|
Plagegeister aller Art und deren Bekämpfung: neuer Bundestrojaner - abgesicherter Modus geht nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.11.2013, 18:27 | #1 |
| neuer Bundestrojaner - abgesicherter Modus geht nicht Guten Abend, mein Vater hat es tatsächlich erneut geschafft sich einen neuen Bundestrojaner einzufangen. Der PC startet sofort neu, wenn ich versuche diesen im abgesicherten Modus zu starten. Habe nun wie mir letztes Mal geraten wurde den PC mit FRST gescannt. Hier der Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by SYSTEM on MININT-OR6NFEJ on 16-11-2013 18:15:49 Running from L:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.) HKU\slava105\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\UpdatusUser\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION Startup: C:\Users\slava105\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lq9bej6.lnk ShortcutTarget: lq9bej6.lnk -> C:\PROGRA~3\6jeb9ql.dss (Sato Corporation) ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( ) S2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe [598696 2010-04-14] ( ) S2 Winmgmt; C:\PROGRA~3\lq9bej6.pss [61024 2013-11-15] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-03] (Duplex Secure Ltd.) S3 ZY202_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [1041920 2007-11-06] (Atheros Communications, Inc.) S3 ZDCNDIS6a64; \??\C:\Windows\system32\ZDCNDIS6a64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-15 21:58 - 2013-11-16 18:13 - 00000392 _____ C:\Windows\setupact.log 2013-11-15 21:58 - 2013-11-15 21:58 - 00000279 _____ C:\ProgramData\lq9bej6.reg 2013-11-15 19:30 - 2013-11-15 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{2FFC4633-5240-4091-9C96-E24A5A4276D5} 2013-11-15 19:26 - 2013-11-16 18:13 - 95025368 ____T C:\ProgramData\lq9bej6.bxx 2013-11-15 19:26 - 2013-11-16 18:13 - 00000000 _____ C:\ProgramData\lq9bej6.fvv 2013-11-15 19:26 - 2013-11-15 19:26 - 00178176 _____ (Sato Corporation) C:\ProgramData\6jeb9ql.dss 2013-11-15 19:26 - 2013-11-15 19:26 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\lq9bej6.pss 2013-11-15 19:21 - 2013-11-15 19:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{D011EB0D-2BEC-418B-8C33-8C2BCD902523} 2013-11-14 19:00 - 2013-11-14 19:00 - 00000000 ____D C:\Users\slava105\AppData\Local\{2CDE7954-3D8F-4291-856D-40895DEC284B} 2013-11-14 06:11 - 2013-11-14 06:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{3E51A7F0-6AA4-4C32-A363-4D9D10290D82} 2013-11-13 17:55 - 2013-11-13 17:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{9FD2879F-2249-4875-BE17-E256C10BDE4B} 2013-11-13 01:01 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-11-13 01:01 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-11-13 01:01 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-11-13 01:01 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-11-13 01:01 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 01:01 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 01:01 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-11-13 01:01 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 01:01 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-11-13 01:01 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-12 23:58 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll 2013-11-12 23:58 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2013-11-12 23:58 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL 2013-11-12 23:58 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-12 23:58 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-12 23:58 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-11-12 23:58 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-12 23:58 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-12 23:58 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll 2013-11-12 23:58 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-11-12 23:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-12 23:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-12 23:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-12 23:58 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2013-11-12 23:58 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-12 23:58 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-11-12 23:58 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2013-11-12 23:58 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-11-12 23:58 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2013-11-12 23:58 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2013-11-12 23:58 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2013-11-12 23:58 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-11-12 23:58 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2013-11-12 23:58 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-11-12 23:58 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-12 23:58 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-12 23:58 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-12 23:58 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-12 23:58 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2013-11-12 23:58 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2013-11-12 19:32 - 2013-11-12 19:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{3DADE7CB-F73C-433C-9D05-93E0404EC213} 2013-11-12 06:21 - 2013-11-12 06:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{B4C3C435-52D6-40BB-A9B2-D97FD8226F59} 2013-11-11 17:41 - 2013-11-11 17:41 - 00000000 ____D C:\Users\slava105\AppData\Local\{6A0B5DF9-D6FA-45F6-AD71-B8B0AC26529D} 2013-11-10 11:30 - 2013-11-10 11:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{FC1C82AC-502A-4FC6-9E85-1FC7C9920AC1} 2013-11-09 22:23 - 2013-11-09 22:23 - 00000000 ____D C:\Users\slava105\AppData\Local\{7BFD6E17-0D9D-486F-ABB6-4C284FD4DBA2} 2013-11-09 09:56 - 2013-11-09 09:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{83857D98-1110-4BA8-8526-F34F61F6D2DB} 2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{15FF85FC-9D2D-4361-8A1B-0B4B6D3EC8D6} 2013-11-07 19:48 - 2013-11-07 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{E7297515-720B-4B91-828C-2911C3E192AA} 2013-11-06 22:08 - 2013-11-06 22:11 - 246598160 _____ C:\Users\slava105\Downloads\kis14.0.0.4651de-de.exe 2013-11-06 21:47 - 2013-11-06 21:47 - 00000000 ____D C:\Users\slava105\AppData\Roaming\AVG2014 2013-11-06 21:46 - 2013-11-06 21:47 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-06 21:46 - 2013-11-06 21:46 - 00000981 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ___HD C:\$AVG 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\TuneUp Software 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Program Files (x86)\AVG 2013-11-06 21:43 - 2013-11-15 19:25 - 00000000 ____D C:\ProgramData\MFAData 2013-11-06 21:43 - 2013-11-06 21:49 - 00000000 ____D C:\Users\slava105\AppData\Local\Avg2014 2013-11-06 21:43 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\MFAData 2013-11-06 21:41 - 2013-11-06 21:43 - 151332384 _____ (AVG Technologies) C:\Users\slava105\Downloads\avg_free_x64_all_2014_4158a6730.exe 