 00000000 ____D () C:\pisse
2014-10-13 10:36 - 2009-06-28 12:18 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
2014-10-08 21:34 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-10-08 18:48 - 2009-06-28 11:57 - 00000063 _____ () C:\WINDOWS\wininit.ini
2014-10-08 14:00 - 2014-04-22 00:10 - 00000232 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-10-07 17:02 - 2009-05-17 11:34 - 00278528 ___SH () C:\Dokumente und Einstellungen\Administrator\Desktop\Thumbs.db
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\WINDOWS\system32\svchost.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\WINDOWS\system32\services.exe
[2008-04-14 12:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\WINDOWS\system32\User32.dll
[2008-04-14 12:00] - [2008-04-14 12:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\WINDOWS\system32\userinit.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 12:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 12:00] - [2008-04-14 12:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by Administrator at 2014-11-01 23:51:05
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.20 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - )
Ashampoo WinOptimizer Platinum 3 (HKLM\...\Ashampoo WinOptimizer Platinum 3) (Version: - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield Mod Development Toolkit 2.0 Beta (HKLM\...\MDT) (Version: - )
Carmageddon (HKLM\...\CarmageddonDeinstKey) (Version: - )
dBpowerAMP mp3PRO Input Codec (HKLM\...\dBpowerAMP mp3PRO Input Codec) (Version: - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version: - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version: - )
dBpowerAMP WMA V8 Codec (HKLM\...\dBpowerAMP WMA V8 Codec) (Version: - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
dMC Auxiliary Input (HKLM\...\dMC Auxiliary Input) (Version: - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 2 (HKLM\...\Fallout 2) (Version: - )
ffdshow (HKLM\...\ffdshow) (Version: 20051221-gcc4.0.2-sse-x264.nl - Milan Cutka)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
GetFoldersize 1.2.3 (HKLM\...\GetFoldersize_is1) (Version: 1.2.3 - Michael Thummerer Software Design)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
Heroes of Might and Magic® IV (HKLM\...\Heroes of Might and Magic IV) (Version: - )
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Internet Explorer 7 (Version: - ) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
MC SW 1.6.1 (HKLM\...\Merciless SW Texture set_is1) (Version: - MERCILESS CREATIONS)
MC: Zara5ustra Map Pack (HKLM\...\MC: Zara5ustra Map Pack) (Version: - )
Merciless 1942 version 1.6 (HKLM\...\Merciless 1942 version 1.6) (Version: - )
Merciless Creations Secret Weapons Single Player (HKLM\...\Merciless Creations Secret Weapons Single Player) (Version: - )
Merciless Single Player (HKLM\...\Merciless Single Player) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.0 - Tracker Software Products Ltd)
Philppines and Kharkov update (HKLM\...\Merciless Creations 1.6.1 Texture Update_is1) (Version: - Merciless Creations)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
Rome - Total War(TM) (HKLM\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (Version: 1.0 - Ihr Firmenname) Hidden
Rome - Total War(TM) (Version: 1.2 - Ihr Firmenname) Hidden
Sakura (HKLM\...\Sakura) (Version: - Image-Line)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Silkroad (HKLM\...\Silkroad) (Version: - )
Snes9x (HKLM\...\Snes9x) (Version: - )
SpeechRedist (HKLM\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TGW 0.15 (HKLM\...\TGW 0.15) (Version: - )
Tony Hawk's Pro Skater 3® (HKLM\...\Tony Hawk's Pro Skater 3®) (Version: 1.0 - Activision Publishing, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
UltimateDefrag V1 FREE Public Domain Version (HKLM\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XBF 1.2 (HKLM\...\XBF 1.2) (Version: - )
XNote Stopwatch 1.50 (HKLM\...\XNote Stopwatch) (Version: - dnSoft Research Group)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{0CFA3FB2-47F4-4157-A162-648CAA980DE2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{19EFC4D2-5251-4EB5-84C8-5A970FF8F5E0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1A6F5C32-45F4-11D3-9A67-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{42E0F145-11FD-11D3-BB97-00C04F8EE6C0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\1033\itngram.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E48-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E49-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{EC468149-6916-11D2-9427-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 12:00 - 2010-09-08 17:17 - 00306512 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Eingabeaufforderung.job => C:\WINDOWS\system32\cmd.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-06 16:13 - 2014-08-26 07:43 - 00301152 _____ () C:\Programme\AVAST Software\Avast\aswProperty.dll
2014-11-01 20:20 - 2014-11-01 20:20 - 02898944 _____ () C:\Programme\AVAST Software\Avast\defs\14110101\algo.dll
2010-08-08 23:07 - 2005-11-10 17:08 - 00418304 _____ () C:\Programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
2013-09-24 07:08 - 2013-01-31 12:22 - 00357224 _____ () C:\Programme\NVIDIA Corporation\nview\nvshell.dll
2013-10-16 12:39 - 2014-08-26 07:44 - 19329904 _____ () C:\Programme\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07BF512B
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0D786AE3
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E5694BFB
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1659004503-2025429265-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1659004503-2025429265-1606980848-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-1659004503-2025429265-1606980848-1000 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
System errors:
=============
Error: (10/16/2014 10:28:46 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.123 für die Netzwerkkarte mit der Netzwerkadresse 0030849AF90D wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (10/15/2014 06:54:09 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.181 für die Netzwerkkarte mit der Netzwerkadresse 0030849AF9FF wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (10/08/2014 04:55:03 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 30 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (10/08/2014 04:55:03 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error: (10/08/2014 04:40:32 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (10/08/2014 04:40:32 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error: (10/08/2014 04:40:01 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (10/08/2014 04:40:01 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error: (10/01/2014 02:20:43 AM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error: (10/01/2014 02:20:43 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 1900+
Percentage of memory in use: 25%
Total physical RAM: 1791.48 MB
Available physical RAM: 1331.41 MB
Total Pagefile: 3467.79 MB
Available Pagefile: 3184.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.54 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:11.38 GB) (Free:1.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:45.89 GB) (Free:11.81 GB) NTFS
Drive f: (BOOT) (Fixed) (Total:91.2 GB) (Free:2.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BACKUP) (Fixed) (Total:93.15 GB) (Free:38.5 GB) NTFS
Drive h: (SWAP) (Fixed) (Total:1.96 GB) (Free:0.17 GB) NTFS
Drive j: (MICROSD) (Removable) (Total:14.81 GB) (Free:0.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 57.3 GB) (Disk ID: 04680468)
Partition 1: (Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: CCD3CCD3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=91.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
02.11.2014, 15:11
| #4 |
| /// the machine /// TB-Ausbilder | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.11.2014, 15:40
| #5 |
| | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! Hi, danke für die Hilfe. Der Scan findet anscheinend nichts. Code:
ATTFilter 15:29:34.0671 0x0db8 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:30:02.0046 0x0db8 ============================================================
15:30:02.0046 0x0db8 Current date / time: 2014/11/02 15:30:02.0046
15:30:02.0046 0x0db8 SystemInfo:
15:30:02.0046 0x0db8
15:30:02.0046 0x0db8 OS Version: 5.1.2600 ServicePack: 3.0
15:30:02.0046 0x0db8 Product type: Workstation
15:30:02.0046 0x0db8 ComputerName: PALOMINO
15:30:02.0046 0x0db8 UserName: Administrator
15:30:02.0046 0x0db8 Windows directory: C:\WINDOWS
15:30:02.0046 0x0db8 System windows directory: C:\WINDOWS
15:30:02.0046 0x0db8 Processor architecture: Intel x86
15:30:02.0046 0x0db8 Number of processors: 1
15:30:02.0046 0x0db8 Page size: 0x1000
15:30:02.0046 0x0db8 Boot type: Normal boot
15:30:02.0046 0x0db8 ============================================================
15:30:03.0968 0x0db8 KLMD registered as C:\WINDOWS\system32\drivers\57299431.sys
15:30:05.0078 0x0db8 System UUID: {07C66F0A-9AD5-F9DC-202D-ED126914DE46}
15:30:08.0015 0x0db8 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 ( 57.27 Gb ), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:30:08.0046 0x0db8 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:30:08.0109 0x0db8 Drive \Device\Harddisk2\DR7 - Size: 0x3B4500000 ( 14.82 Gb ), SectorSize: 0x200, Cylinders: 0x78E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:08.0125 0x0db8 ============================================================
15:30:08.0125 0x0db8 \Device\Harddisk0\DR0:
15:30:08.0125 0x0db8 MBR partitions:
