Malwarebytes Anti-Malware
Malwarebytes : Free Anti-Malware
Suchlauf Datum: 25.03.2014
Suchlauf-Zeit: 16:20:10
Logdatei: 1.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.03.25.04
Rootkit Datenbank: v2014.03.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Haking
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 213440
Verstrichene Zeit: 11 Min, 3 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-602162358-436374069-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE\1I1T1Q1S, Keine Aktion durch Benutzer, [12667196fa81cc6a86c593ce52b0ad53],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-602162358-436374069-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE, Keine Aktion durch Benutzer, [057345c2017acb6bd0c133445ba8b947],
Registrierungswerte: 2
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla\Firefox\Profiles\yq1hb1ru.default\extensions\quick_start@gmail.com, Keine Aktion durch Benutzer, [bdbb8e79ec8fa393945455ff39c9d828]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-602162358-436374069-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, Keine Aktion durch Benutzer, [057345c2017acb6bd0c133445ba8b947]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.022 - Bericht erstellt am 25/03/2014 um 16:24:16
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Haking - CHRISTIAN
# Gestartet von : C:\Dokumente und Einstellungen\Haking\Eigene Dateien\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Programme\PC Speed Maximizer
Ordner Gelöscht : C:\DOKUME~1\Haking\LOKALE~1\Temp\OCS
Ordner Gelöscht : C:\Dokumente und Einstellungen\Haking\Eigene Dateien\PC Speed Maximizer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKCU\Software\InstallCore
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6000.16735
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla\Firefox\Profiles\qzfu19x4.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1189 octets] - [25/03/2014 16:21:50]
AdwCleaner[S0].txt - [1116 octets] - [25/03/2014 16:24:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1176 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Haking on 25.03.2014 at 16:29:18,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2014 at 16:35:13,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Haking (administrator) on CHRISTIAN on 25-03-2014 16:36:47
Running from C:\Dokumente und Einstellungen\Haking\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\WINXP\System32\smss.exe
(Microsoft Corporation) C:\WINXP\system32\csrss.exe
(Microsoft Corporation) C:\WINXP\system32\winlogon.exe
(Microsoft Corporation) C:\WINXP\system32\services.exe
(Microsoft Corporation) C:\WINXP\system32\lsass.exe
(ATI Technologies Inc.) C:\WINXP\system32\Ati2evxx.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\WINXP\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Programme\avmwlanstick\WlanNetService.exe
(Google Inc.) C:\Programme\Google\Update\GoogleUpdate.exe
() C:\Programme\CDBurnerXP\NMSAccessU.exe
(TuneUp Software) C:\WINXP\System32\TUProgSt.exe
(Yahoo! Inc.) C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINXP\system32\wscntfy.exe
(AVM Berlin) C:\Programme\avmwlanstick\wlangui.exe
(Realtek Semiconductor Corp.) C:\WINXP\RTHDCPL.EXE
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINXP\system32\ctfmon.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\WINXP\system32\NOTEPAD.EXE
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINXP\System32\alg.exe
(Microsoft Corporation) C:\WINXP\explorer.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Farbar) C:\Dokumente und Einstellungen\Haking\Eigene Dateien\Downloads\FRST(1).exe
(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVMWlanClient] - C:\Programme\avmwlanstick\wlangui.exe [1454080 2006-12-28] (AVM Berlin)
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINXP\RTHDCPL.EXE [14720000 2005-06-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINXP\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\AtiExtEvent: C:\WINXP\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINXP\system32\WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [CTFMON.EXE] - C:\WINXP\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-602162358-436374069-1606980848-1003\...\Run: [ctfmon.exe] - C:\WINXP\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Programme\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4D4B3B6E-144A-45AB-BA4E-80E68EFE0348} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla\Firefox\Profiles\qzfu19x4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINXP\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINXP\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Programme\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla\Firefox\Profiles\qzfu19x4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla\Firefox\Profiles\qzfu19x4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19]
========================== Services (Whitelisted) =================
S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-02-26] (Adobe Systems Incorporated)
S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [175616 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 Ati HotKey Poller; C:\WINXP\system32\Ati2evxx.exe [602112 2009-02-25] (ATI Technologies Inc.)