2013-11-06 18:50 - 2013-11-15 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-06 17:27 - 2013-11-06 17:27 - 00000000 ____D C:\Users\slava105\AppData\Local\{C751596F-12D5-4434-8B42-2B2435294061} 2013-11-05 20:03 - 2013-11-05 20:03 - 00000000 ____D C:\Users\slava105\AppData\Local\{38ACA61A-5A3B-4D7D-9467-DB9EC00C12B6} 2013-11-05 06:19 - 2013-11-05 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{2F54987B-0805-4FB7-B29D-A84A6D92F1ED} 2013-11-04 18:16 - 2013-11-04 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{7DADA084-3A8F-4E45-AE7E-016EE67A1D07} 2013-11-03 23:12 - 2013-11-03 23:13 - 00000000 ____D C:\Users\slava105\AppData\Local\{C864ACD5-C6CF-4D3A-B9C3-782420155FBE} 2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Users\slava105\Documents\4A Games 2013-11-03 12:39 - 2013-11-03 12:39 - 00000000 ____D C:\Users\slava105\AppData\Local\4A Games 2013-11-03 12:26 - 2013-11-03 12:26 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-11-03 11:15 - 2013-11-03 11:15 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys 2013-11-03 11:15 - 2013-11-03 11:15 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Users\slava105\AppData\Roaming\OpenCandy 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-11-03 11:12 - 2013-11-03 11:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE55E47D-C73D-412C-9E71-9C176608D859} 2013-11-02 21:37 - 2013-11-02 21:38 - 00000000 ____D C:\Users\slava105\AppData\Local\{1D517693-7312-4882-AA9D-3161EE313F4B} 2013-11-02 09:01 - 2013-11-02 09:01 - 00000000 ____D C:\Users\slava105\AppData\Local\{72342429-D241-47E6-8B7A-1BA8E692F2CF} 2013-11-01 18:32 - 2013-11-01 18:33 - 00000000 ____D C:\Users\slava105\AppData\Local\{B6A1D8BD-BC7C-42C6-927C-478B916F85A8} 2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\Users\slava105\AppData\Local\{4478077E-DDF4-4149-ADA0-73CB70A149D2} 2013-10-30 18:16 - 2013-10-30 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{8F72FD3B-F611-4FCF-BDE7-FECBAC395268} 2013-10-29 19:29 - 2013-10-29 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{1FE1F28F-C12E-46C4-B3AA-CCF20B2012CF} 2013-10-28 23:57 - 2013-10-28 23:57 - 00000000 ____D C:\Users\slava105\AppData\Local\{4B94AE15-615E-4F14-8F93-D0C2F8A3A4B5} 2013-10-28 06:20 - 2013-10-28 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{6D9C44C7-72E3-42AB-A27A-B702963B3A2A} 2013-10-27 18:16 - 2013-10-27 18:17 - 00000000 ____D C:\Users\slava105\AppData\Local\{D26D0D79-B1DF-421B-B9B1-7D3C27D887FB} 2013-10-26 21:50 - 2013-10-26 21:50 - 00000000 ____D C:\Users\slava105\AppData\Local\{76ECF3B6-24CB-4827-9125-2E14F3BECC46} 2013-10-26 09:49 - 2013-10-26 09:49 - 00000000 ____D C:\Users\slava105\AppData\Local\{3CB1B08A-4BBB-4AD8-9F76-2454DD467622} 2013-10-25 18:51 - 2013-10-25 18:51 - 00000000 ____D C:\Users\slava105\AppData\Local\{425F5930-E3B3-4210-8263-BBA15C18A37F} 2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE972A3C-0F95-475F-BED3-C6F391984984} 2013-10-23 17:45 - 2013-10-23 17:46 - 00000000 ____D C:\Users\slava105\AppData\Local\{25105783-5F5A-4D7C-B6C2-4211B0873092} 2013-10-22 20:58 - 2013-10-22 20:59 - 00000000 ____D C:\Users\slava105\AppData\Local\{5743382A-986B-4511-BCA7-24CDE0BF9EBF} 2013-10-21 21:24 - 2013-10-21 21:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E139353-05B6-4D29-B2FC-E432AA5C2001} 2013-10-20 22:08 - 2013-10-20 22:09 - 00000000 ____D C:\Users\slava105\AppData\Local\{00D752B3-D169-4274-924D-6C81F1D2AAB8} 2013-10-20 10:08 - 2013-10-20 10:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{FD048A1B-2D3A-40AC-9533-E36599CCACF1} 2013-10-19 19:47 - 2013-10-19 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{8899983F-7B52-45CD-8F16-383D29A4CE59} 2013-10-17 18:24 - 2013-10-17 18:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E85182B-D4CA-4602-858A-11B58C0C0A9E} ==================== One Month Modified Files and Folders ======= 2013-11-16 18:13 - 2013-11-15 21:58 - 00000392 _____ C:\Windows\setupact.log 2013-11-16 18:13 - 2013-11-15 19:26 - 95025368 ____T C:\ProgramData\lq9bej6.bxx 2013-11-16 18:13 - 2013-11-15 19:26 - 00000000 _____ C:\ProgramData\lq9bej6.fvv 2013-11-16 18:13 - 2013-03-30 16:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-16 18:13 - 2012-04-27 15:46 - 00000000 _____ C:\Windows\System32\Drivers\lvuvc.hs 2013-11-16 18:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-16 01:43 - 2012-07-30 17:47 - 01634209 _____ C:\Windows\WindowsUpdate.log 2013-11-16 01:36 - 2012-04-27 16:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-16 01:05 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-16 01:05 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-15 22:13 - 2013-11-06 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 22:02 - 2009-07-14 18:58 - 00686558 _____ C:\Windows\System32\perfh007.dat 2013-11-15 22:02 - 2009-07-14 18:58 - 00147686 _____ C:\Windows\System32\perfc007.dat 2013-11-15 22:02 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-15 21:58 - 2013-11-15 21:58 - 00000279 _____ C:\ProgramData\lq9bej6.reg 2013-11-15 19:50 - 2012-04-27 17:50 - 00000000 ____D C:\Windows\Minidump 2013-11-15 19:30 - 2013-11-15 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{2FFC4633-5240-4091-9C96-E24A5A4276D5} 2013-11-15 19:30 - 2013-05-20 17:52 - 00000000 ____D C:\Users\slava105\AppData\Local\CrashDumps 2013-11-15 19:26 - 2013-11-15 19:26 - 00178176 _____ (Sato Corporation) C:\ProgramData\6jeb9ql.dss 2013-11-15 19:26 - 2013-11-15 19:26 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\lq9bej6.pss 2013-11-15 19:25 - 2013-11-06 21:43 - 00000000 ____D C:\ProgramData\MFAData 2013-11-15 19:21 - 2013-11-15 19:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{D011EB0D-2BEC-418B-8C33-8C2BCD902523} 2013-11-14 19:00 - 2013-11-14 19:00 - 00000000 ____D C:\Users\slava105\AppData\Local\{2CDE7954-3D8F-4291-856D-40895DEC284B} 2013-11-14 06:12 - 2013-11-14 06:11 - 00000000 ____D C:\Users\slava105\AppData\Local\{3E51A7F0-6AA4-4C32-A363-4D9D10290D82} 2013-11-13 17:56 - 2013-11-13 17:55 - 00000000 ____D C:\Users\slava105\AppData\Local\{9FD2879F-2249-4875-BE17-E256C10BDE4B} 2013-11-13 01:01 - 2012-04-27 18:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 01:00 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\System32\MRT 2013-11-13 01:00 - 2012-04-27 17:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-11-12 19:32 - 2013-11-12 19:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{3DADE7CB-F73C-433C-9D05-93E0404EC213} 2013-11-12 06:21 - 2013-11-12 06:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{B4C3C435-52D6-40BB-A9B2-D97FD8226F59} 2013-11-12 06:20 - 2012-04-27 20:37 - 00023402 _____ C:\ProgramData\lxecscan.log 2013-11-11 21:38 - 2012-05-03 16:39 - 00000000 ____D C:\Users\slava105\AppData\Roaming\BitComet 2013-11-11 17:41 - 2013-11-11 17:41 - 00000000 ____D C:\Users\slava105\AppData\Local\{6A0B5DF9-D6FA-45F6-AD71-B8B0AC26529D} 2013-11-10 18:44 - 2013-02-24 20:01 - 00006677 _____ C:\Users\Public\Documents\stalke~1.ltx 2013-11-10 11:30 - 2013-11-10 11:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{FC1C82AC-502A-4FC6-9E85-1FC7C9920AC1} 2013-11-09 22:23 - 2013-11-09 