15:30:08.0125 0x0db8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x16C054E
15:30:08.0125 0x0db8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x16C05CC, BlocksNum 0x5BC9668
15:30:08.0125 0x0db8 \Device\Harddisk1\DR1:
15:30:08.0125 0x0db8 MBR partitions:
15:30:08.0125 0x0db8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3EC0C1
15:30:08.0125 0x0db8 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3EC100, BlocksNum 0xB664D41
15:30:08.0125 0x0db8 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xBA50E80, BlocksNum 0xBA4CF41
15:30:08.0125 0x0db8 \Device\Harddisk2\DR7:
15:30:08.0140 0x0db8 MBR partitions:
15:30:08.0140 0x0db8 \Device\Harddisk2\DR7\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DA0800
15:30:08.0140 0x0db8 ============================================================
15:30:08.0171 0x0db8 C: <-> \Device\Harddisk0\DR0\Partition1
15:30:08.0281 0x0db8 D: <-> \Device\Harddisk0\DR0\Partition2
15:30:08.0343 0x0db8 G: <-> \Device\Harddisk1\DR1\Partition3
15:30:08.0375 0x0db8 F: <-> \Device\Harddisk1\DR1\Partition2
15:30:08.0406 0x0db8 H: <-> \Device\Harddisk1\DR1\Partition1
15:30:08.0406 0x0db8 ============================================================
15:30:08.0406 0x0db8 Initialize success
15:30:08.0406 0x0db8 ============================================================
15:31:24.0312 0x0d40 ============================================================
15:31:24.0312 0x0d40 Scan started
15:31:24.0312 0x0d40 Mode: Manual; SigCheck; TDLFS;
15:31:24.0312 0x0d40 ============================================================
15:31:24.0312 0x0d40 KSN ping started
15:31:26.0812 0x0d40 KSN ping finished: true
15:31:27.0671 0x0d40 ================ Scan system memory ========================
15:31:27.0687 0x0d40 System memory - ok
15:31:27.0718 0x0d40 ================ Scan services =============================
15:31:28.0078 0x0d40 Abiosdsk - ok
15:31:28.0125 0x0d40 abp480n5 - ok
15:31:28.0265 0x0d40 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:31:34.0218 0x0d40 ACPI - ok
15:31:34.0312 0x0d40 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:31:34.0609 0x0d40 ACPIEC - ok
15:31:34.0750 0x0d40 [ F84C9DEE4698DF3C1D76801B7B1B55D7, 071A3938ED7B9E20E30E873011C8039382C7EFE90D39EC8C0F3E457B2873406E ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
15:31:34.0765 0x0d40 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
15:31:37.0171 0x0d40 Detect skipped due to KSN trusted
15:31:37.0171 0x0d40 Adobe LM Service - ok
15:31:37.0203 0x0d40 adpu160m - ok
15:31:37.0328 0x0d40 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:31:37.0656 0x0d40 aec - ok
15:31:37.0781 0x0d40 [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:31:37.0843 0x0d40 AFD - ok
15:31:37.0875 0x0d40 Aha154x - ok
15:31:37.0906 0x0d40 aic78u2 - ok
15:31:37.0937 0x0d40 aic78xx - ok
15:31:38.0015 0x0d40 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:31:38.0265 0x0d40 Alerter - ok
15:31:38.0312 0x0d40 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
15:31:38.0468 0x0d40 ALG - ok
15:31:38.0500 0x0d40 AliIde - ok
15:31:38.0578 0x0d40 [ 3A0DAFAC778236559C14C7203FB550EB, 9FA197E22A665465D3CBB4E5437CA9102C14757C0DA7C851C0A4436078E18746 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:31:38.0875 0x0d40 AmdK7 - ok
15:31:38.0906 0x0d40 amsint - ok
15:31:39.0031 0x0d40 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:31:39.0203 0x0d40 AppMgmt - ok
15:31:39.0250 0x0d40 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:31:39.0562 0x0d40 Arp1394 - ok
15:31:39.0593 0x0d40 asc - ok
15:31:39.0625 0x0d40 asc3350p - ok
15:31:39.0640 0x0d40 asc3550 - ok
15:31:39.0828 0x0d40 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:31:39.0859 0x0d40 aspnet_state - ok
15:31:39.0937 0x0d40 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
15:31:40.0000 0x0d40 aswHwid - ok
15:31:40.0093 0x0d40 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
15:31:40.0125 0x0d40 aswMonFlt - ok
15:31:40.0171 0x0d40 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] AswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
15:31:40.0203 0x0d40 AswRdr - ok
15:31:40.0281 0x0d40 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
15:31:40.0296 0x0d40 aswRvrt - ok
15:31:40.0671 0x0d40 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:31:40.0890 0x0d40 aswSnx - ok
15:31:41.0109 0x0d40 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:31:41.0250 0x0d40 aswSP - ok
15:31:41.0328 0x0d40 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:31:41.0343 0x0d40 aswTdi - ok
15:31:41.0484 0x0d40 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
15:31:41.0562 0x0d40 aswVmm - ok
15:31:41.0609 0x0d40 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:31:41.0875 0x0d40 AsyncMac - ok
15:31:41.0984 0x0d40 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:42.0265 0x0d40 atapi - ok
15:31:42.0312 0x0d40 Atdisk - ok
15:31:42.0437 0x0d40 [ 74E104ADA8A304774713E9A9A9CB3556, DE73A354D65B927166EE76963CDD09CF5F5D99F95B5A0E30AA120F1C820982F1 ] atinrvxx C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
15:31:42.0484 0x0d40 atinrvxx - ok
15:31:42.0546 0x0d40 [ 0E4BB35C5305099AC82053AC992E3E0E, 51621C0E64B4FF576ED57143306F4E4A9D283815975CA6BA41452D2FFC6C313A ] ATITool C:\WINDOWS\system32\DRIVERS\ATITool.sys
15:31:42.0562 0x0d40 ATITool - detected UnsignedFile.Multi.Generic ( 1 )
15:31:44.0968 0x0d40 Detect skipped due to KSN trusted
15:31:44.0968 0x0d40 ATITool - ok
15:31:45.0031 0x0d40 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:31:45.0328 0x0d40 Atmarpc - ok
15:31:45.0375 0x0d40 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:31:45.0703 0x0d40 AudioSrv - ok
15:31:45.0750 0x0d40 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:31:46.0046 0x0d40 audstub - ok
15:31:46.0171 0x0d40 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
15:31:46.0203 0x0d40 avast! Antivirus - ok
15:31:46.0234 0x0d40 AviraUpgradeService - ok
15:31:46.0281 0x0d40 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:31:46.0593 0x0d40 Beep - ok
15:31:46.0671 0x0d40 [ BE125797A510CD7E9E77D0D79CB989EF, 31038BAE26E6DFF6303B71DAFA1192028815BD397D564A8F0825AFEDA131402F ] Bhbase C:\WINDOWS\system32\drivers\Bhbase.sys
15:31:46.0718 0x0d40 Bhbase - ok
15:31:46.0750 0x0d40 BioNT_BS - ok
15:31:46.0953 0x0d40 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
15:31:47.0515 0x0d40 BITS - ok
15:31:47.0546 0x0d40 BprotectEx - ok
15:31:47.0640 0x0d40 [ B2CC8D85D27BF10C5FAF5B98C335978E, 96A88DFBC7D3C2215933B5C06E6B0BCB674A81AA6399030FEC602193171C7E38 ] Browser C:\WINDOWS\System32\browser.dll
15:31:47.0687 0x0d40 Browser - ok
15:31:47.0890 0x0d40 [ 028A7743DFF85BDA7CE9D507FE104CDF, 0D0B03FEC1778A53B787A0CB5EB105413571A9BC42979AF5ECCD4F807F2F9686 ] BT848 C:\WINDOWS\system32\DRIVERS\BT848.sys
15:31:48.0109 0x0d40 BT848 - detected UnsignedFile.Multi.Generic ( 1 )
15:31:50.0500 0x0d40 Detect skipped due to KSN trusted
15:31:50.0500 0x0d40 BT848 - ok
15:31:50.0562 0x0d40 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:31:50.0843 0x0d40 cbidf2k - ok
15:31:50.0906 0x0d40 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:31:51.0187 0x0d40 CCDECODE - ok
15:31:51.0234 0x0d40 cd20xrnt - ok
15:31:51.0281 0x0d40 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:31:51.0546 0x0d40 Cdaudio - ok
15:31:51.0609 0x0d40 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:31:51.0890 0x0d40 Cdfs - ok
15:31:51.0953 0x0d40 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:31:52.0015 0x0d40 Cdrom - ok
15:31:52.0046 0x0d40 Changer - ok
15:31:52.0093 0x0d40 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:31:52.0375 0x0d40 CiSvc - ok
15:31:52.0437 0x0d40 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:31:52.0718 0x0d40 ClipSrv - ok
15:31:52.0812 0x0d40 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:31:52.0890 0x0d40 clr_optimization_v2.0.50727_32 - ok
15:31:52.0921 0x0d40 CmdIde - ok
15:31:53.0015 0x0d40 [ 8ED4497E4CC0C030EAC8E2FFA1DD9679, 029CA18ED6355D3DE277ACF4C2B307C8E3DDF58C095CAA94CED0E48B95B51375 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS
15:31:53.0062 0x0d40 COMMONFX - ok
15:31:53.0140 0x0d40 [ 8ED4497E4CC0C030EAC8E2FFA1DD9679, 029CA18ED6355D3DE277ACF4C2B307C8E3DDF58C095CAA94CED0E48B95B51375 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS
15:31:53.0156 0x0d40 COMMONFX.SYS - ok
15:31:53.0187 0x0d40 COMSysApp - ok
15:31:53.0250 0x0d40 Cpqarray - ok
15:31:53.0343 0x0d40 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
15:31:53.0375 0x0d40 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
15:31:55.0921 0x0d40 Detect skipped due to KSN trusted
15:31:55.0921 0x0d40 Creative Audio Engine Licensing Service - ok
15:31:56.0015 0x0d40 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:31:56.0250 0x0d40 CryptSvc - ok
15:31:56.0500 0x0d40 [ C1E3B24CA4871BD2A8C3B95110E78721, 6EA9146E98B971A5564F457CD457BD12B612187A351022498BA8F1036C899EBA ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
15:31:56.0625 0x0d40 ctac32k - ok
15:31:56.0890 0x0d40 [ 13E797253EA98C2574C878DE78CA691E, 46B586FFA7981327C437E58B5CB0C09580ADE8AD1E0EF64591DBA9A41E4C4069 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
15:31:57.0031 0x0d40 ctaud2k - ok
15:31:57.0296 0x0d40 [ AB3456984B59D1425BEFC0D457D41DD4, 088AA379B54A8FCB32FB5EFB00374470C0A51392F60EA9DA33DCFAE72D90491A ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS
15:31:57.0421 0x0d40 CTAUDFX - ok
15:31:57.0687 0x0d40 [ AB3456984B59D1425BEFC0D457D41DD4, 088AA379B54A8FCB32FB5EFB00374470C0A51392F60EA9DA33DCFAE72D90491A ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS
15:31:57.0812 0x0d40 CTAUDFX.SYS - ok