S2 ATI Smart; C:\WINXP\system32\ati2sgag.exe [593920 2009-02-25] ()
R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin)
S3 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
S2 Browser; C:\WINXP\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66240 2005-09-23] (Microsoft Corporation)
S3 COMSysApp; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation)
R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [127488 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINXP\System32\dmadmin.exe [225280 2008-04-14] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINXP\System32\dmserver.dll [24064 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2008-04-14] (Microsoft Corporation)
S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [133120 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINXP\system32\services.exe [109056 2008-04-14] (Microsoft Corporation)
R3 EventSystem; C:\WINXP\system32\es.dll [253952 2008-08-12] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-02-20] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-02-20] (Google Inc.)
R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [96768 2008-04-14] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [132096 2008-04-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Programme\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S4 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-15] (Mozilla Foundation)
S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINXP\System32\qagentrt.dll [294400 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINXP\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation)
S4 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINXP\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation)
R2 NMSAccess; C:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation)
R2 PlugPlay; C:\WINXP\system32\services.exe [109056 2008-04-14] (Microsoft Corporation)
R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S4 RDSessMgr; C:\WINXP\system32\sessmgr.exe [143360 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINXP\System32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation)
S4 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINXP\System32\SCardSvr.exe [99840 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINXP\system32\schedsvc.dll [193536 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [334336 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
R2 Spooler; C:\WINXP\system32\spoolsv.exe [57856 2008-04-14] (Microsoft Corporation)
R2 srservice; C:\WINXP\system32\srsvc.dll [171520 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
S3 stisvc; C:\WINXP\system32\wiaservc.dll [334336 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [94208 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 TermService; C:\WINXP\System32\termsrv.dll [297472 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation)
S3 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\WINXP\System32\TuneUpDefragService.exe [361288 2009-10-13] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\WINXP\System32\TUProgSt.exe [604488 2009-10-13] (TuneUp Software)
S3 upnphost; C:\WINXP\System32\upnphost.dll [186880 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINXP\System32\vssvc.exe [292864 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINXP\system32\w32time.dll [177152 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [145408 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2008-07-08] (Microsoft Corporation)
S3 Wmi; C:\WINXP\System32\advapi32.dll [678400 2008-04-14] (Microsoft Corporation)
S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
S3 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2008-07-08] (Microsoft Corporation)
S4 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2008-11-12] (Microsoft Corporation)
S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
R2 YahooAUService; C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S4 NetTcpPortSharing; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
==================== Drivers (Whitelisted) ====================
R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [188800 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [12160 2008-04-14] (Microsoft Corporation)
S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2008-08-14] (Microsoft Corporation)
S3 AIDA32Driver; C:\Programme\aida32.sys [3584 2004-02-23] ()
R3 Arp1394; C:\WINXP\System32\DRIVERS\arp1394.sys [60800 2008-11-12] (Microsoft Corporation)
S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
R3 ati2mtag; C:\WINXP\System32\DRIVERS\ati2mtag.sys [3565568 2009-02-25] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R2 avgntflt; C:\WINXP\System32\DRIVERS\avgntflt.sys [90400 2014-01-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINXP\System32\DRIVERS\avipbb.sys [135648 2014-01-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINXP\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\WINXP\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2008-11-12] (Microsoft Corporation)
R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [800384 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINXP\System32\drivers\dmio.sys [154112 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
S4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
S3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44672 2008-04-14] (Microsoft Corporation)
S3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)
R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [126336 2008-04-14] (Microsoft Corporation)
R3 FWLANUSB; C:\WINXP\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
R3 HDAudBus; C:\WINXP\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R3 hidusb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [264832 2008-04-14] (Microsoft Corporation)
R1 i8042prt; C:\WINXP\System32\DRIVERS\i8042prt.sys [52992 2008-04-14] (Microsoft Corporation)
R1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\WINXP\System32\drivers\RtkHDAud.sys [3173888 2005-06-29] (Realtek Semiconductor Corp.)