22:23 - 00000000 ____D C:\Users\slava105\AppData\Local\{7BFD6E17-0D9D-486F-ABB6-4C284FD4DBA2} 2013-11-09 09:56 - 2013-11-09 09:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{83857D98-1110-4BA8-8526-F34F61F6D2DB} 2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{15FF85FC-9D2D-4361-8A1B-0B4B6D3EC8D6} 2013-11-07 19:48 - 2013-11-07 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{E7297515-720B-4B91-828C-2911C3E192AA} 2013-11-06 22:28 - 2013-09-25 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-06 22:11 - 2013-11-06 22:08 - 246598160 _____ C:\Users\slava105\Downloads\kis14.0.0.4651de-de.exe 2013-11-06 21:49 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\Avg2014 2013-11-06 21:47 - 2013-11-06 21:47 - 00000000 ____D C:\Users\slava105\AppData\Roaming\AVG2014 2013-11-06 21:47 - 2013-11-06 21:46 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-06 21:46 - 2013-11-06 21:46 - 00000981 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ___HD C:\$AVG 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\TuneUp Software 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Program Files (x86)\AVG 2013-11-06 21:43 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\MFAData 2013-11-06 21:43 - 2013-11-06 21:41 - 151332384 _____ (AVG Technologies) C:\Users\slava105\Downloads\avg_free_x64_all_2014_4158a6730.exe 2013-11-06 17:27 - 2013-11-06 17:27 - 00000000 ____D C:\Users\slava105\AppData\Local\{C751596F-12D5-4434-8B42-2B2435294061} 2013-11-05 23:17 - 2012-04-27 17:11 - 00000000 ____D C:\Users\slava105\AppData\Roaming\Skype 2013-11-05 20:03 - 2013-11-05 20:03 - 00000000 ____D C:\Users\slava105\AppData\Local\{38ACA61A-5A3B-4D7D-9467-DB9EC00C12B6} 2013-11-05 19:50 - 2013-05-20 08:23 - 00000000 ____D C:\ProgramData\Norton 2013-11-05 11:55 - 2012-04-27 20:39 - 00000000 ____D C:\ProgramData\Lx_cats 2013-11-05 11:51 - 2012-04-27 20:47 - 00004294 _____ C:\ProgramData\lxecJSW.log 2013-11-05 06:20 - 2013-11-05 06:19 - 00000000 ____D C:\Users\slava105\AppData\Local\{2F54987B-0805-4FB7-B29D-A84A6D92F1ED} 2013-11-04 18:16 - 2013-11-04 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{7DADA084-3A8F-4E45-AE7E-016EE67A1D07} 2013-11-03 23:13 - 2013-11-03 23:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{C864ACD5-C6CF-4D3A-B9C3-782420155FBE} 2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Users\slava105\Documents\4A Games 2013-11-03 12:39 - 2013-11-03 12:39 - 00000000 ____D C:\Users\slava105\AppData\Local\4A Games 2013-11-03 12:38 - 2013-09-28 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\NVIDIA 2013-11-03 12:26 - 2013-11-03 12:26 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-11-03 11:15 - 2013-11-03 11:15 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys 2013-11-03 11:15 - 2013-11-03 11:15 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Users\slava105\AppData\Roaming\OpenCandy 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-11-03 11:12 - 2013-11-03 11:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE55E47D-C73D-412C-9E71-9C176608D859} 2013-11-02 22:10 - 2013-04-10 17:50 - 00000000 ____D C:\Windows\rescache 2013-11-02 21:38 - 2013-11-02 21:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{1D517693-7312-4882-AA9D-3161EE313F4B} 2013-11-02 20:23 - 2013-01-11 20:08 - 00000000 ____D C:\Users\slava105\AppData\Roaming\vlc 2013-11-02 09:01 - 2013-11-02 09:01 - 00000000 ____D C:\Users\slava105\AppData\Local\{72342429-D241-47E6-8B7A-1BA8E692F2CF} 2013-11-01 18:33 - 2013-11-01 18:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{B6A1D8BD-BC7C-42C6-927C-478B916F85A8} 2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\Users\slava105\AppData\Local\{4478077E-DDF4-4149-ADA0-73CB70A149D2} 2013-10-30 18:16 - 2013-10-30 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{8F72FD3B-F611-4FCF-BDE7-FECBAC395268} 2013-10-29 19:30 - 2013-10-29 19:29 - 00000000 ____D C:\Users\slava105\AppData\Local\{1FE1F28F-C12E-46C4-B3AA-CCF20B2012CF} 2013-10-28 23:57 - 2013-10-28 23:57 - 00000000 ____D C:\Users\slava105\AppData\Local\{4B94AE15-615E-4F14-8F93-D0C2F8A3A4B5} 2013-10-28 06:20 - 2013-10-28 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{6D9C44C7-72E3-42AB-A27A-B702963B3A2A} 2013-10-27 18:17 - 2013-10-27 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{D26D0D79-B1DF-421B-B9B1-7D3C27D887FB} 2013-10-26 21:50 - 2013-10-26 21:50 - 00000000 ____D C:\Users\slava105\AppData\Local\{76ECF3B6-24CB-4827-9125-2E14F3BECC46} 2013-10-26 09:49 - 2013-10-26 09:49 - 00000000 ____D C:\Users\slava105\AppData\Local\{3CB1B08A-4BBB-4AD8-9F76-2454DD467622} 2013-10-25 18:51 - 2013-10-25 18:51 - 00000000 ____D C:\Users\slava105\AppData\Local\{425F5930-E3B3-4210-8263-BBA15C18A37F} 2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE972A3C-0F95-475F-BED3-C6F391984984} 2013-10-23 17:46 - 2013-10-23 17:45 - 00000000 ____D C:\Users\slava105\AppData\Local\{25105783-5F5A-4D7C-B6C2-4211B0873092} 2013-10-22 20:59 - 2013-10-22 20:58 - 00000000 ____D C:\Users\slava105\AppData\Local\{5743382A-986B-4511-BCA7-24CDE0BF9EBF} 2013-10-21 21:24 - 2013-10-21 21:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E139353-05B6-4D29-B2FC-E432AA5C2001} 2013-10-20 22:09 - 2013-10-20 22:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{00D752B3-D169-4274-924D-6C81F1D2AAB8} 2013-10-20 10:08 - 2013-10-20 10:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{FD048A1B-2D3A-40AC-9533-E36599CCACF1} 2013-10-19 19:48 - 2013-10-19 19:47 - 00000000 ____D C:\Users\slava105\AppData\Local\{8899983F-7B52-45CD-8F16-383D29A4CE59} 2013-10-17 18:24 - 2013-10-17 18:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E85182B-D4CA-4602-858A-11B58C0C0A9E} Files to move or delete: ==================== C:\ProgramData\6jeb9ql.dss C:\ProgramData\lq9bej6.reg Some content of TEMP: ==================== C:\Users\slava105\AppData\Local\Temp\~tmf7945201666538710316.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8183.11 MB Available physical RAM: 7318.23 MB Total Pagefile: 8181.26 MB Available Pagefile: 7303.59 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:33.96 GB) NTFS Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:532.08 GB) NTFS Drive k: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive l: (Backup USB) (Removable) (Total:29.82 GB) (Free:5.35 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: E5E92BED) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 09448128) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 30 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS) LastRegBack: 2013-11-02 21:32 ==================== End Of Log ============================ Hoffe auf schnelle Hilfe. Vielen Dank! |
16.11.2013, 20:22 | #2 |
/// TB-Ausbilder | neuer Bundestrojaner - abgesicherter Modus geht nicht Hi,