15:31:58.0031 0x0d40 [ 87CB26A58E2B8BF57F4FC92838318C12, AA58EB4F7E13C3DEC52E813AC64099DC4E07E0537C562E90F55745898DF6686B ] CTAudSvcService C:\Programme\Creative\Shared Files\CTAudSvc.exe
15:31:58.0171 0x0d40 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
15:32:00.0656 0x0d40 Detect skipped due to KSN trusted
15:32:00.0656 0x0d40 CTAudSvcService - ok
15:32:00.0859 0x0d40 [ D5E38C394787C1FBFC70E0C50345C25C, E7AE0E6D7AB93EACA0F3F7691E085B7D9AFFEB943F817EAE1D1FF5CD29F4FC46 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:32:01.0062 0x0d40 ctdvda2k - ok
15:32:01.0187 0x0d40 [ B4297863E9FCE34C0493FCA66F0970A2, 8729973F1DFD05CF6E6FD6E6D1C1C35F22E229F11B432819538A19C676D6ADA3 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS
15:32:01.0218 0x0d40 CTERFXFX - ok
15:32:01.0281 0x0d40 [ B4297863E9FCE34C0493FCA66F0970A2, 8729973F1DFD05CF6E6FD6E6D1C1C35F22E229F11B432819538A19C676D6ADA3 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS
15:32:01.0328 0x0d40 CTERFXFX.SYS - ok
15:32:01.0375 0x0d40 [ 71007BD2E1E26927FE3E4EB00C0BEEDF, 372E487035D732807B5BC27BA173E382112426D3ECB82EE8BD96C87FD7AB98E5 ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
15:32:01.0625 0x0d40 ctljystk - ok
15:32:01.0718 0x0d40 [ D19AB3A7DF104250429000F26E0D4049, 583449BB7F3A3DA26007AAA2BFAF52A7734256CECADB979159A26DAB9C30BA74 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:32:01.0734 0x0d40 ctprxy2k - ok
15:32:02.0015 0x0d40 [ D665DA6B6AEA45B9DB090096F2AEF023, 155D6BA1F4AB24B00DCD166F09E8A637F6E9FC8E8F78EE22EC208BB287094FF0 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS
15:32:02.0125 0x0d40 CTSBLFX - ok
15:32:02.0390 0x0d40 [ D665DA6B6AEA45B9DB090096F2AEF023, 155D6BA1F4AB24B00DCD166F09E8A637F6E9FC8E8F78EE22EC208BB287094FF0 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS
15:32:02.0515 0x0d40 CTSBLFX.SYS - ok
15:32:02.0625 0x0d40 [ 27C23069325ACDC27021671424F11BC1, BA0BA67AC1CC4C707B029441A86AFF099E81608B16ED6CA559C0A5A609CF24F7 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:32:02.0671 0x0d40 ctsfm2k - ok
15:32:02.0718 0x0d40 dac2w2k - ok
15:32:02.0750 0x0d40 dac960nt - ok
15:32:02.0953 0x0d40 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:32:03.0109 0x0d40 DcomLaunch - ok
15:32:03.0218 0x0d40 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:32:03.0546 0x0d40 Dhcp - ok
15:32:03.0609 0x0d40 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:03.0828 0x0d40 Disk - ok
15:32:03.0859 0x0d40 dmadmin - ok
15:32:04.0203 0x0d40 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:32:04.0921 0x0d40 dmboot - ok
15:32:05.0046 0x0d40 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:32:05.0296 0x0d40 dmio - ok
15:32:05.0328 0x0d40 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:32:05.0593 0x0d40 dmload - ok
15:32:05.0656 0x0d40 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:32:05.0921 0x0d40 dmserver - ok
15:32:06.0000 0x0d40 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:32:06.0234 0x0d40 DMusic - ok
15:32:06.0328 0x0d40 [ 4548494812BA3B416D489E0C6AF8D643, 29FDA5352C731F65816250BC0A4A0B67516F1BCCBD56B527EC54210CFA48A647 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:32:06.0406 0x0d40 Dnscache - ok
15:32:06.0515 0x0d40 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:32:06.0781 0x0d40 Dot3svc - ok
15:32:06.0812 0x0d40 dpti2o - ok
15:32:06.0843 0x0d40 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:07.0078 0x0d40 drmkaud - ok
15:32:07.0109 0x0d40 EagleXNt - ok
15:32:07.0171 0x0d40 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:32:07.0421 0x0d40 EapHost - ok
15:32:07.0593 0x0d40 [ 01F83E1B5DCE05F5CB7D99113CA9E890, A1ADC30B63D8CDEE16B8964BBC276CD9C1D3ED3D9BDDD60397A4680951D6CAE3 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
15:32:07.0906 0x0d40 emu10k - ok
15:32:07.0984 0x0d40 [ 7FFA171CCE6A8BFC774862A578BA39A2, B5F31E5CFA197CDCA274888ABA04154CB11C25116427CECBA56E4B0B930DE3E9 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
15:32:08.0234 0x0d40 emu10k1 - ok
15:32:08.0328 0x0d40 [ D03A26D94F3A24CC6C32D70BD63BAEAA, ECF6AEBBB7893A7530C35CBC4D344B3B1BA7932DD3A3142DBCA5EBFA239A9506 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
15:32:08.0343 0x0d40 emupia - ok
15:32:08.0390 0x0d40 ENTECH - ok
15:32:08.0453 0x0d40 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:32:08.0687 0x0d40 ERSvc - ok
15:32:08.0781 0x0d40 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
15:32:08.0843 0x0d40 Eventlog - ok
15:32:08.0968 0x0d40 [ ADA7241C16F3F42C7F210539FAD5F3AA, 70CF3FD831AD049D7C11AF0636E12FFC76A198BA05FC745CEB9A48516B9FA99E ] EventSystem C:\WINDOWS\system32\es.dll
15:32:09.0109 0x0d40 EventSystem - ok
15:32:09.0218 0x0d40 [ 4D893323DAE445E34A4C9038B0551BC9, 39EE6D1EA496568368F7E8167EFE444CAEDD34A760EC9107EC383D8D17485EFD ] exFat C:\WINDOWS\system32\drivers\exFat.sys
15:32:09.0281 0x0d40 exFat - ok
15:32:09.0437 0x0d40 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:09.0687 0x0d40 Fastfat - ok
15:32:09.0796 0x0d40 [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:32:09.0906 0x0d40 FastUserSwitchingCompatibility - ok
15:32:09.0968 0x0d40 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:32:10.0187 0x0d40 Fdc - ok
15:32:10.0265 0x0d40 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:32:10.0531 0x0d40 Fips - ok
15:32:10.0578 0x0d40 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:10.0812 0x0d40 Flpydisk - ok
15:32:10.0921 0x0d40 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:32:11.0171 0x0d40 FltMgr - ok
15:32:11.0265 0x0d40 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:11.0281 0x0d40 FontCache3.0.0.0 - ok
15:32:11.0343 0x0d40 [ 30D42943A54704EF13E2562911DBFCEA, 6E0904E60A2F8B62BD34E5EDA2DA2240DFBCE1288C58CB4D819F0025ECF76763 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:11.0375 0x0d40 Fs_Rec - ok
15:32:11.0453 0x0d40 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:11.0703 0x0d40 Ftdisk - ok
15:32:11.0750 0x0d40 [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:32:11.0968 0x0d40 gameenum - ok
15:32:12.0062 0x0d40 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:12.0265 0x0d40 Gpc - ok
15:32:12.0359 0x0d40 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
15:32:12.0421 0x0d40 gupdate - ok
15:32:12.0484 0x0d40 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
15:32:12.0515 0x0d40 gupdatem - ok
15:32:12.0875 0x0d40 [ F5F17B523E467FA3DDA7D9A40D296961, F12EADBA8557DADE2960E82CBC63FBB3344EC940CD7A6D8618653B7EE7CA5C95 ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:32:13.0078 0x0d40 ha10kx2k - ok
15:32:13.0218 0x0d40 [ 42C81F4691681DED6E1FC639AABED570, 6AC5FD7BC44CB8708957ED119D2528C0DDD8A43C9009F492389EBBA08C7CA2BE ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
15:32:13.0281 0x0d40 hap16v2k - ok
15:32:13.0421 0x0d40 [ 29EE8F6FCD5E9B206C0D91923E882F6A, 1FD45A6AB7E79BC1E1946BAD82CAD0199B2A34EDF409C7683F7945018F0F2AA6 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
15:32:13.0531 0x0d40 hap17v2k - ok
15:32:13.0593 0x0d40 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:32:13.0828 0x0d40 helpsvc - ok
15:32:13.0890 0x0d40 [ 923EE4EEF2582909A056904CA8026015, F8314EF330B72059B61DB7E7FC2E7CBD7C6697AC20A06980FDE06FD9DA8560BB ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
15:32:14.0093 0x0d40 hidgame - ok
15:32:14.0171 0x0d40 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:32:14.0390 0x0d40 HidServ - ok
15:32:14.0437 0x0d40 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:14.0671 0x0d40 hidusb - ok
15:32:14.0750 0x0d40 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:32:14.0953 0x0d40 hkmsvc - ok
15:32:14.0984 0x0d40 hpn - ok
15:32:15.0156 0x0d40 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:15.0281 0x0d40 HTTP - ok
15:32:15.0359 0x0d40 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:32:15.0578 0x0d40 HTTPFilter - ok
15:32:15.0625 0x0d40 hwdatacard - ok
15:32:15.0656 0x0d40 i2omgmt - ok
15:32:15.0703 0x0d40 i2omp - ok
15:32:15.0750 0x0d40 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:32:15.0968 0x0d40 i8042prt - ok
15:32:16.0093 0x0d40 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:32:16.0109 0x0d40 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:32:18.0546 0x0d40 Detect skipped due to KSN trusted
15:32:18.0546 0x0d40 IDriverT - ok
15:32:19.0000 0x0d40 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:19.0609 0x0d40 idsvc - ok
15:32:19.0671 0x0d40 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:19.0875 0x0d40 Imapi - ok
15:32:19.0968 0x0d40 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:32:20.0218 0x0d40 ImapiService - ok
15:32:20.0265 0x0d40 ini910u - ok
15:32:20.0328 0x0d40 IntelIde - ok
15:32:20.0390 0x0d40 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:32:20.0625 0x0d40 Ip6Fw - ok
15:32:20.0687 0x0d40 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:20.0906 0x0d40 IpFilterDriver - ok
15:32:20.0953 0x0d40 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:21.0171 0x0d40 IpInIp - ok
15:32:21.0265 0x0d40 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:21.0531 0x0d40 IpNat - ok
15:32:21.0609 0x0d40 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:21.0828 0x0d40 IPSec - ok
15:32:21.0921 0x0d40 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:22.0031 0x0d40 IRENUM - ok
15:32:22.0109 0x0d40 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:22.0312 0x0d40 isapnp - ok
15:32:22.0390 0x0d40 [ FE8300320281D658A7854D5CFC02A63F, E57978A0F3DE8D142291C659483C62A02CADAACF4A5C834292C9216C2255AE97 ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys
15:32:22.0421 0x0d40 k750bus - detected UnsignedFile.Multi.Generic ( 1 )
15:32:24.0828 0x0d40 Detect skipped due to KSN trusted
15:32:24.0828 0x0d40 k750bus - ok