R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-14] (Microsoft Corporation)
R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [40448 2008-04-14] (Microsoft Corporation)
S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)
S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37632 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [25216 2008-04-14] (Microsoft Corporation)
S3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92288 2008-04-14] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINXP\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-25] (Malwarebytes Corporation)
R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
S3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30336 2008-11-12] (Microsoft Corporation)
R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23552 2008-11-12] (Microsoft Corporation)
R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12288 2008-11-12] (Microsoft Corporation)
R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
S3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [455936 2008-11-12] (Microsoft Corporation)
R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2008-11-12] (Microsoft Corporation)
R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105344 2008-04-14] (Microsoft Corporation)
R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10112 2008-04-14] (Microsoft Corporation)
S3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2008-11-12] (Microsoft Corporation)
R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40576 2008-04-14] (Microsoft Corporation)
R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R3 NIC1394; C:\WINXP\System32\DRIVERS\nic1394.sys [61824 2008-11-12] (Microsoft Corporation)
R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
R0 ohci1394; C:\WINXP\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation)
R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80384 2008-11-12] (Microsoft Corporation)
R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [7040 2008-04-14] (Microsoft Corporation)
R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)
S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120576 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)
R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)
R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139656 2008-04-14] (Microsoft Corporation)
R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57728 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINXP\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [65536 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
R1 SLEE_16_DRIVER; C:\WINXP\system32\drivers\Sleen16.sys [79104 2007-10-11] (Softwareentwicklung Remus - ArchiCrypt )
S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sptd; C:\WINXP\System32\Drivers\sptd.sys [691696 2012-07-16] ()
R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [333824 2008-10-17] (Microsoft Corporation)
R2 StarOpen; C:\WINXP\system32\Drivers\StarOpen.sys [5504 2009-11-12] ()
R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2008-11-12] (Microsoft Corporation)
S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2008-07-08] (Microsoft Corporation)
S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
R1 truecrypt; C:\WINXP\System32\drivers\truecrypt.sys [231760 2013-07-11] (TrueCrypt Foundation)
S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30208 2008-04-14] (Microsoft Corporation)
R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
R3 usbstor; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [53760 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WS2IFSL; C:\WINXP\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation)
S3 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2008-07-08] (Microsoft Corporation)
S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2008-07-08] (Microsoft Corporation)
S3 catchme; \??\C:\DOKUME~1\Haking\LOKALE~1\Temp\catchme.sys [X]
S3 SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-25 16:35 - 2014-03-25 16:35 - 00000582 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\JRT.txt
2014-03-25 16:28 - 2014-03-23 22:41 - 01038974 _____ (Thisisu) C:\Dokumente und Einstellungen\Haking\Desktop\JRT_NEW.exe
2014-03-25 16:21 - 2014-03-25 16:24 - 00000000 ____D () C:\AdwCleaner
2014-03-25 16:20 - 2014-03-25 16:20 - 00002035 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\1.txt
2014-03-25 15:48 - 2014-03-25 16:08 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 15:48 - 2014-03-25 15:48 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-03-25 15:48 - 2014-03-25 15:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-03-25 15:48 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys
2014-03-25 15:39 - 2014-03-25 15:39 - 00000889 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\Revo Uninstaller.lnk