__________________startet der Rechner nach diesem Fix wieder normal? Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\UpdatusUser\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION Startup: C:\Users\slava105\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lq9bej6.lnk ShortcutTarget: lq9bej6.lnk -> C:\PROGRA~3\6jeb9ql.dss (Sato Corporation) S2 Winmgmt; C:\PROGRA~3\lq9bej6.pss [61024 2013-11-15] (Microsoft Corporation) 2013-11-15 21:58 - 2013-11-15 21:58 - 00000279 _____ C:\ProgramData\lq9bej6.reg C:\Users\slava105\AppData\Local\Temp\~tmf7945201666538710316.dll 2013-11-15 19:26 - 2013-11-16 18:13 - 95025368 ____T C:\ProgramData\lq9bej6.bxx 2013-11-15 19:26 - 2013-11-16 18:13 - 00000000 _____ C:\ProgramData\lq9bej6.fvv 2013-11-15 19:26 - 2013-11-15 19:26 - 00178176 _____ (Sato Corporation) C:\ProgramData\6jeb9ql.dss 2013-11-15 19:26 - 2013-11-15 19:26 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\lq9bej6.pss
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
17.11.2013, 01:15 | #3 |
| neuer Bundestrojaner - abgesicherter Modus geht nicht Hallo,
__________________erstmal vielen Dank für Deine Hilfe! Der PC startet auch wieder normal. Hier der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013 Ran by SYSTEM at 2013-11-17 01:11:40 Run:4 Running from L:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\UpdatusUser\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION Startup: C:\Users\slava105\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lq9bej6.lnk ShortcutTarget: lq9bej6.lnk -> C:\PROGRA~3\6jeb9ql.dss (Sato Corporation) S2 Winmgmt; C:\PROGRA~3\lq9bej6.pss [61024 2013-11-15] (Microsoft Corporation) 2013-11-15 21:58 - 2013-11-15 21:58 - 00000279 _____ C:\ProgramData\lq9bej6.reg C:\Users\slava105\AppData\Local\Temp\~tmf7945201666538710316.dll 2013-11-15 19:26 - 2013-11-16 18:13 - 95025368 ____T C:\ProgramData\lq9bej6.bxx 2013-11-15 19:26 - 2013-11-16 18:13 - 00000000 _____ C:\ProgramData\lq9bej6.fvv 2013-11-15 19:26 - 2013-11-15 19:26 - 00178176 _____ (Sato Corporation) C:\ProgramData\6jeb9ql.dss 2013-11-15 19:26 - 2013-11-15 19:26 - 00061024 ____T (Microsoft Corporation) C:\ProgramData\lq9bej6.pss ***************** HKU\UpdatusUser\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\slava105\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lq9bej6.lnk => Moved successfully. C:\PROGRA~3\6jeb9ql.dss => Moved successfully. Winmgmt => Service restored successfully. C:\ProgramData\lq9bej6.reg => Moved successfully. C:\Users\slava105\AppData\Local\Temp\~tmf7945201666538710316.dll => Moved successfully. C:\ProgramData\lq9bej6.bxx => Moved successfully. C:\ProgramData\lq9bej6.fvv => Moved successfully. "C:\ProgramData\6jeb9ql.dss" => File/Directory not found. C:\ProgramData\lq9bej6.pss => Moved successfully. ==== End of Fixlog ==== |
17.11.2013, 01:18 | #4 |
/// TB-Ausbilder | neuer Bundestrojaner - abgesicherter Modus geht nicht Ok, dann verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ cheers, Leo |
17.11.2013, 20:52 | #5 |
| neuer Bundestrojaner - abgesicherter Modus geht nicht Sorry, dass ich erst so spät antworte! War leider zeitlich verhindert. Hier die Logs: Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013 Ran by slava105 at 2013-11-17 09:50:58 Running from C:\Users\slava105\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.2146.41621) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152) Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8) AIMP2 (x32) AVG 2014 (Version: 14.0.3629) AVG 2014 (Version: 14.0.4158) AVG 2014 (Version: 2014.0.4158) BitComet 1.35 (x32 Version: 1.35) CCleaner (Version: 3.18) Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.48.1.0347) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0) G.L.A.D.I.A.T.O.R.II Время Альянса (x32 Version: G.L.A.D.I.A.T.O.R.II Время Альянса) GHOST (x32 Version: 1.04.0000) Google Earth (x32 Version: 6.2.2.6613) Haali Media Splitter (x32) Java Auto Updater (x32 Version: 2.0.7.1) Java(TM) 6 Update 31 (x32 Version: 6.0.310) jetAudio Basic VX (x32 Version: 6.2.4) JetShell PRO (x32 Version: 4.10.000) Junk Mail filter update (x32 Version: 15.4.3502.0922) K-Lite Codec Pack 8.7.0 (Full) (x32 Version: 8.7.0) Lexmark Pro800-Pro900 Series Lexmark Symbolleiste (x32 Version: 4.63.37.0) Logitech GamePanel Software 3.06.109 (Version: 3.06.109) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.5 (Version: 1.5) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.124.810) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 4.11.9 (Version: 4.11.9) NVIDIA Update Components (Version: 4.11.9) Paint.NET v3.5.10 (Version: 3.60.0) S.T.A.L.K.E.R. - Зов Припяти [v1.6.00] (x32 Version: 1.6.00) Skype™ 5.9 (x32 Version: 5.9.114) Speedport W 101 Stick WLAN Manager (x32 Version: 1.00.0000) The Elder Scrolls V - Skyrim 1.00 (x32) Tinypic 3.18 (x32 Version: Tinypic 3.18) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32) Uplay (x32 Version: 2.0) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1) Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1) VLC media player 2.0.8 (x32 Version: 2.0.8) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.11 (64-Bit) (Version: 4.11.0) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {D7F3ED8B-5A1E-41F7-817C-DE6CA96EA230} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {E0BE9178-4754-4BCF-AE93-F10BEAD0D747} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-27 20:36 - 2009-11-26 00:09 - 00053760 _____ () C:\Windows\System32\LXECPMON.DLL 2012-04-27 20:36 - 2009-01-13 07:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL 2012-04-27 20:37 - 2009-11-04 07:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll 2013-03-30 18:44 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-15 22:13 - 2013-11-15 22:13 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:1201B9E6 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/15/2013 07:29:52 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c41f ID des fehlerhaften Prozesses: 0x11ec Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0 Pfad der fehlerhaften Anwendung: rundll32.exe1 Pfad des fehlerhaften Moduls: rundll32.exe2 Berichtskennung: rundll32.exe3 Error: (11/10/2013 08:38:09 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7da4 ID des fehlerhaften Prozesses: 0x748 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:34:35 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4906 ID des fehlerhaften Prozesses: 0xca0 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:26:25 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4906 ID des fehlerhaften Prozesses: 0x8e8 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:25:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4906 ID des fehlerhaften Prozesses: 0x1798 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:24:15 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c4575 ID des fehlerhaften Prozesses: 0x196c Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:08:21 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4903 ID des fehlerhaften Prozesses: 0x14c8 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:07:55 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4e86 ID des fehlerhaften Prozesses: 0x134c Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:02:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a4906 ID des fehlerhaften Prozesses: 0x14f4 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 Error: (11/10/2013 