15:32:24.0875 0x0d40 [ F44521F63C0C00364FA3D59DB980DE6A, 17B9CCEC1A4854724E43BE92BAEFC455E3B62F1B5CCA0C0B409CFB6C9C5436CC ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
15:32:24.0890 0x0d40 k750mdfl - detected UnsignedFile.Multi.Generic ( 1 )
15:32:27.0468 0x0d40 Detect skipped due to KSN trusted
15:32:27.0468 0x0d40 k750mdfl - ok
15:32:27.0546 0x0d40 [ E93323C3ED5E8923A177740A973C27B2, F91D39503D490E21BF9E9873677955CE72D28E5D563AD22334AFC56E208D32F1 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys
15:32:27.0578 0x0d40 k750mdm - detected UnsignedFile.Multi.Generic ( 1 )
15:32:30.0031 0x0d40 Detect skipped due to KSN trusted
15:32:30.0031 0x0d40 k750mdm - ok
15:32:30.0093 0x0d40 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7, 4425B88E95B747141A54DCE631C53C1721B33A345A574D59AA750CFCD5FCAFD3 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
15:32:30.0125 0x0d40 k750mgmt - detected UnsignedFile.Multi.Generic ( 1 )
15:32:32.0609 0x0d40 Detect skipped due to KSN trusted
15:32:32.0609 0x0d40 k750mgmt - ok
15:32:32.0921 0x0d40 [ 81CA2D57B2C14F76F4BA80846784BB3D, 74EC7D3B99DF8A18BF4BD4681C096B85257B65EF5DD0857E48214A0DE95ABE55 ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys
15:32:32.0953 0x0d40 k750obex - detected UnsignedFile.Multi.Generic ( 1 )
15:32:35.0453 0x0d40 Detect skipped due to KSN trusted
15:32:35.0453 0x0d40 k750obex - ok
15:32:35.0515 0x0d40 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:35.0734 0x0d40 Kbdclass - ok
15:32:35.0765 0x0d40 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:35.0968 0x0d40 kbdhid - ok
15:32:36.0093 0x0d40 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:32:36.0312 0x0d40 kmixer - ok
15:32:36.0390 0x0d40 [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:36.0437 0x0d40 KSecDD - ok
15:32:36.0531 0x0d40 [ 42DEC1FBCFA291720460705A8881A1C4, 094A0B529F8B722F1F1F552F33F938BC0625313A1ED7DC904D0BBB46F20B5FCE ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
15:32:36.0578 0x0d40 L8042pr2 - ok
15:32:36.0671 0x0d40 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:32:36.0734 0x0d40 LanmanServer - ok
15:32:36.0828 0x0d40 [ C9B816901C1ABF28BA6C5B6CB65EB75B, CF155F810851D2478F99363A3B788F243A5D446516B6497EDAAA7CBDB8108224 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:32:36.0937 0x0d40 lanmanworkstation - ok
15:32:36.0968 0x0d40 lbrtfdc - ok
15:32:37.0062 0x0d40 [ 03976C309EDE05D39017C05B817CD94F, 77CE122F794EF51A95A0DE54D8BEED76EAB8608700BF7BF3ED4726B636AC1093 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
15:32:37.0125 0x0d40 LHidFlt2 - ok
15:32:37.0187 0x0d40 [ 25688115843C4028686A96D88BC28007, B5F2236BAAB5255C75579692609285222D0523463B0E9E4F7F34CA0A626479CF ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
15:32:37.0218 0x0d40 LHidUsb - ok
15:32:37.0312 0x0d40 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:32:37.0562 0x0d40 LmHosts - ok
15:32:37.0640 0x0d40 [ 26407519FCA64EC4091FE1F815B4AFC4, 0889A70A05D89D337621822B18ECE2E7DFE4B35D7772E2690856488AB2440A38 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
15:32:37.0703 0x0d40 LMouFlt2 - ok
15:32:37.0718 0x0d40 LVUSBSta - ok
15:32:37.0796 0x0d40 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:32:38.0015 0x0d40 Messenger - ok
15:32:38.0062 0x0d40 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:38.0296 0x0d40 mnmdd - ok
15:32:38.0359 0x0d40 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:32:38.0593 0x0d40 mnmsrvc - ok
15:32:38.0671 0x0d40 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:32:38.0890 0x0d40 Modem - ok
15:32:38.0953 0x0d40 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:39.0156 0x0d40 Mouclass - ok
15:32:39.0187 0x0d40 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:39.0437 0x0d40 mouhid - ok
15:32:39.0500 0x0d40 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:39.0718 0x0d40 MountMgr - ok
15:32:39.0812 0x0d40 [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:32:39.0875 0x0d40 MozillaMaintenance - ok
15:32:39.0921 0x0d40 [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
15:32:40.0125 0x0d40 MPE - ok
15:32:40.0171 0x0d40 mraid35x - ok
15:32:40.0296 0x0d40 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:40.0578 0x0d40 MRxDAV - ok
15:32:40.0828 0x0d40 [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:41.0093 0x0d40 MRxSmb - ok
15:32:41.0140 0x0d40 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:32:41.0359 0x0d40 MSDTC - ok
15:32:41.0406 0x0d40 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:32:41.0640 0x0d40 Msfs - ok
15:32:41.0671 0x0d40 MSIServer - ok
15:32:41.0718 0x0d40 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:41.0953 0x0d40 MSKSSRV - ok
15:32:41.0984 0x0d40 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:42.0171 0x0d40 MSPCLOCK - ok
15:32:42.0187 0x0d40 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:42.0406 0x0d40 MSPQM - ok
15:32:42.0484 0x0d40 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:42.0671 0x0d40 mssmbios - ok
15:32:42.0718 0x0d40 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:32:42.0906 0x0d40 MSTEE - ok
15:32:42.0953 0x0d40 [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
15:32:43.0140 0x0d40 ms_mpu401 - ok
15:32:43.0250 0x0d40 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:32:43.0312 0x0d40 Mup - ok
15:32:43.0359 0x0d40 [ 514829ED3E7F140AAC16154106D04981, B92E66381CCF7FA44E3C443BBD0E411415EFC79C44798657D3D3155F3606087F ] MVDCODEC C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
15:32:43.0406 0x0d40 MVDCODEC - ok
15:32:43.0468 0x0d40 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:32:43.0703 0x0d40 NABTSFEC - ok
15:32:43.0875 0x0d40 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:32:44.0203 0x0d40 napagent - ok
15:32:44.0312 0x0d40 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:32:44.0609 0x0d40 NDIS - ok
15:32:44.0671 0x0d40 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:32:44.0875 0x0d40 NdisIP - ok
15:32:44.0921 0x0d40 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:44.0984 0x0d40 NdisTapi - ok
15:32:45.0046 0x0d40 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:45.0250 0x0d40 Ndisuio - ok
15:32:45.0328 0x0d40 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:45.0562 0x0d40 NdisWan - ok
15:32:45.0640 0x0d40 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:45.0687 0x0d40 NDProxy - ok
15:32:45.0734 0x0d40 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:45.0968 0x0d40 NetBIOS - ok
15:32:46.0078 0x0d40 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:46.0296 0x0d40 NetBT - ok
15:32:46.0390 0x0d40 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
15:32:46.0656 0x0d40 NetDDE - ok
15:32:46.0734 0x0d40 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:32:46.0953 0x0d40 NetDDEdsdm - ok
15:32:47.0015 0x0d40 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:32:47.0218 0x0d40 Netlogon - ok
15:32:47.0343 0x0d40 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
15:32:47.0640 0x0d40 Netman - ok
15:32:47.0734 0x0d40 [ 562E15CE8A98282F241E03829657E344, 76AC4652F4942226427F5C5D9150F8600A47F240571E2C728C8B41994E6668D1 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:47.0796 0x0d40 NetTcpPortSharing - ok
15:32:47.0875 0x0d40 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:32:48.0078 0x0d40 NIC1394 - ok
15:32:48.0203 0x0d40 [ 4AA50627B01C0E9C6B4C6BD3AF648F12, D0CABA3CC35F15352EC4A1C70B14299000A168D548EEC24E3B229B19E349FB81 ] Nla C:\WINDOWS\System32\mswsock.dll
15:32:48.0359 0x0d40 Nla - ok
15:32:48.0671 0x0d40 [ CB992AE1506985D9167E85883B4C3240, 667592260A9D3828BDF8955AA6D2864C8977EEC385D7EC2EE3A6B601B8DB70AB ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
15:32:48.0953 0x0d40 NMIndexingService - ok
15:32:49.0031 0x0d40 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:32:49.0218 0x0d40 Npfs - ok
15:32:49.0484 0x0d40 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:49.0984 0x0d40 Ntfs - ok
15:32:50.0062 0x0d40 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:32:50.0234 0x0d40 NtLmSsp - ok
15:32:50.0468 0x0d40 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:32:50.0921 0x0d40 NtmsSvc - ok
15:32:50.0968 0x0d40 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:32:51.0171 0x0d40 Null - ok
15:32:56.0078 0x0d40 [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:33:00.0390 0x0d40 nv - ok
15:33:00.0671 0x0d40 [ 1982E96B2C5C2EFFEF38EFC37293A42E, 06FA232C69CEEDE98EBC4580C0C1421688A4909CB46912D5E16541A2020F3160 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:33:00.0750 0x0d40 NVSvc - ok
15:33:00.0828 0x0d40 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:33:01.0031 0x0d40 NwlnkFlt - ok
15:33:01.0062 0x0d40 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:33:01.0281 0x0d40 NwlnkFwd - ok
15:33:01.0359 0x0d40 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:33:01.0578 0x0d40 ohci1394 - ok
15:33:01.0687 0x0d40 [ 4B8AABB697AE81A61395A19CE4447D49, E8ED9057410ECF4410C18A08C7FF013FA7390A45174D94ADB77B05515F74710E ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
15:33:01.0718 0x0d40 ossrv - ok
15:33:01.0812 0x0d40 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:33:02.0031 0x0d40 Parport - ok
15:33:02.0078 0x0d40 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:33:02.0281 0x0d40 PartMgr - ok
15:33:02.0328 0x0d40 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:33:02.0515 0x0d40 ParVdm - ok
15:33:02.0859 0x0d40 [ 25B86F45001D6117F17457D894DCCA1C, 66F1161F8EE468469950AB1C3D773798E2DFB4264FE7D08CE00F298B5B4D7C8E ] PCAppStoreSvc_{PCAppStore_4.3.1.5579} C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe
15:33:03.0156 0x0d40 PCAppStoreSvc_{PCAppStore_4.3.1.5579} - ok
15:33:03.0234 0x0d40 PCFApiUtil - ok
