| |
| |||||||
Log-Analyse und Auswertung: Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein NetzwerkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.04.2014, 14:34
| #1 |
| |  Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk Hallo und Frohe Ostern! Leider hat sich ein faules Ei in meinem Laptop eingenistet  Zuerst dachte ich, ich wäre vielleicht in einem Funkloch, aber auch in der Nähe des Routers fand mein PC kein Netzwerk. Das machte mich etwas stutzig. Die Mitteilung, daß das Sicherheitscenter wieder eingeschaltet werden muss, war für mich das Indiz dafür, daß da was nicht stimmt und ich wahrscheinlich ein Opfer eines Viruses bin oder vermutlich mehrerer Viren. Ich probierte durch die Wiederherstellung das Problem zu lösen, was leider nichts bewirkte. Der abgesicherte Modus fährt sofort wieder runter - also keine Chance. Nicht einmal der Modus mit Eingabeaufforderung! Ich sitze grad an einem zweiten PC und hoffe so das Problem mit Eurer teuren Hilfe lösen zu können. Ich bin die Checkliste durchgegangen und habe die Logfiles angehängt. Ich verwende ClamWinFree, dessen Report ebenfalls angehängen wollte, aber was sich nicht speichern ließ. Leider hat sich auch nach dem Scan mit ClamWin nichts geändert.Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by doktagc (administrator) on DOKTAGC_LAPTOP on 20-04-2014 17:18:21
Running from C:\Users\doktagc\Desktop\trojaner_board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ICT7 S.A. - www.ict7.com) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2092648 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\wavav0bdtzbtb43b.bat [67 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\Run: [Spotify Web Helper] => C:\Users\doktagc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-03] (Spotify Ltd)
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {22f7a763-cbfb-11e0-bf1e-e06995611815} - G:\Launcher\LAUNCHER.EXE
HKU\S-1-5-21-981922040-252109876-1569448898-1000\...\MountPoints2: {c097bd10-9ebd-11e1-9626-e06995611815} - H:\LaunchU3.exe -a
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imq1zjrjg.lnk
ShortcutTarget: imq1zjrjg.lnk -> C:\ProgramData\2992199F9A\gjrjz1qmi.cpp (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default
FF user.js: detected! => C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TrackMeNot - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2012-03-22]
FF Extension: Foxtab Speed Dial - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]
FF Extension: Adblock Edge - C:\Users\doktagc\AppData\Roaming\Mozilla\Firefox\Profiles\62eas6jd.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
==================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CPVNM; C:\Program Files\CopperLan\CPVNM\CPVNM.exe [1177088 2012-12-12] (ICT7 S.A. - www.ict7.com)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-04-24] ()
S2 Winmgmt; C:\ProgramData\2992199F9A\imq1zjrjg.faa [332020 2014-04-17] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
S3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ak1avs_x64; C:\Windows\System32\Drivers\ak1avs_x64.sys [45136 2009-10-08] (Native Instruments GmbH)
S3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [98384 2011-04-11] (Native Instruments GmbH)
S3 ak1usb_x64; C:\Windows\System32\Drivers\ak1usb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R2 CPoEthProt; C:\Windows\System32\DRIVERS\CPoEthProt.sys [25368 2012-06-06] (ICT7 S.A.)
R3 CPVMidi; C:\Windows\System32\DRIVERS\CPVMidi.sys [28408 2011-09-21] (ICT7 S.A. - www.ict7.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-21] (DT Soft Ltd)
S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
S3 mmxavs; C:\Windows\System32\Drivers\mmxavs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 mmxusb_svc; C:\Windows\System32\Drivers\mmxusb.sys [45648 2011-09-15] (Native Instruments GmbH)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2013-03-11] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2013-05-01] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2013-05-01] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2013-05-01] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2013-05-01] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2013-05-01] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2013-05-01] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2013-05-01] (MCCI Corporation)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2010-11-22] (Cristalink Ltd)
S3 SL3; C:\Windows\System32\Drivers\Sl3.sys [57448 2010-11-22] (Cristalink Ltd)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-08-21] (Duplex Secure Ltd.)