08:00:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xrEngine.exe, Version: 1.6.0.2, Zeitstempel: 0x4b275197 Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c4581 ID des fehlerhaften Prozesses: 0x18b8 Startzeit der fehlerhaften Anwendung: 0xxrEngine.exe0 Pfad der fehlerhaften Anwendung: xrEngine.exe1 Pfad des fehlerhaften Moduls: xrEngine.exe2 Berichtskennung: xrEngine.exe3 System errors: ============= Error: (11/17/2013 09:25:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/17/2013 09:25:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/17/2013 09:25:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/17/2013 09:25:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/17/2013 09:25:32 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (11/17/2013 09:25:32 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (11/17/2013 09:25:21 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (11/17/2013 09:25:21 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (11/17/2013 09:25:21 AM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (11/17/2013 09:25:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (11/15/2013 07:29:52 PM) (Source: Application Error)(User: ) Description: rundll32.exe6.1.7600.163854a5bc637KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f11ec01cee230ac6b3f16C:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\KERNELBASE.dllea7bf391-4e23-11e3-962c-20cf30f0ee8d Error: (11/10/2013 08:38:09 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a7da474801cede4beee6181bD:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dlla0141b8b-4a3f-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:34:35 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a4906ca001cede4acb58093aD:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dll2086432a-4a3f-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:26:25 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a49068e801cede4a9c5ab127D:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dllfcf1f2a2-4a3d-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:25:17 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a4906179801cede4a7b973807D:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dlld40dd1db-4a3d-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:24:15 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000c4575196c01cede483fe0e70fD:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dllaefa2850-4a3d-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:08:21 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a490314c801cede4833d07fe6D:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dll76d17839-4a3b-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:07:55 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a4e86134c01cede476e9ad2ebD:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dll66d98f0e-4a3b-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:02:17 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000a490614f401cede472f615bbdD:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dll9d631b32-4a3a-11e3-8086-20cf30f0ee8d Error: (11/10/2013 08:00:13 PM) (Source: Application Error)(User: ) Description: xrEngine.exe1.6.0.24b275197d3d11.dll6.2.9200.165705153774dc0000005000c458118b801cede458b7e5101D:\instalierte spiele\S.T.A.L.K.E.R. - Зов Припяти\bin\xrEngine.exeC:\Windows\system32\d3d11.dll537a3196-4a3a-11e3-8086-20cf30f0ee8d ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8183.11 MB Available physical RAM: 5784.72 MB Total Pagefile: 16364.41 MB Available Pagefile: 13707.48 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:33.97 GB) NTFS Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:532.08 GB) NTFS Drive f: (Battlefield 3) (CDROM) (Total:10.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: E5E92BED) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 09448128) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by slava105 (administrator) on SLAVA105-PC on 17-11-2013 09:50:38 Running from C:\Users\slava105\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe ( ) C:\Windows\system32\lxeccoms.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 MountPoints2: F - F:\setup.exe MountPoints2: L - L:\setup.exe MountPoints2: {6559c9ba-9111-11e1-ac18-20cf30f0ee8d} - G:\LaunchU3.exe -a MountPoints2: {6559c9ce-9111-11e1-ac18-20cf30f0ee8d} - L:\setup.exe MountPoints2: {fe511740-4470-11e3-9ebe-806e6f6e6963} - F:\setup.exe HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119677&tt=040413_9113&babsrc=HP_ss&mntrId=12B80019CB84CEB6 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6F63BBDCDDACD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119677&tt=040413_9113&babsrc=SP_ss&mntrId=12B80019CB84CEB6 SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\slava105\AppData\Roaming\Mozilla\Firefox\Profiles\t6dfr87b.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: BitComet 视频下载器 - C:\Users\slava105\AppData\Roaming\Mozilla\Firefox\Profiles\t6dfr87b.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF Extension: Adblock Plus - C:\Users\slava105\AppData\Roaming\Mozilla\Firefox\Profiles\t6dfr87b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.) R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( ) R2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe [598696 2010-04-14] ( ) ==================== Drivers (Whitelisted) ==================== R3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-03] (Duplex Secure Ltd.) S3 ZY202_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [1041920 2007-11-06] (Atheros Communications, Inc.) U3 al8dx1nj; C:\Windows\System32\Drivers\al8dx1nj.sys [0 ] (Microsoft Corporation) S3 ZDCNDIS6a64; \??\C:\Windows\system32\ZDCNDIS6a64.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296 C:\Windows\System32\DRIVERS\atikmpag.sys EE22D3ED6D55A855E709F811CCCA97ED C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrxusb.sys 788914C42AD8318F1DD7A565EAFFB049 C:\Windows\System32\drivers\AtihdW76.sys 437F55435623D4D54D36197F5AD8B435 C:\Windows\System32\DRIVERS\avgdiska.sys 0D75C5C4EBF3D8197448189A2F153116 C:\Windows\System32\DRIVERS\avgidsdrivera.sys 06963A6DE8B1C8F15A8E1053AE9505A4 C:\Windows\System32\DRIVERS\avgidsha.sys E4F5607D1437FFDEE33CADA40D256D4F C:\Windows\System32\DRIVERS\avgldx64.sys B010FF7C984FFFFFF019F2CF162F1DE8 C:\Windows\System32\DRIVERS\avgloga.sys F05BF4010D3F0E8C2D8CBFE45D7CFCE1 C:\Windows\System32\DRIVERS\avgmfx64.sys 4B459C2FCF22ECE548766B2FCF46F62C C:\Windows\System32\DRIVERS\avgrkx64.sys 66D00CC6F7D148980071F55F9056D450 C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudbus.sys 0B3F6C8F93C5C25977EA5A8B2E656357 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0 C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860 C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089 C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\drivers\nvhda64v.sys 805F0C2B9C07E4C0F74D0EF70E9E827A C:\Windows\System32\DRIVERS\nvlddmkm.sys EE6B7B6A54BCAFF516E30B1C15467495 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys 656736958178461D25B51BB0D9EC7D09 C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646 