15:33:03.0296 0x0d40 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:33:03.0515 0x0d40 PCI - ok
15:33:03.0562 0x0d40 PCIDump - ok
15:33:03.0593 0x0d40 PCIIde - ok
15:33:03.0703 0x0d40 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:33:03.0937 0x0d40 Pcmcia - ok
15:33:03.0968 0x0d40 PDCOMP - ok
15:33:04.0000 0x0d40 PDFRAME - ok
15:33:04.0031 0x0d40 PDRELI - ok
15:33:04.0078 0x0d40 PDRFRAME - ok
15:33:04.0109 0x0d40 perc2 - ok
15:33:04.0140 0x0d40 perc2hib - ok
15:33:04.0234 0x0d40 PID_0928 - ok
15:33:04.0328 0x0d40 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
15:33:04.0375 0x0d40 PlugPlay - ok
15:33:04.0421 0x0d40 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:33:04.0640 0x0d40 PolicyAgent - ok
15:33:04.0703 0x0d40 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:33:04.0906 0x0d40 PptpMiniport - ok
15:33:04.0968 0x0d40 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:33:05.0140 0x0d40 ProtectedStorage - ok
15:33:05.0218 0x0d40 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:33:05.0421 0x0d40 PSched - ok
15:33:05.0468 0x0d40 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:33:05.0687 0x0d40 Ptilink - ok
15:33:05.0765 0x0d40 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:33:05.0796 0x0d40 PxHelp20 - ok
15:33:05.0828 0x0d40 ql1080 - ok
15:33:05.0875 0x0d40 Ql10wnt - ok
15:33:05.0906 0x0d40 ql12160 - ok
15:33:05.0953 0x0d40 ql1240 - ok
15:33:05.0968 0x0d40 ql1280 - ok
15:33:06.0015 0x0d40 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:33:06.0234 0x0d40 RasAcd - ok
15:33:06.0312 0x0d40 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:33:06.0531 0x0d40 RasAuto - ok
15:33:06.0609 0x0d40 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:33:06.0812 0x0d40 Rasl2tp - ok
15:33:06.0906 0x0d40 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:33:07.0187 0x0d40 RasMan - ok
15:33:07.0250 0x0d40 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:33:07.0453 0x0d40 RasPppoe - ok
15:33:07.0515 0x0d40 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:33:07.0734 0x0d40 Raspti - ok
15:33:07.0859 0x0d40 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:33:08.0109 0x0d40 Rdbss - ok
15:33:08.0156 0x0d40 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:33:08.0343 0x0d40 RDPCDD - ok
15:33:08.0484 0x0d40 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:33:08.0765 0x0d40 rdpdr - ok
15:33:08.0875 0x0d40 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:33:08.0937 0x0d40 RDPWD - ok
15:33:09.0031 0x0d40 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:33:09.0281 0x0d40 RDSessMgr - ok
15:33:09.0359 0x0d40 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:33:09.0593 0x0d40 redbook - ok
15:33:09.0671 0x0d40 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:33:09.0890 0x0d40 RemoteAccess - ok
15:33:09.0953 0x0d40 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:33:10.0171 0x0d40 RemoteRegistry - ok
15:33:10.0234 0x0d40 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:33:10.0453 0x0d40 RpcLocator - ok
15:33:10.0640 0x0d40 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:33:10.0796 0x0d40 RpcSs - ok
15:33:10.0906 0x0d40 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:33:11.0140 0x0d40 RSVP - ok
15:33:11.0218 0x0d40 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:33:11.0406 0x0d40 rtl8139 - ok
15:33:11.0453 0x0d40 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
15:33:11.0671 0x0d40 SamSs - ok
15:33:11.0781 0x0d40 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:33:12.0015 0x0d40 SCardSvr - ok
15:33:12.0125 0x0d40 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:33:12.0406 0x0d40 Schedule - ok
15:33:12.0468 0x0d40 [ BA0D892D2F786BCEBDF03B0A252B47F3, 4ED103BD45ECE4D2B6029C36D0E209C8A6F1C34E0F72B01553742773CB1F43A1 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:33:12.0484 0x0d40 Secdrv - detected UnsignedFile.Multi.Generic ( 1 )
15:33:18.0187 0x0d40 Detect skipped due to KSN trusted
15:33:18.0187 0x0d40 Secdrv - ok
15:33:18.0250 0x0d40 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:33:18.0453 0x0d40 seclogon - ok
15:33:18.0515 0x0d40 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
15:33:18.0750 0x0d40 SENS - ok
15:33:18.0796 0x0d40 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:33:19.0015 0x0d40 serenum - ok
15:33:19.0078 0x0d40 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:33:19.0296 0x0d40 Serial - ok
15:33:19.0406 0x0d40 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:33:19.0625 0x0d40 Sfloppy - ok
15:33:19.0687 0x0d40 [ 0B1A5E9CACB5CDD54A2815107BD7C772, 0561D083BDB02177BEE3A6A87C2B71962B13F45127A59E65899B1144F14F6329 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
15:33:19.0875 0x0d40 sfman - ok
15:33:20.0031 0x0d40 [ F96D196D81A92A6C55178F3F49B227A1, 44119E123E8667F17A197C959838DF02F08201BF0E704A55E60390B77CE691D3 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:33:20.0281 0x0d40 SharedAccess - ok
15:33:20.0359 0x0d40 [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:33:20.0437 0x0d40 ShellHWDetection - ok
15:33:20.0453 0x0d40 Simbad - ok
15:33:20.0515 0x0d40 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:33:20.0734 0x0d40 SLIP - ok
15:33:20.0765 0x0d40 Sparrow - ok
15:33:20.0812 0x0d40 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:33:21.0031 0x0d40 splitter - ok
15:33:21.0109 0x0d40 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:33:21.0156 0x0d40 Spooler - ok
15:33:21.0234 0x0d40 [ 3409718967C8A428898435B832149B0F, D3D400036ACE89EFDB60CE19DD37E802260F068428B4B82C64FF373B0AF51F9D ] Spring C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys
15:33:21.0281 0x0d40 Spring - ok
15:33:21.0578 0x0d40 [ 4F576E516CC76EC50A244586BCFA1C78, 75BCA3475AF5E211307EE3FEEB523A935971F56884F1174FD117E4AFE0B0DBD6 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
15:33:22.0000 0x0d40 sptd - ok
15:33:22.0109 0x0d40 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:33:22.0218 0x0d40 sr - ok
15:33:22.0312 0x0d40 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
15:33:22.0500 0x0d40 srservice - ok
15:33:22.0703 0x0d40 [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:33:22.0937 0x0d40 Srv - ok
15:33:23.0015 0x0d40 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:33:23.0140 0x0d40 SSDPSRV - ok
15:33:23.0312 0x0d40 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:33:23.0765 0x0d40 stisvc - ok
15:33:23.0812 0x0d40 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:33:24.0015 0x0d40 streamip - ok
15:33:24.0078 0x0d40 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:33:24.0281 0x0d40 swenum - ok
15:33:24.0328 0x0d40 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:33:24.0562 0x0d40 swmidi - ok
15:33:24.0593 0x0d40 SwPrv - ok
15:33:24.0656 0x0d40 symc810 - ok
15:33:24.0671 0x0d40 symc8xx - ok
15:33:24.0718 0x0d40 sym_hi - ok
15:33:24.0750 0x0d40 sym_u3 - ok
15:33:24.0828 0x0d40 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:33:25.0046 0x0d40 sysaudio - ok
15:33:25.0109 0x0d40 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:33:25.0328 0x0d40 SysmonLog - ok
15:33:25.0484 0x0d40 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:33:25.0796 0x0d40 TapiSrv - ok
15:33:26.0000 0x0d40 [ AD978A1B783B5719720CFF204B666C8E, FA50A3664522C58E1637C06731B9CB9D56FF14F0A5F8AB496A1945585E8A2C16 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:33:26.0234 0x0d40 Tcpip - ok
15:33:26.0312 0x0d40 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:33:26.0500 0x0d40 TDPIPE - ok
15:33:26.0531 0x0d40 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:33:26.0750 0x0d40 TDTCP - ok
15:33:26.0812 0x0d40 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:33:27.0015 0x0d40 TermDD - ok
15:33:27.0171 0x0d40 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
15:33:27.0484 0x0d40 TermService - ok
15:33:27.0593 0x0d40 [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:33:27.0625 0x0d40 Themes - ok
15:33:27.0703 0x0d40 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:33:27.0828 0x0d40 TlntSvr - ok
15:33:27.0875 0x0d40 TosIde - ok
15:33:27.0953 0x0d40 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:33:28.0171 0x0d40 TrkWks - ok
15:33:28.0250 0x0d40 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:33:28.0453 0x0d40 Udfs - ok
15:33:28.0484 0x0d40 ultra - ok
15:33:28.0687 0x0d40 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:33:29.0109 0x0d40 Update - ok
15:33:29.0234 0x0d40 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:33:29.0406 0x0d40 upnphost - ok
15:33:29.0437 0x0d40 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
15:33:29.0703 0x0d40 UPS - ok
15:33:29.0984 0x0d40 [ D163C2FA32265AACBB1B7EAF613FBDD4, 8DE1445429CDE1B322F7FE766B873C48F99347A7901DE0E132AF1C42B49CFD50 ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
15:33:30.0296 0x0d40 USB28xxBGA - ok
15:33:30.0562 0x0d40 [ 2E7ADD4F70C336E4E66F68567FEF01D5, 512304E07A029C262870547E551A6F6E41D83F69212DF4EAE45137707792C6AC ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
15:33:30.0859 0x0d40 USB28xxOEM - ok
15:33:30.0921 0x0d40 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:33:30.0953 0x0d40 usbaudio - ok
15:33:31.0031 0x0d40 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:33:31.0078 0x0d40 usbccgp - ok
15:33:31.0156 0x0d40 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:33:31.0171 0x0d40 usbehci - ok
15:33:31.0234 0x0d40 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:33:31.0453 0x0d40 usbhub - ok
15:33:31.0500 0x0d40 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:33:31.0718 0x0d40 usbohci - ok
15:33:31.0781 0x0d40 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:33:31.0812 0x0d40 usbscan - ok