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Programme\VS Revo Group
2014-03-24 13:16 - 2014-03-25 16:36 - 00000000 ____D () C:\FRST
2014-03-21 11:34 - 2014-03-21 11:34 - 00000000 ____D () C:\AMD
2014-03-21 08:49 - 2014-03-21 08:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\KC Softwares
2014-03-21 08:49 - 2013-12-28 16:34 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Desktop\sumo
2014-03-21 08:41 - 2014-03-21 08:41 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DriverEasy
2014-03-19 12:15 - 2014-03-21 08:41 - 00000787 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\DriverEasy.lnk
2014-03-19 12:01 - 2014-03-19 12:01 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-03-19 12:01 - 2014-03-19 12:01 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-03-19 11:59 - 2014-03-19 11:59 - 00283192 _____ (Mozilla) C:\Firefox Setup Stub 28.0.exe
2014-03-18 16:09 - 2014-03-19 12:01 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-03-17 08:33 - 2014-03-17 08:32 - 00102400 _____ () C:\WINXP\Minidump\Mini031714-01.dmp
2014-03-14 07:53 - 2014-03-14 07:53 - 00102400 _____ () C:\WINXP\Minidump\Mini031414-01.dmp
2014-03-11 11:34 - 2014-03-11 11:33 - 00102400 _____ () C:\WINXP\Minidump\Mini031114-01.dmp
2014-03-10 11:09 - 2014-03-10 11:08 - 00102400 _____ () C:\WINXP\Minidump\Mini031014-01.dmp
2014-03-05 08:26 - 2014-03-05 08:26 - 00002376 _____ () C:\DelFix.txt
2014-02-26 09:12 - 2014-02-26 09:12 - 00000000 ____D () C:\WINXP\Tasks\ImCleanDisabled
2014-02-24 08:16 - 2014-02-24 08:16 - 00000000 _RSHD () C:\cmdcons
2014-02-24 08:16 - 2009-07-10 14:50 - 00000207 _____ () C:\Boot.bak
2014-02-24 08:16 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-02-24 08:14 - 2014-03-05 08:22 - 00000000 ____D () C:\WINXP\erdnt
2014-02-24 08:14 - 2014-02-24 08:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Haking\Startmenü\Programme\Verwaltung
==================== One Month Modified Files and Folders =======
2014-03-25 16:36 - 2014-03-24 13:16 - 00000000 ____D () C:\FRST
2014-03-25 16:35 - 2014-03-25 16:35 - 00000582 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\JRT.txt
2014-03-25 16:31 - 2009-07-10 14:54 - 00354032 _____ () C:\WINXP\WindowsUpdate.log
2014-03-25 16:26 - 2014-02-20 09:22 - 00001086 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 16:26 - 2012-11-30 18:11 - 00000520 _____ () C:\WINXP\Tasks\Automatische Wartung.job
2014-03-25 16:26 - 2009-07-20 07:30 - 00000000 ____D () C:\WINXP\system32\Lang
2014-03-25 16:26 - 2009-07-10 15:01 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT
2014-03-25 16:25 - 2009-07-15 11:15 - 00524288 _____ () C:\WINXP\system32\config\TuneUp.evt
2014-03-25 16:25 - 2009-07-10 15:03 - 00000190 ___SH () C:\Dokumente und Einstellungen\Haking\ntuser.ini
2014-03-25 16:25 - 2009-07-10 15:01 - 00032266 _____ () C:\WINXP\SchedLgU.Txt
2014-03-25 16:24 - 2014-03-25 16:21 - 00000000 ____D () C:\AdwCleaner
2014-03-25 16:24 - 2009-07-10 15:35 - 00000000 ___RD () C:\Programme
2014-03-25 16:24 - 2009-07-10 15:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking
2014-03-25 16:20 - 2014-03-25 16:20 - 00002035 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\1.txt
2014-03-25 16:08 - 2014-03-25 15:48 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 15:51 - 2009-07-10 15:34 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-03-25 15:48 - 2014-03-25 15:48 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-03-25 15:48 - 2014-03-25 15:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-03-25 15:48 - 2014-02-20 08:39 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 15:48 - 2012-07-16 12:40 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Malwarebytes
2014-03-25 15:48 - 2012-07-16 12:39 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-03-25 15:44 - 2014-02-20 09:23 - 00001090 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-25 15:43 - 2013-03-04 09:19 - 00000880 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job
2014-03-25 15:39 - 2014-03-25 15:39 - 00000889 _____ () C:\Dokumente und Einstellungen\Haking\Desktop\Revo Uninstaller.lnk
2014-03-25 15:39 - 2014-03-25 15:39 - 00000000 ____D () C:\Programme\VS Revo Group
2014-03-25 15:39 - 2009-07-10 15:03 - 00000000 ___RD () C:\Dokumente und Einstellungen\Haking\Startmenü\Programme
2014-03-25 15:36 - 2008-04-14 12:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl
2014-03-23 22:41 - 2014-03-25 16:28 - 01038974 _____ (Thisisu) C:\Dokumente und Einstellungen\Haking\Desktop\JRT_NEW.exe
2014-03-21 11:34 - 2014-03-21 11:34 - 00000000 ____D () C:\AMD
2014-03-21 08:54 - 2010-10-11 07:07 - 00012800 ___SH () C:\Programme\Thumbs.db
2014-03-21 08:49 - 2014-03-21 08:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\KC Softwares