C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B C:\Windows\System32\DRIVERS\WlanGZG.sys AEC505976EF01BBD8F57CBA912F39259 C:\Windows\System32\Drivers\al8dx1nj.sys ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-17 09:26 - 2013-11-17 09:27 - 00000000 ____D C:\Users\slava105\AppData\Local\{C4060DC2-971E-4939-A813-4577975647BD} 2013-11-17 01:47 - 2013-11-17 09:50 - 00028125 _____ C:\Users\slava105\Desktop\FRST.txt 2013-11-17 01:47 - 2013-11-17 01:47 - 00022062 _____ C:\Users\slava105\Desktop\Addition.txt 2013-11-17 01:46 - 2013-11-16 18:03 - 01957794 _____ (Farbar) C:\Users\slava105\Desktop\FRST64.exe 2013-11-15 22:13 - 2013-11-15 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 21:58 - 2013-11-17 09:25 - 00000504 _____ C:\Windows\setupact.log 2013-11-15 19:30 - 2013-11-15 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{2FFC4633-5240-4091-9C96-E24A5A4276D5} 2013-11-15 19:21 - 2013-11-15 19:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{D011EB0D-2BEC-418B-8C33-8C2BCD902523} 2013-11-14 19:00 - 2013-11-14 19:00 - 00000000 ____D C:\Users\slava105\AppData\Local\{2CDE7954-3D8F-4291-856D-40895DEC284B} 2013-11-14 06:11 - 2013-11-14 06:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{3E51A7F0-6AA4-4C32-A363-4D9D10290D82} 2013-11-13 17:55 - 2013-11-13 17:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{9FD2879F-2249-4875-BE17-E256C10BDE4B} 2013-11-13 01:01 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 01:01 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 01:01 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 01:01 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 01:01 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 01:01 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 01:01 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 01:01 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 01:01 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 01:01 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 01:01 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 01:01 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-12 23:58 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-12 23:58 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-12 23:58 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-12 23:58 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-12 23:58 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-12 23:58 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-12 23:58 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-12 23:58 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-12 23:58 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-12 23:58 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-12 23:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-12 23:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-12 23:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-12 23:58 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-12 23:58 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-12 23:58 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-12 23:58 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-12 23:58 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-12 23:58 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-12 23:58 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-12 23:58 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-12 23:58 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-12 23:58 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-12 23:58 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-12 23:58 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-12 23:58 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-12 23:58 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-12 23:58 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-12 23:58 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-12 23:58 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-12 19:32 - 2013-11-12 19:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{3DADE7CB-F73C-433C-9D05-93E0404EC213} 2013-11-12 06:21 - 2013-11-12 06:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{B4C3C435-52D6-40BB-A9B2-D97FD8226F59} 2013-11-11 17:41 - 2013-11-11 17:41 - 00000000 ____D C:\Users\slava105\AppData\Local\{6A0B5DF9-D6FA-45F6-AD71-B8B0AC26529D} 2013-11-10 11:30 - 2013-11-10 11:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{FC1C82AC-502A-4FC6-9E85-1FC7C9920AC1} 2013-11-09 22:23 - 2013-11-09 22:23 - 00000000 ____D C:\Users\slava105\AppData\Local\{7BFD6E17-0D9D-486F-ABB6-4C284FD4DBA2} 2013-11-09 09:56 - 2013-11-09 09:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{83857D98-1110-4BA8-8526-F34F61F6D2DB} 2013-11-08 17:04 - 2013-11-08 17:04 - 00000861 _____ C:\Users\slava105\Desktop\G.L.A.D.I.A.T.O.R.II Время Альянса.lnk 2013-11-08 16:48 - 2013-11-08 18:37 - 00000000 ____D C:\Users\Public\Documents\S.T.A.L.K.E.R. - Зов Припяти 2013-11-08 16:48 - 2013-11-08 16:48 - 00001060 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Зов Припяти.lnk 2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{15FF85FC-9D2D-4361-8A1B-0B4B6D3EC8D6} 2013-11-07 19:48 - 2013-11-07 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{E7297515-720B-4B91-828C-2911C3E192AA} 2013-11-06 22:08 - 2013-11-06 22:11 - 246598160 _____ C:\Users\slava105\Downloads\kis14.0.0.4651de-de.exe 2013-11-06 21:47 - 2013-11-06 21:47 - 00000000 ____D C:\Users\slava105\AppData\Roaming\AVG2014 2013-11-06 21:46 - 2013-11-06 21:47 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-06 21:46 - 2013-11-06 21:46 - 00000981 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ___HD C:\$AVG 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\TuneUp Software 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Program Files (x86)\AVG 2013-11-06 21:43 - 2013-11-17 09:30 - 00000000 ____D C:\ProgramData\MFAData 2013-11-06 21:43 - 2013-11-06 21:49 - 00000000 ____D C:\Users\slava105\AppData\Local\Avg2014 2013-11-06 21:43 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\MFAData 2013-11-06 21:41 - 2013-11-06 21:43 - 151332384 _____ (AVG Technologies) C:\Users\slava105\Downloads\avg_free_x64_all_2014_4158a6730.exe 2013-11-06 17:27 - 2013-11-06 17:27 - 00000000 ____D C:\Users\slava105\AppData\Local\{C751596F-12D5-4434-8B42-2B2435294061} 2013-11-05 20:03 - 2013-11-05 20:03 - 00000000 ____D C:\Users\slava105\AppData\Local\{38ACA61A-5A3B-4D7D-9467-DB9EC00C12B6} 2013-11-05 06:19 - 2013-11-05 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{2F54987B-0805-4FB7-B29D-A84A6D92F1ED} 2013-11-04 18:16 - 2013-11-04 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{7DADA084-3A8F-4E45-AE7E-016EE67A1D07} 2013-11-03 23:12 - 2013-11-03 23:13 - 00000000 ____D C:\Users\slava105\AppData\Local\{C864ACD5-C6CF-4D3A-B9C3-782420155FBE} 2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Users\slava105\Documents\4A Games 2013-11-03 12:39 - 2013-11-03 12:39 - 00000000 ____D C:\Users\slava105\AppData\Local\4A Games 2013-11-03 12:26 - 2013-11-03 12:26 