15:33:31.0890 0x0d40 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:33:32.0093 0x0d40 USBSTOR - ok
15:33:32.0156 0x0d40 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:33:32.0359 0x0d40 usbuhci - ok
15:33:32.0468 0x0d40 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:33:32.0531 0x0d40 usbvideo - ok
15:33:32.0656 0x0d40 [ CE9B7DF9AF5B01884BEEAB3F703C3BF6, 17881A5A8EC34A32AC56D76626573529B68FC66A151CF31B8F466B8028557262 ] vcs F:\Programme\AV VCS 3.0\vcs.sys
15:33:32.0687 0x0d40 vcs - detected UnsignedFile.Multi.Generic ( 1 )
15:33:35.0375 0x0d40 Detect skipped due to KSN trusted
15:33:35.0375 0x0d40 vcs - ok
15:33:35.0437 0x0d40 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:33:35.0656 0x0d40 VgaSave - ok
15:33:35.0703 0x0d40 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:33:35.0921 0x0d40 viaagp - ok
15:33:35.0984 0x0d40 [ 4B039BBD037B01F5DB5A144C837F283A, EA319B165958D19C71E059762C9F6ECD96BB96FBFF3B187519D1BBB2033F6A6D ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:33:36.0015 0x0d40 viaagp1 - ok
15:33:36.0062 0x0d40 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:33:36.0265 0x0d40 ViaIde - ok
15:33:36.0328 0x0d40 [ F95C0FCFBCBDA6D8F202D2DF4052F88D, 976FC7EE44C588648D373B900647D861C3F8D4394A9BE9CCD6277678D950D23E ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
15:33:36.0359 0x0d40 videX32 - ok
15:33:36.0437 0x0d40 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:33:36.0656 0x0d40 VolSnap - ok
15:33:36.0812 0x0d40 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
15:33:37.0015 0x0d40 VSS - ok
15:33:37.0156 0x0d40 [ 39247D93BE13E0C67A996A837EAB8E02, 700DB729ABEC4CDA9CCDCDD788528CB063F840D3E6CF75BC0262B8DF87BA6448 ] W32Time C:\WINDOWS\system32\w32time.dll
15:33:37.0250 0x0d40 W32Time - ok
15:33:37.0328 0x0d40 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:33:37.0562 0x0d40 Wanarp - ok
15:33:37.0625 0x0d40 [ 2E8BA025D65DD49D15EA66973E2A15DF, 58C14D85D7FECB9940CA42B367FE6B023262A1B6AFD990FC0CE3DCBC7D8544AD ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:33:37.0968 0x0d40 wceusbsh - ok
15:33:37.0984 0x0d40 WDICA - ok
15:33:38.0078 0x0d40 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:33:38.0296 0x0d40 wdmaud - ok
15:33:38.0375 0x0d40 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
15:33:38.0593 0x0d40 WebClient - ok
15:33:38.0750 0x0d40 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:33:39.0000 0x0d40 winmgmt - ok
15:33:39.0125 0x0d40 [ 581176F60885AEF8F78C6E38DCC3CDF9, C175F84936964EC7AE7EA24025C4003E0907E7EA2BEAA0930BA2CB01360A5B79 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
15:33:39.0156 0x0d40 WMDM PMSP Service - detected UnsignedFile.Multi.Generic ( 1 )
15:33:41.0625 0x0d40 Detect skipped due to KSN trusted
15:33:41.0625 0x0d40 WMDM PMSP Service - ok
15:33:41.0687 0x0d40 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:33:41.0718 0x0d40 WmdmPmSN - ok
15:33:42.0046 0x0d40 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:33:42.0484 0x0d40 Wmi - ok
15:33:42.0625 0x0d40 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:33:42.0859 0x0d40 WmiApSrv - ok
15:33:43.0250 0x0d40 [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
15:33:43.0843 0x0d40 WMPNetworkSvc - ok
15:33:43.0968 0x0d40 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:33:44.0171 0x0d40 wscsvc - ok
15:33:44.0218 0x0d40 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:33:44.0437 0x0d40 WSTCODEC - ok
15:33:44.0531 0x0d40 [ AAE1A6FFBA2B0436E91795120F48C461, B26EABDBB7E0E101643C0D68CBF2CB6A3DD7E685D939EBD1BFAD5E7AE8E352B7 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:33:44.0562 0x0d40 wuauserv - ok
15:33:44.0625 0x0d40 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:33:44.0687 0x0d40 WudfPf - ok
15:33:44.0750 0x0d40 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:33:44.0796 0x0d40 WudfRd - ok
15:33:44.0843 0x0d40 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:33:44.0921 0x0d40 WudfSvc - ok
15:33:45.0156 0x0d40 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:33:45.0656 0x0d40 WZCSVC - ok
15:33:45.0765 0x0d40 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:33:46.0015 0x0d40 xmlprov - ok
15:33:46.0093 0x0d40 ================ Scan global ===============================
15:33:46.0156 0x0d40 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
15:33:46.0343 0x0d40 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
15:33:46.0578 0x0d40 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
15:33:46.0687 0x0d40 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
15:33:46.0687 0x0d40 [ Global ] - ok
15:33:46.0703 0x0d40 ================ Scan MBR ==================================
15:33:46.0750 0x0d40 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:33:47.0156 0x0d40 \Device\Harddisk0\DR0 - ok
15:33:47.0187 0x0d40 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
15:33:47.0484 0x0d40 \Device\Harddisk1\DR1 - ok
15:33:47.0562 0x0d40 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR7
15:33:48.0531 0x0d40 \Device\Harddisk2\DR7 - ok
15:33:48.0546 0x0d40 ================ Scan VBR ==================================
15:33:48.0562 0x0d40 [ EF6869EB1E586B3304CA86DD8A92B2C6 ] \Device\Harddisk0\DR0\Partition1
15:33:48.0578 0x0d40 \Device\Harddisk0\DR0\Partition1 - ok
15:33:48.0609 0x0d40 [ 40E1F4A01CADFA7FDC028366D63785FE ] \Device\Harddisk0\DR0\Partition2
15:33:48.0609 0x0d40 \Device\Harddisk0\DR0\Partition2 - ok
15:33:48.0640 0x0d40 [ 04B4A817644EE7375694F38163EE604E ] \Device\Harddisk1\DR1\Partition1
15:33:48.0640 0x0d40 \Device\Harddisk1\DR1\Partition1 - ok
15:33:48.0687 0x0d40 [ 5A05CC6DA4B9D5422AC39D2484BC34B3 ] \Device\Harddisk1\DR1\Partition2
15:33:48.0687 0x0d40 \Device\Harddisk1\DR1\Partition2 - ok
15:33:48.0718 0x0d40 [ B2628B46126B912A25248CBFE600CD42 ] \Device\Harddisk1\DR1\Partition3
15:33:48.0734 0x0d40 \Device\Harddisk1\DR1\Partition3 - ok
15:33:48.0765 0x0d40 [ 67C4D26C272C607A4AB6255B109F5212 ] \Device\Harddisk2\DR7\Partition1
15:33:48.0781 0x0d40 \Device\Harddisk2\DR7\Partition1 - ok
15:33:48.0796 0x0d40 ================ Scan generic autorun ======================
15:33:48.0859 0x0d40 [ C921A733FA3F1E4C3505D436DBC5EA47, 3C7DF45D928FB7D3B150F0E20F41A4FC16CBC747A2932FA6F5B8E98EAEC3B8DF ] C:\WINDOWS\Logi_MwX.Exe
15:33:48.0875 0x0d40 Logitech Utility - ok
15:33:48.0890 0x0d40 NvCplDaemon - ok
15:33:48.0921 0x0d40 NvMediaCenter - ok
15:33:49.0765 0x0d40 [ 6E0F29BD0E792618FF285AB094F4DCEF, 6BED26091EE890ABEFD31B95E1DCADE27C8775E580D201C6071D851FB5BB20BC ] C:\Programme\NVIDIA Corporation\nview\nwiz.exe
15:33:51.0093 0x0d40 nwiz - ok
15:33:52.0750 0x0d40 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Programme\AVAST Software\Avast\AvastUI.exe
15:33:55.0515 0x0d40 AvastUI.exe - ok
15:33:55.0609 0x0d40 [ 9F0A950B8A71B71CF5330C22C429E4F4, 456A86496060C3447F0A9DC56E9CE36ACE4F8878C1758FF551CA6139B4BC1B79 ] C:\WINDOWS\system32\CTHELPER.EXE
15:33:55.0625 0x0d40 CTHelper - detected UnsignedFile.Multi.Generic ( 1 )
15:33:57.0968 0x0d40 Detect skipped due to KSN trusted
15:33:57.0968 0x0d40 CTHelper - ok
15:33:57.0984 0x0d40 _nltide_3 - ok
15:33:58.0015 0x0d40 IE7 - ok
15:33:58.0031 0x0d40 ShowDeskFix - ok
15:33:58.0140 0x0d40 [ FDB4F88B9B1CD409E1DC06AD68BEA2B8, B031473D2B11C00FB9464D0A518DF30BB01EF7A157AE7994C2FDEF1DF6F0C097 ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe
15:33:58.0171 0x0d40 SCheck - detected UnsignedFile.Multi.Generic ( 1 )
15:34:00.0546 0x0d40 Detect skipped due to KSN trusted
15:34:00.0546 0x0d40 SCheck - ok
15:34:00.0671 0x0d40 [ 8238C67128E71D66516A1986B863930C, 4CD5AC3BAC449AAED19529D3840CC1A4770A328DE756D4193EC90F3026353ACF ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe
15:34:00.0765 0x0d40 DataMgr - detected UnsignedFile.Multi.Generic ( 1 )
15:34:03.0359 0x0d40 Detect skipped due to KSN trusted
15:34:03.0359 0x0d40 DataMgr - ok
15:34:03.0406 0x0d40 [ FDB4F88B9B1CD409E1DC06AD68BEA2B8, B031473D2B11C00FB9464D0A518DF30BB01EF7A157AE7994C2FDEF1DF6F0C097 ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe
15:34:03.0421 0x0d40 Intermediate - detected UnsignedFile.Multi.Generic ( 1 )
15:34:03.0421 0x0d40 Detect skipped due to KSN trusted
15:34:03.0421 0x0d40 Intermediate - ok
15:34:03.0484 0x0d40 AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
15:34:03.0500 0x0d40 Win FW state via NFM: enabled
15:34:05.0968 0x0d40 ============================================================
15:34:05.0968 0x0d40 Scan finished
15:34:05.0968 0x0d40 ============================================================
15:34:06.0015 0x09ec Detected object count: 0
15:34:06.0015 0x09ec Actual detected object count: 0
|
|
03.11.2014, 11:50
| #6 |
| /// the machine /// TB-Ausbilder | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! hi, Scan mit Combofix
__________________ --> XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! |
|
06.11.2014, 17:52
| #7 |
| | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! Hi, ich war ein paar Tage nicht zu hause, jetzt hab ich mal das Combofix laufen lassen. Echt nett mir mit diesem Steinzeit Teil zu helfen, aber ich nutze ihn immer noch ständig, oder auch als Testrechner. Code:
ATTFilter ComboFix 14-10-29.01 - Administrator 06.11.2014 13:02:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1791.1397 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\omesuperv.exe
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAUserName.txt
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
C:\END
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\kernel1.exe
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCS
-------\Service_vcs
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-06 bis 2014-11-06 ))))))))))))))))))))))))))))))
.