2014-03-21 08:41 - 2014-03-21 08:41 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DriverEasy
2014-03-21 08:41 - 2014-03-19 12:15 - 00000787 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\DriverEasy.lnk
2014-03-21 08:41 - 2014-02-20 09:07 - 00000000 ____D () C:\Programme\Easeware
2014-03-21 07:15 - 2010-11-09 08:33 - 00000000 ____D () C:\WINXP\system32\NtmsData
2014-03-21 07:13 - 2009-07-10 14:52 - 00000000 ____D () C:\WINXP\Registration
2014-03-19 12:02 - 2009-07-10 15:34 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Mozilla
2014-03-19 12:01 - 2014-03-19 12:01 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-03-19 12:01 - 2014-03-19 12:01 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-03-19 12:01 - 2014-03-18 16:09 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-03-19 11:59 - 2014-03-19 11:59 - 00283192 _____ (Mozilla) C:\Firefox Setup Stub 28.0.exe
2014-03-18 15:55 - 2009-07-30 11:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\vlc
2014-03-18 15:15 - 2009-07-13 11:39 - 00209408 _____ () C:\Dokumente und Einstellungen\Haking\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-18 12:55 - 2011-02-25 09:49 - 00000000 ____D () C:\Programme\JDownloader
2014-03-18 11:59 - 2009-07-28 07:34 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\dwhelper
2014-03-17 08:35 - 2010-10-11 07:07 - 00007680 ___SH () C:\WINXP\Thumbs.db
2014-03-17 08:33 - 2013-01-21 14:49 - 00000000 ____D () C:\WINXP\Minidump
2014-03-17 08:33 - 2009-07-10 16:28 - 00000000 ____D () C:\WINXP
2014-03-17 08:32 - 2014-03-17 08:33 - 00102400 _____ () C:\WINXP\Minidump\Mini031714-01.dmp
2014-03-14 07:53 - 2014-03-14 07:53 - 00102400 _____ () C:\WINXP\Minidump\Mini031414-01.dmp
2014-03-11 11:33 - 2014-03-11 11:34 - 00102400 _____ () C:\WINXP\Minidump\Mini031114-01.dmp
2014-03-10 11:08 - 2014-03-10 11:09 - 00102400 _____ () C:\WINXP\Minidump\Mini031014-01.dmp
2014-03-05 12:19 - 2009-07-10 14:53 - 00000000 ____D () C:\WINXP\system32\Restore
2014-03-05 09:26 - 2014-03-25 15:48 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2012-07-16 12:39 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys
2014-03-05 08:26 - 2014-03-05 08:26 - 00002376 _____ () C:\DelFix.txt
2014-03-05 08:26 - 2014-02-20 11:31 - 00000000 ____D () C:\WINXP\ERUNT
2014-03-05 08:22 - 2014-02-24 08:14 - 00000000 ____D () C:\WINXP\erdnt
2014-03-05 08:00 - 2009-07-10 15:01 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-02-26 16:07 - 2009-07-30 11:57 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-02-26 16:06 - 2012-04-04 07:46 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
2014-02-26 16:06 - 2011-05-26 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
2014-02-26 09:13 - 2014-02-20 09:15 - 00000000 ____D () C:\Programme\IObit
2014-02-26 09:12 - 2014-02-26 09:12 - 00000000 ____D () C:\WINXP\Tasks\ImCleanDisabled
2014-02-25 12:41 - 2014-02-20 09:23 - 00000000 ____D () C:\Dokumente und Einstellungen\Haking\Anwendungsdaten\Fifth
2014-02-25 12:40 - 2009-07-10 16:28 - 00000000 ____D () C:\WINXP\Resources
2014-02-24 08:26 - 2009-07-10 15:00 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2014-02-24 08:24 - 2008-04-14 12:00 - 00000227 _____ () C:\WINXP\system.ini
2014-02-24 08:16 - 2014-02-24 08:16 - 00000000 _RSHD () C:\cmdcons
2014-02-24 08:16 - 2009-07-10 16:31 - 00000323 __RSH () C:\boot.ini
2014-02-24 08:14 - 2014-02-24 08:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Haking\Startmenü\Programme\Verwaltung
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Haking\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Haking\Lokale Einstellungen\temp\promote-upx.exe
C:\Dokumente und Einstellungen\Haking\Lokale Einstellungen\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\WINXP\explorer.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 1036800 ____A (Microsoft Corporation)
C:\WINXP\system32\winlogon.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0513024 ____A (Microsoft Corporation)
C:\WINXP\system32\svchost.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0014336 ____A (Microsoft Corporation)
C:\WINXP\system32\services.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0109056 ____A (Microsoft Corporation)
C:\WINXP\system32\User32.dll
[2008-04-14 12:00] - [2008-04-14 12:00] - 0580096 ____A (Microsoft Corporation)
C:\WINXP\system32\userinit.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0026624 ____A (Microsoft Corporation)
C:\WINXP\system32\rpcss.dll
[2008-04-14 12:00] - [2008-04-14 12:00] - 0399360 ____A (Microsoft Corporation)
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINXP\system32\Drivers\volsnap.sys
[2008-04-14 12:00] - [2008-04-14 12:00] - 0053760 ____A (Microsoft Corporation)
==================== End Of Log ============================
--- --- ---
--- --- ---