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-11-03 11:15 - 2013-11-03 11:15 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2013-11-03 11:15 - 2013-11-03 11:15 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Users\slava105\AppData\Roaming\OpenCandy 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-11-03 11:12 - 2013-11-03 11:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE55E47D-C73D-412C-9E71-9C176608D859} 2013-11-02 21:37 - 2013-11-02 21:38 - 00000000 ____D C:\Users\slava105\AppData\Local\{1D517693-7312-4882-AA9D-3161EE313F4B} 2013-11-02 09:01 - 2013-11-02 09:01 - 00000000 ____D C:\Users\slava105\AppData\Local\{72342429-D241-47E6-8B7A-1BA8E692F2CF} 2013-11-01 18:32 - 2013-11-01 18:33 - 00000000 ____D C:\Users\slava105\AppData\Local\{B6A1D8BD-BC7C-42C6-927C-478B916F85A8} 2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\Users\slava105\AppData\Local\{4478077E-DDF4-4149-ADA0-73CB70A149D2} 2013-10-30 18:16 - 2013-10-30 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{8F72FD3B-F611-4FCF-BDE7-FECBAC395268} 2013-10-29 19:29 - 2013-10-29 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{1FE1F28F-C12E-46C4-B3AA-CCF20B2012CF} 2013-10-28 23:57 - 2013-10-28 23:57 - 00000000 ____D C:\Users\slava105\AppData\Local\{4B94AE15-615E-4F14-8F93-D0C2F8A3A4B5} 2013-10-28 06:20 - 2013-10-28 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{6D9C44C7-72E3-42AB-A27A-B702963B3A2A} 2013-10-27 18:16 - 2013-10-27 18:17 - 00000000 ____D C:\Users\slava105\AppData\Local\{D26D0D79-B1DF-421B-B9B1-7D3C27D887FB} 2013-10-26 21:50 - 2013-10-26 21:50 - 00000000 ____D C:\Users\slava105\AppData\Local\{76ECF3B6-24CB-4827-9125-2E14F3BECC46} 2013-10-26 09:49 - 2013-10-26 09:49 - 00000000 ____D C:\Users\slava105\AppData\Local\{3CB1B08A-4BBB-4AD8-9F76-2454DD467622} 2013-10-25 18:51 - 2013-10-25 18:51 - 00000000 ____D C:\Users\slava105\AppData\Local\{425F5930-E3B3-4210-8263-BBA15C18A37F} 2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE972A3C-0F95-475F-BED3-C6F391984984} 2013-10-23 17:45 - 2013-10-23 17:46 - 00000000 ____D C:\Users\slava105\AppData\Local\{25105783-5F5A-4D7C-B6C2-4211B0873092} 2013-10-22 20:58 - 2013-10-22 20:59 - 00000000 ____D C:\Users\slava105\AppData\Local\{5743382A-986B-4511-BCA7-24CDE0BF9EBF} 2013-10-21 21:24 - 2013-10-21 21:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E139353-05B6-4D29-B2FC-E432AA5C2001} 2013-10-20 22:08 - 2013-10-20 22:09 - 00000000 ____D C:\Users\slava105\AppData\Local\{00D752B3-D169-4274-924D-6C81F1D2AAB8} 2013-10-20 10:08 - 2013-10-20 10:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{FD048A1B-2D3A-40AC-9533-E36599CCACF1} 2013-10-19 19:47 - 2013-10-19 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{8899983F-7B52-45CD-8F16-383D29A4CE59} ==================== One Month Modified Files and Folders ======= 2013-11-17 09:50 - 2013-11-17 01:47 - 00028125 _____ C:\Users\slava105\Desktop\FRST.txt 2013-11-17 09:36 - 2012-04-27 16:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-17 09:32 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-17 09:32 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-17 09:30 - 2013-11-06 21:43 - 00000000 ____D C:\ProgramData\MFAData 2013-11-17 09:30 - 2009-07-14 18:58 - 00686558 _____ C:\Windows\system32\perfh007.dat 2013-11-17 09:30 - 2009-07-14 18:58 - 00147686 _____ C:\Windows\system32\perfc007.dat 2013-11-17 09:30 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-17 09:29 - 2012-04-27 20:54 - 00000000 ____D C:\Users\slava105\AppData\Local\Adobe 2013-11-17 09:28 - 2012-07-30 17:47 - 01686374 _____ C:\Windows\WindowsUpdate.log 2013-11-17 09:27 - 2013-11-17 09:26 - 00000000 ____D C:\Users\slava105\AppData\Local\{C4060DC2-971E-4939-A813-4577975647BD} 2013-11-17 09:27 - 2012-04-27 16:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-17 09:27 - 2012-04-27 16:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-17 09:27 - 2012-04-27 16:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-17 09:25 - 2013-11-15 21:58 - 00000504 _____ C:\Windows\setupact.log 2013-11-17 09:25 - 2013-09-25 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-17 09:25 - 2013-03-30 16:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-17 09:25 - 2012-04-27 15:46 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-11-17 09:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-17 01:47 - 2013-11-17 01:47 - 00022062 _____ C:\Users\slava105\Desktop\Addition.txt 2013-11-17 01:11 - 2012-04-27 15:39 - 00000000 ___RD C:\Users\slava105\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-16 18:03 - 2013-11-17 01:46 - 01957794 _____ (Farbar) C:\Users\slava105\Desktop\FRST64.exe 2013-11-15 22:13 - 2013-11-15 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 19:50 - 2012-04-27 17:50 - 00000000 ____D C:\Windows\Minidump 2013-11-15 19:30 - 2013-11-15 19:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{2FFC4633-5240-4091-9C96-E24A5A4276D5} 2013-11-15 19:30 - 2013-05-20 17:52 - 00000000 ____D C:\Users\slava105\AppData\Local\CrashDumps 2013-11-15 19:21 - 2013-11-15 19:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{D011EB0D-2BEC-418B-8C33-8C2BCD902523} 2013-11-14 19:00 - 2013-11-14 19:00 - 00000000 ____D C:\Users\slava105\AppData\Local\{2CDE7954-3D8F-4291-856D-40895DEC284B} 2013-11-14 06:12 - 2013-11-14 06:11 - 00000000 ____D C:\Users\slava105\AppData\Local\{3E51A7F0-6AA4-4C32-A363-4D9D10290D82} 2013-11-13 17:56 - 2013-11-13 17:55 - 00000000 ____D C:\Users\slava105\AppData\Local\{9FD2879F-2249-4875-BE17-E256C10BDE4B} 2013-11-13 01:01 - 2012-04-27 18:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 01:00 - 2013-08-14 22:38 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 01:00 - 2012-04-27 17:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-12 19:32 - 2013-11-12 19:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{3DADE7CB-F73C-433C-9D05-93E0404EC213} 2013-11-12 06:21 - 2013-11-12 06:21 - 00000000 ____D C:\Users\slava105\AppData\Local\{B4C3C435-52D6-40BB-A9B2-D97FD8226F59} 2013-11-12 06:20 - 2012-04-27 20:37 - 00023402 _____ C:\ProgramData\lxecscan.log 2013-11-11 21:38 - 2012-05-03 16:39 - 00000000 ____D C:\Users\slava105\AppData\Roaming\BitComet 2013-11-11 17:41 - 2013-11-11 17:41 - 00000000 ____D C:\Users\slava105\AppData\Local\{6A0B5DF9-D6FA-45F6-AD71-B8B0AC26529D} 2013-11-10 18:44 - 2013-02-24 20:01 - 00006677 _____ C:\Users\Public\Documents\stalke~1.ltx 2013-11-10 11:30 - 2013-11-10 11:30 - 00000000 ____D C:\Users\slava105\AppData\Local\{FC1C82AC-502A-4FC6-9E85-1FC7C9920AC1} 2013-11-09 22:23 - 2013-11-09 22:23 - 00000000 ____D C:\Users\slava105\AppData\Local\{7BFD6E17-0D9D-486F-ABB6-4C284FD4DBA2} 2013-11-09 09:56 - 2013-11-09 09:56 - 00000000 ____D C:\Users\slava105\AppData\Local\{83857D98-1110-4BA8-8526-F34F61F6D2DB} 2013-11-08 18:37 - 2013-11-08 16:48 - 00000000 ____D C:\Users\Public\Documents\S.T.A.L.K.E.R. - Зов Припяти 2013-11-08 17:04 - 2013-11-08 17:04 - 00000861 _____ C:\Users\slava105\Desktop\G.L.A.D.I.A.T.O.R.II Время Альянса.lnk 2013-11-08 16:48 - 2013-11-08 16:48 - 00001060 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Зов Припяти.lnk 