.
2014-11-03 21:21 . 2014-11-03 23:07 -------- d-----w- c:\programme\SpeedFan
2014-11-01 22:49 . 2014-11-01 22:51 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-26 06:45 . 2013-08-06 15:15 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-26 06:44 . 2013-08-06 15:15 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-26 06:44 . 2013-08-06 15:15 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-26 06:44 . 2013-08-06 15:15 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-26 06:44 . 2014-05-01 16:20 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-26 06:44 . 2013-08-06 15:15 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-08-26 06:44 . 2013-08-06 15:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-26 06:44 . 2013-08-06 15:15 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-26 06:44 . 2014-08-26 06:44 43152 ----a-w- c:\windows\avastSS.scr
2014-08-26 06:44 . 2013-08-06 15:15 276432 ----a-w- c:\windows\system32\aswBoot.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-04 16:08 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-04-04 16:08 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-02-19 . 66476149DB011EA7323AA30434568434 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-26 06:43 578240 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SCheck"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe" [2013-12-09 37376]
"DataMgr"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe" [2013-07-21 168824]
"Intermediate"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe" [2013-12-09 37376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
"AvastUI.exe"="c:\programme\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"IE7"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\programme\TGTSoft\StyleXP\StyleXP.exe -Hide
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Battlefield 1942\\BF1942.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Anwendungsdaten\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [06.08.2013 16:15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [06.08.2013 16:15 192352]
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [22.04.2014 18:42 47456]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [06.08.2013 16:15 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [06.08.2013 16:15 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [01.05.2014 17:20 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [06.08.2013 16:15 67824]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_5121528e\avupgsvc.exe [?]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.01.2011 08:09 371349]
S3 AIDA32Driver;AIDA32Driver;g:\programme\Tools\Hardware Tools\aida\aida32.sys [02.04.2009 14:50 3584]
S3 Al_elp;Al_elp; [x]
S3 BioNT_BS;BioNT_BS;\??\c:\programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys --> c:\programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [?]
S3 BprotectEx;Baidu ProtectEx;\??\c:\windows\System32\drivers\BprotectEx.sys --> c:\windows\System32\drivers\BprotectEx.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [28.02.2013 13:28 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 PCFApiUtil;PCFApiUtil;\??\c:\programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys --> c:\programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [?]
S3 Spring;Spring;c:\programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [13.06.2014 17:32 96608]
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579};Baidu PC App Store Service 4.3.1.5579;c:\programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [24.04.2014 13:29 575008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09.09.2009 17:32 682232]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-26 06:43]
.
2013-04-30 c:\windows\Tasks\Eingabeaufforderung.job
- c:\windows\system32\cmd.exe [2008-04-14 11:00]
.
2014-10-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-04-21 23:28]
.
2014-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2013-09-16 14:18]
.
2014-11-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2013-09-16 14:18]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-04-21 23:16]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-04-21 23:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-AtiExtEvent - (no file)
AddRemove-CarmageddonDeinstKey - d:\carmageddon\DeIsL1.isu
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-MDT - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-06 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-2025429265-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\msi.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
c:\programme\Tracker Software\Shell Extensions\XCShInfo.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\NVRSDE.DLL
c:\programme\NVIDIA Corporation\nview\nvshell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\AVAST Software\Avast\AvastSvc.exe
c:\programme\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-06 13:32:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-06 12:32
.
Vor Suchlauf: 981.909.504 Bytes frei
Nach Suchlauf: 894.296.064 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC4B6B25A35DBC8B82767634BC9CFBAD
72B8CE41AF0DE751C946802B3ED844B4
|
|
07.11.2014, 08:48
| #8 |
| /// the machine /// TB-Ausbilder | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.11.2014, 00:28
| #9 |
| | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! HI,  musste bischen regedit editieren weil der immer auf pio runter ist, was ich in everest aida nicht sehen konnte haha..Auch etwas peinlich was da für Zeug drauf ist, also nochmal  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.11.2014 Suchlauf-Zeit: 21:52:07 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.09.07 Rootkit Datenbank: v2014.11.08.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 295892 Verstrichene Zeit: 37 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 11 PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}, In Quarantäne, [c9f287b2394360d64eb0377b37cbc040], PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}, In Quarantäne, [2596b4853d3f003641be81318082926e], PUP.Optional.Babylon.A, HKLM\SOFTWARE\babylontoolbar, In Quarantäne, [d4e79b9e96e647ef813af78aaa5aea16], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, In Quarantäne, [19a22217106c0c2a859da1c39a6930d0], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [02b952e76715ab8bf4df780ba46046ba], PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferMosquito, In Quarantäne, [aa1164d52e4ec472006c23834cb8c53b], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, In Quarantäne, [9b20f841bfbd1a1c05c288c98a799a66], PUP.Optional.VisualBee.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\visualbee LTD, In Quarantäne, [d8e3c475a0dc162073155702956ef50b], PUP.Optional.Softonic.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [427903361b61142270ca04557d86b24e], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759], Registrierungswerte: 3 PUP.Optional.DataMgr.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe", In Quarantäne, [e4d7241515677db91ef81e8432d213ed] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be] PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759] Registrierungsdaten: 1 PUM.Hijack.StartMenu, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Gut: (1), Schlecht: (0),Ersetzt,[744736033d3faf87231cf94413f21ee2] Ordner: 12 PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Free Mahjong Games, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\web_player, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.InstallBrain.A, C:\WINDOWS\system32\WNLT\INSTALLATION, In Quarantäne, [c8f386b37a02a2948b3f34cb936f619f], PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VISUALBEEEXE, In Quarantäne, [65563405344876c0aef9a55bbf44e11f], PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\All Users\VISUALBEE, In Quarantäne, [39822d0c89f3e056773344bc59aafe02], PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8], PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8], PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04], Dateien: 26 PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\INSTALLER.JS, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\common.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Uninstall.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\WebPlayer.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\main.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\shortcut.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\tray.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\config.xml, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\main.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\stub.html, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\event_listener.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\io.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\json.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\jsonstorage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\storage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\utils.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\xhr.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\web_player.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae], PUP.Optional.OfferMosquito.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\OM@OFFERMOSQUITO.COM.XPI, In Quarantäne, [407b52e7b0cc49ed498183ce19eac13f], PUP.Optional.DataMgr.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe, In Quarantäne, [e4d7241515677db91ef81e8432d213ed], PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\SNT@DOTLABS.CO.XPI, In Quarantäne, [fbc093a693e939fd86e5a7ff03017090], PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\simple_new_tab.dll, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8], PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls\index.html, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8], PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE\repository.xml, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) [R0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:27:26
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gefunden : C:\WINDOWS\system32\WNLT
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\5d6d78de13ebe47
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Protector
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Tencent
Schlüssel Gefunden : HKLM\SOFTWARE\VBMZ
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.fbdownloader.com/?channel=de
-\\ Mozilla Firefox v32.0.1 (x86 de)
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
*************************
AdwCleaner[R0].txt - [4827 octets] - [09/11/2014 23:27:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4887 octets] ##########
[S0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:34:43
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gelöscht : C:\WINDOWS\system32\WNLT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d6d78de13ebe47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tencent
Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.1 (x86 de)
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
*************************
AdwCleaner[R0].txt - [4967 octets] - [09/11/2014 23:27:26]
AdwCleaner[S0].txt - [4814 octets] - [09/11/2014 23:34:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4874 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 09.11.2014 at 23:49:46,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C333CF63-767F-4831-94AC-E683D962C63C}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\baidu security"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\getrighttogo"
Successfully deleted: [Folder] "C:\Programme\baidu security"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2014 at 23:56:30,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Administrator (administrator) on PALOMINO on 09-11-2014 23:59:32
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\Programme\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [20992 2003-12-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-07] (AVAST Software)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECA244E4A892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {FB8903A1-C95F-4B51-A32F-70F51770D026} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\plugins\npcoolirisplugin.dll ()
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\ich@maltegoetz.de.xpi [2014-10-13]
FF Extension: StopTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\stoptube@kashiif.com.xpi [2013-05-30]
FF Extension: Zoom Page - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\zoompage@DW-dev.xpi [2013-06-25]
FF Extension: Resurrect Pages - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-05-30]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-06]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-08-25] () [File not signed]
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-07] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Programme\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-14] (Creative Technology Ltd) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-18] (Mozilla Foundation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 Al_elp; No ImagePath
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-07] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-11-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-07] ()
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-04] (ATI Technologies Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-06-05] (Baidu, Inc.)