2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{15FF85FC-9D2D-4361-8A1B-0B4B6D3EC8D6} 2013-11-07 19:48 - 2013-11-07 19:48 - 00000000 ____D C:\Users\slava105\AppData\Local\{E7297515-720B-4B91-828C-2911C3E192AA} 2013-11-06 22:11 - 2013-11-06 22:08 - 246598160 _____ C:\Users\slava105\Downloads\kis14.0.0.4651de-de.exe 2013-11-06 21:49 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\Avg2014 2013-11-06 21:47 - 2013-11-06 21:47 - 00000000 ____D C:\Users\slava105\AppData\Roaming\AVG2014 2013-11-06 21:47 - 2013-11-06 21:46 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-06 21:46 - 2013-11-06 21:46 - 00000981 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ___HD C:\$AVG 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\TuneUp Software 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Program Files (x86)\AVG 2013-11-06 21:43 - 2013-11-06 21:43 - 00000000 ____D C:\Users\slava105\AppData\Local\MFAData 2013-11-06 21:43 - 2013-11-06 21:41 - 151332384 _____ (AVG Technologies) C:\Users\slava105\Downloads\avg_free_x64_all_2014_4158a6730.exe 2013-11-06 17:27 - 2013-11-06 17:27 - 00000000 ____D C:\Users\slava105\AppData\Local\{C751596F-12D5-4434-8B42-2B2435294061} 2013-11-05 23:17 - 2012-04-27 17:11 - 00000000 ____D C:\Users\slava105\AppData\Roaming\Skype 2013-11-05 20:03 - 2013-11-05 20:03 - 00000000 ____D C:\Users\slava105\AppData\Local\{38ACA61A-5A3B-4D7D-9467-DB9EC00C12B6} 2013-11-05 19:50 - 2013-05-20 08:23 - 00000000 ____D C:\ProgramData\Norton 2013-11-05 11:55 - 2012-04-27 20:39 - 00000000 ____D C:\ProgramData\Lx_cats 2013-11-05 11:51 - 2012-04-27 20:47 - 00004294 _____ C:\ProgramData\lxecJSW.log 2013-11-05 06:20 - 2013-11-05 06:19 - 00000000 ____D C:\Users\slava105\AppData\Local\{2F54987B-0805-4FB7-B29D-A84A6D92F1ED} 2013-11-04 18:16 - 2013-11-04 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{7DADA084-3A8F-4E45-AE7E-016EE67A1D07} 2013-11-03 23:13 - 2013-11-03 23:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{C864ACD5-C6CF-4D3A-B9C3-782420155FBE} 2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Users\slava105\Documents\4A Games 2013-11-03 12:39 - 2013-11-03 12:39 - 00000000 ____D C:\Users\slava105\AppData\Local\4A Games 2013-11-03 12:38 - 2013-09-28 21:46 - 00000000 ____D C:\Users\slava105\AppData\Roaming\NVIDIA 2013-11-03 12:26 - 2013-11-03 12:26 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-11-03 11:15 - 2013-11-03 11:15 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2013-11-03 11:15 - 2013-11-03 11:15 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Users\slava105\AppData\Roaming\OpenCandy 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-11-03 11:15 - 2013-11-03 11:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2013-11-03 11:12 - 2013-11-03 11:12 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE55E47D-C73D-412C-9E71-9C176608D859} 2013-11-02 22:10 - 2013-04-10 17:50 - 00000000 ____D C:\Windows\rescache 2013-11-02 21:38 - 2013-11-02 21:37 - 00000000 ____D C:\Users\slava105\AppData\Local\{1D517693-7312-4882-AA9D-3161EE313F4B} 2013-11-02 20:23 - 2013-01-11 20:08 - 00000000 ____D C:\Users\slava105\AppData\Roaming\vlc 2013-11-02 09:01 - 2013-11-02 09:01 - 00000000 ____D C:\Users\slava105\AppData\Local\{72342429-D241-47E6-8B7A-1BA8E692F2CF} 2013-11-01 18:33 - 2013-11-01 18:32 - 00000000 ____D C:\Users\slava105\AppData\Local\{B6A1D8BD-BC7C-42C6-927C-478B916F85A8} 2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\Users\slava105\AppData\Local\{4478077E-DDF4-4149-ADA0-73CB70A149D2} 2013-10-30 18:16 - 2013-10-30 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{8F72FD3B-F611-4FCF-BDE7-FECBAC395268} 2013-10-29 19:30 - 2013-10-29 19:29 - 00000000 ____D C:\Users\slava105\AppData\Local\{1FE1F28F-C12E-46C4-B3AA-CCF20B2012CF} 2013-10-28 23:57 - 2013-10-28 23:57 - 00000000 ____D C:\Users\slava105\AppData\Local\{4B94AE15-615E-4F14-8F93-D0C2F8A3A4B5} 2013-10-28 06:20 - 2013-10-28 06:20 - 00000000 ____D C:\Users\slava105\AppData\Local\{6D9C44C7-72E3-42AB-A27A-B702963B3A2A} 2013-10-27 18:17 - 2013-10-27 18:16 - 00000000 ____D C:\Users\slava105\AppData\Local\{D26D0D79-B1DF-421B-B9B1-7D3C27D887FB} 2013-10-26 21:50 - 2013-10-26 21:50 - 00000000 ____D C:\Users\slava105\AppData\Local\{76ECF3B6-24CB-4827-9125-2E14F3BECC46} 2013-10-26 09:49 - 2013-10-26 09:49 - 00000000 ____D C:\Users\slava105\AppData\Local\{3CB1B08A-4BBB-4AD8-9F76-2454DD467622} 2013-10-25 18:51 - 2013-10-25 18:51 - 00000000 ____D C:\Users\slava105\AppData\Local\{425F5930-E3B3-4210-8263-BBA15C18A37F} 2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 ____D C:\Users\slava105\AppData\Local\{CE972A3C-0F95-475F-BED3-C6F391984984} 2013-10-23 17:46 - 2013-10-23 17:45 - 00000000 ____D C:\Users\slava105\AppData\Local\{25105783-5F5A-4D7C-B6C2-4211B0873092} 2013-10-22 20:59 - 2013-10-22 20:58 - 00000000 ____D C:\Users\slava105\AppData\Local\{5743382A-986B-4511-BCA7-24CDE0BF9EBF} 2013-10-21 21:24 - 2013-10-21 21:24 - 00000000 ____D C:\Users\slava105\AppData\Local\{9E139353-05B6-4D29-B2FC-E432AA5C2001} 2013-10-20 22:09 - 2013-10-20 22:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{00D752B3-D169-4274-924D-6C81F1D2AAB8} 2013-10-20 10:08 - 2013-10-20 10:08 - 00000000 ____D C:\Users\slava105\AppData\Local\{FD048A1B-2D3A-40AC-9533-E36599CCACF1} 2013-10-19 19:48 - 2013-10-19 19:47 - 00000000 ____D C:\Users\slava105\AppData\Local\{8899983F-7B52-45CD-8F16-383D29A4CE59} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {133957ce-907e-11e1-a898-aade04079143} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {133957d0-907e-11e1-a898-aade04079143} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {133957ce-907e-11e1-a898-aade04079143} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {133957d0-907e-11e1-a898-aade04079143} device ramdisk=[C:]\Recovery\133957d0-907e-11e1-a898-aade04079143\Winre.wim,{133957d1-907e-11e1-a898-aade04079143} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\133957d0-907e-11e1-a898-aade04079143\Winre.wim,{133957d1-907e-11e1-a898-aade04079143} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {133957ce-907e-11e1-a898-aade04079143} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Gerateoptionen -------------- Bezeichner {133957d1-907e-11e1-a898-aade04079143} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\133957d0-907e-11e1-a898-aade04079143\boot.sdi LastRegBack: 2013-11-02 21:32 ==================== End Of Log ============================ |
17.11.2013, 21:03 | #6 |
/// TB-Ausbilder | neuer Bundestrojaner - abgesicherter Modus geht nicht Wie läuft der Rechner jetzt? Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ --> neuer Bundestrojaner - abgesicherter Modus geht nicht |
07.01.2014, 15:05 | #7 |
/// TB-Ausbilder | neuer Bundestrojaner - abgesicherter Modus geht nicht Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu neuer Bundestrojaner - abgesicherter Modus geht nicht |
.com, adobe, adobe flash player, association, avg, crypt, explorer, explorer.exe, farbar recovery scan tool, flash player, helper, home, kis, launch, log, microsoft, mozilla, neue, nvidia, registry, secure, services.exe, software, svchost.exe, system, temp, winlogon, winlogon.exe |