S2 BT848; C:\WINDOWS\System32\DRIVERS\BT848.sys [371349 2011-01-25] (Illusion & Hope.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798744 2009-06-23] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2009-06-23] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2009-06-23] (Creative Technology Ltd)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2006-03-13] (MCCI) [File not signed]
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2006-03-13] (MCCI) [File not signed]
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2006-03-13] (MCCI) [File not signed]
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2006-03-13] (MCCI) [File not signed]
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2006-03-13] (MCCI) [File not signed]
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51582 2003-12-11] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37916 2003-12-11] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2004-08-04] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [12400 2010-06-11] (Macrovision Europe Ltd) [File not signed]
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [682232 2009-09-09] (Duplex Secure Ltd.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [570168 2009-10-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [527800 2009-10-06] (eMPIA Technology, Inc.)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [32000 2008-04-14] (Microsoft Corporation)
S3 BioNT_BS; \??\C:\Programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [X]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PCFApiUtil; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 Spring; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 23:56 - 2014-11-09 23:56 - 00002032 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2014-11-09 23:49 - 2014-11-09 23:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-09 23:26 - 2014-11-09 23:34 - 00000000 ____D () C:\AdwCleaner
2014-11-09 22:55 - 2014-11-09 22:55 - 01706808 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2014-11-09 22:33 - 2014-11-09 22:33 - 00011194 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\malwarebytes.txt
2014-11-09 21:49 - 2014-11-09 21:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 21:48 - 2014-11-09 21:48 - 00000799 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-11-09 21:48 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-09 21:48 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-09 21:47 - 2014-11-09 18:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 18:54 - 2014-11-09 18:54 - 00000554 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit DiskMark.exe.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00001657 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\CrystalDiskInfo.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Programme\CrystalDiskInfo
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CrystalDiskInfo
2014-11-09 16:49 - 2014-11-09 16:49 - 00000643 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\HD Tune.lnk
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Programme\HD Tune
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HD Tune
2014-11-07 22:01 - 2014-11-07 22:01 - 00001751 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avast Free Antivirus.lnk
2014-11-07 22:01 - 2014-11-07 22:00 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-07 22:00 - 2014-11-07 22:00 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-06 13:32 - 2014-11-10 00:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00014229 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.txt
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-06 13:19 - 2014-11-06 13:19 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-06 12:58 - 2014-11-06 12:58 - 00000000 _RSHD () C:\cmdcons
2014-11-06 12:58 - 2013-05-02 17:33 - 00000211 _____ () C:\Boot.bak
2014-11-06 12:58 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-11-06 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-06 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-06 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-06 12:55 - 2014-11-06 13:32 - 00000000 ____D () C:\Qoobox
2014-11-06 12:54 - 2014-11-06 13:29 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-05 01:39 - 2014-11-05 14:04 - 00001561 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neues Textdokument.txt
2014-11-03 22:21 - 2014-11-06 23:20 - 00000000 ____D () C:\Programme\SpeedFan
2014-11-03 22:21 - 2014-11-03 22:21 - 00000704 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\SpeedFan.lnk
2014-11-03 22:21 - 2014-11-03 22:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\SpeedFan
2014-11-01 23:49 - 2014-11-09 23:59 - 00000000 ____D () C:\FRST
2014-11-01 21:56 - 2014-11-01 21:56 - 00000020 _____ () C:\Dokumente und Einstellungen\Administrator\defogger_reenable
2014-11-01 18:46 - 2014-11-09 23:00 - 03162278 ____N () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.BAK
2014-11-01 15:51 - 2014-11-01 15:51 - 00000109 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\hjghghj.txt
2014-10-13 10:28 - 2014-10-13 10:29 - 00000287 _____ () C:\WINDOWS\nsw.log
2014-10-13 10:06 - 2014-10-13 10:06 - 00000252 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Windows-pc.lnk
2014-10-13 10:06 - 2014-10-13 10:06 - 00000249 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Easybox.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 23:59 - 2013-07-01 09:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
2014-11-09 23:52 - 2009-04-04 12:32 - 00000000 ____D () C:\Programme
2014-11-09 23:45 - 2013-08-06 16:15 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-09 23:41 - 2013-09-24 17:08 - 01391966 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-09 23:39 - 2014-04-22 00:17 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 23:39 - 2009-04-04 12:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 23:38 - 2014-05-26 05:48 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-09 23:38 - 2009-04-04 12:12 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-11-09 23:38 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-11-09 23:34 - 2013-08-06 13:14 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common
2014-11-09 23:25 - 2013-09-28 06:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument.txt
2014-11-09 23:00 - 2013-02-28 13:27 - 03162278 _____ () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.CDF
2014-11-09 22:35 - 2014-04-21 23:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-11-09 22:23 - 2013-09-16 15:18 - 00001050 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
2014-11-09 22:09 - 2014-04-22 00:17 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 21:48 - 2009-04-04 12:32 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-11-09 20:48 - 2013-05-02 06:55 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-09 19:48 - 2014-04-22 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\BOTS
2014-11-09 19:44 - 2010-06-10 00:01 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Desktop\~~~~
2014-11-09 19:39 - 2013-08-06 17:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2014-11-09 18:48 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-09 16:23 - 2013-09-16 15:18 - 00001028 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
2014-11-08 15:00 - 2014-04-22 00:10 - 00000232 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-11-07 22:00 - 2014-05-01 17:20 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-07 21:59 - 2013-08-06 16:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-06 13:32 - 2009-04-04 12:01 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-11-06 13:26 - 2008-04-14 12:00 - 00000311 _____ () C:\WINDOWS\system.ini
2014-11-06 13:24 - 2009-04-04 11:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-06 13:19 - 2009-04-04 13:30 - 30146560 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 08126464 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 03670016 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-06 12:58 - 2009-04-04 13:30 - 00000327 __RSH () C:\boot.ini
2014-11-03 22:21 - 2009-04-08 00:25 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo
2014-11-03 22:21 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-11-01 18:55 - 2014-06-15 10:04 - 00689934 _____ () C:\WINDOWS\setupapi.log
2014-10-27 20:24 - 2009-04-04 12:32 - 01069336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-18 09:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-10-18 09:02 - 2013-09-24 07:03 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-10-16 14:40 - 2014-07-19 20:50 - 00000266 _____ () C:\WINDOWS\setupact.log
2014-10-15 13:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-10-13 11:01 - 2014-06-10 18:05 - 00000000 ____D () C:\pisse
2014-10-13 10:36 - 2009-06-28 12:18 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
2014-10-13 09:44 - 2014-10-08 17:05 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfamcc00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfareca00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Administrator at 2014-11-10 00:00:51
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.20 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - )
Ashampoo WinOptimizer Platinum 3 (HKLM\...\Ashampoo WinOptimizer Platinum 3) (Version: - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
CrystalDiskInfo 6.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
dBpowerAMP mp3PRO Input Codec (HKLM\...\dBpowerAMP mp3PRO Input Codec) (Version: - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version: - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version: - )
dBpowerAMP WMA V8 Codec (HKLM\...\dBpowerAMP WMA V8 Codec) (Version: - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
dMC Auxiliary Input (HKLM\...\dMC Auxiliary Input) (Version: - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 2 (HKLM\...\Fallout 2) (Version: - )
ffdshow (HKLM\...\ffdshow) (Version: 20051221-gcc4.0.2-sse-x264.nl - Milan Cutka)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
GetFoldersize 1.2.3 (HKLM\...\GetFoldersize_is1) (Version: 1.2.3 - Michael Thummerer Software Design)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Internet Explorer 7 (Version: - ) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MC SW 1.6.1 (HKLM\...\Merciless SW Texture set_is1) (Version: - MERCILESS CREATIONS)
MC: Zara5ustra Map Pack (HKLM\...\MC: Zara5ustra Map Pack) (Version: - )
Merciless 1942 version 1.6 (HKLM\...\Merciless 1942 version 1.6) (Version: - )
Merciless Creations Secret Weapons Single Player (HKLM\...\Merciless Creations Secret Weapons Single Player) (Version: - )
Merciless Single Player (HKLM\...\Merciless Single Player) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.0 - Tracker Software Products Ltd)
Philppines and Kharkov update (HKLM\...\Merciless Creations 1.6.1 Texture Update_is1) (Version: - Merciless Creations)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
Rome - Total War(TM) (HKLM\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (Version: 1.0 - Ihr Firmenname) Hidden
Rome - Total War(TM) (Version: 1.2 - Ihr Firmenname) Hidden
Sakura (HKLM\...\Sakura) (Version: - Image-Line)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Silkroad (HKLM\...\Silkroad) (Version: - )
Snes9x (HKLM\...\Snes9x) (Version: - )
SpeechRedist (HKLM\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TGW 0.15 (HKLM\...\TGW 0.15) (Version: - )
Tony Hawk's Pro Skater 3® (HKLM\...\Tony Hawk's Pro Skater 3®) (Version: 1.0 - Activision Publishing, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
UltimateDefrag V1 FREE Public Domain Version (HKLM\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XBF 1.2 (HKLM\...\XBF 1.2) (Version: - )
XNote Stopwatch 1.50 (HKLM\...\XNote Stopwatch) (Version: - dnSoft Research Group)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{0CFA3FB2-47F4-4157-A162-648CAA980DE2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{19EFC4D2-5251-4EB5-84C8-5A970FF8F5E0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1A6F5C32-45F4-11D3-9A67-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{42E0F145-11FD-11D3-BB97-00C04F8EE6C0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\1033\itngram.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E48-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E49-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{EC468149-6916-11D2-9427-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
==================== Restore Points =========================
06-11-2014 12:25:03 Systemprüfpunkt
07-11-2014 13:24:02 Systemprüfpunkt
07-11-2014 20:55:40 avast! antivirus system restore point
08-11-2014 22:05:40 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 12:00 - 2014-11-06 13:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Eingabeaufforderung.job => C:\WINDOWS\system32\cmd.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-09 20:51 - 2014-11-09 20:51 - 02900992 _____ () C:\Programme\AVAST Software\Avast\defs\14110901\algo.dll
2013-10-16 12:39 - 2014-11-07 22:00 - 38562088 _____ () C:\Programme\AVAST Software\Avast\libcef.dll
2010-08-08 23:07 - 2005-11-10 17:08 - 00418304 _____ () C:\Programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1659004503-2025429265-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1659004503-2025429265-1606980848-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-1659004503-2025429265-1606980848-1000 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
System errors:
=============
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 2000+
Percentage of memory in use: 24%
Total physical RAM: 1791.48 MB
Available physical RAM: 1357.93 MB
Total Pagefile: 3467.69 MB
Available Pagefile: 3218.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.29 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:11.38 GB) (Free:1.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:45.89 GB) (Free:11.8 GB) NTFS
Drive f: (BOOT) (Fixed) (Total:91.2 GB) (Free:2.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BACKUP) (Fixed) (Total:93.15 GB) (Free:38.49 GB) NTFS
Drive h: (SWAP) (Fixed) (Total:1.96 GB) (Free:0.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 57.3 GB) (Disk ID: 04680468)
Partition 1: (Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: CCD3CCD3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=91.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.11.2014, 17:11
| #10 |
| /// the machine /// TB-Ausbilder | XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren!ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