S3 TTM57SLUsb; C:\Windows\System32\Drivers\TTM57SLUsb.sys [50296 2010-11-22] (Cristalink Ltd)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-12-01] (X10 Wireless Technology, Inc.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 17:18 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:13 - 2014-04-20 17:18 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-17 19:51 - 2014-04-17 19:52 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:30 - 2014-04-17 20:57 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-03-23 15:42 - 2014-03-23 15:44 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:26 - 2014-03-22 02:33 - 652062414 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif
2014-03-21 21:54 - 2014-03-21 22:04 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_09_2013
2014-03-21 21:54 - 2014-03-21 22:04 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_03_2014
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-20 17:18 - 2014-04-20 17:18 - 00000000 ____D () C:\FRST
2014-04-20 17:18 - 2014-04-20 17:13 - 00000000 ____D () C:\Users\doktagc\Desktop\trojaner_board
2014-04-20 17:17 - 2011-08-20 12:13 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Dropbox
2014-04-20 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 17:16 - 2014-04-20 17:16 - 00000188 _____ () C:\Users\doktagc\defogger_reenable
2014-04-20 17:16 - 2011-08-19 17:01 - 00000000 ____D () C:\Users\doktagc
2014-04-20 17:16 - 2011-08-19 16:57 - 01714680 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 17:16 - 2009-07-14 06:51 - 00225707 _____ () C:\Windows\setupact.log
2014-04-20 17:16 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 17:16 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 06:55 - 2012-11-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-18 06:55 - 2012-08-27 21:19 - 00000000 ____D () C:\Users\Mcx1-DOKTAGC_LAPTOP.doktagc_laptop
2014-04-18 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 21:39 - 2014-03-17 18:38 - 00000296 _____ () C:\Windows\Tasks\FoxTab.job
2014-04-17 21:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 20:58 - 2012-04-05 09:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 20:57 - 2014-04-17 09:30 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-17 19:52 - 2014-04-17 19:51 - 00000000 ____D () C:\Users\doktagc\Desktop\GCNU-TestMasterWAVS
2014-04-17 09:30 - 2011-08-19 17:02 - 00000000 ___RD () C:\Users\doktagc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 09:27 - 2011-02-10 21:25 - 00696984 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 09:27 - 2011-02-10 21:25 - 00148248 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 09:27 - 2009-07-14 07:13 - 01612924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 09:24 - 2013-02-12 11:02 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1E38899-A7AC-4545-9BF9-C5109ED06AD8}
2014-04-17 09:21 - 2011-08-20 12:16 - 00000000 ___RD () C:\Users\doktagc\Dropbox
2014-04-13 03:11 - 2011-10-04 15:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-13 03:10 - 2011-08-21 12:37 - 00000000 ____D () C:\Users\doktagc\AppData\Roaming\Skype
2014-04-10 19:50 - 2010-11-21 05:47 - 00021508 _____ () C:\Windows\PFRO.log
2014-04-10 01:14 - 2011-08-19 17:04 - 00000000 ____D () C:\Users\doktagc\AppData\Local\Google
2014-04-10 01:14 - 2011-08-19 16:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-10 01:10 - 2014-04-10 01:10 - 00884680 _____ (Google Inc.) C:\Users\doktagc\Downloads\ChromeSetup.exe
2014-04-01 00:39 - 2014-03-17 18:38 - 00000075 _____ () C:\Users\doktagc\AppData\Roaming\WB.CFG
2014-03-23 15:44 - 2014-03-23 15:42 - 05822512 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif.gpk
2014-03-23 15:23 - 2012-05-03 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 02:33 - 2014-03-23 15:26 - 652062414 _____ () C:\Users\doktagc\Desktop\doomdubberzlive.aif
2014-03-21 22:04 - 2014-03-21 21:54 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_09_2013
2014-03-21 22:04 - 2014-03-21 21:54 - 00000000 ____D () C:\Users\doktagc\Desktop\Beatport_03_2014
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\doktagc\AppData\Roaming\skype.dat
Some content of TEMP:
====================
C:\Users\doktagc\AppData\Local\Temp\DivXSetup.exe
C:\Users\doktagc\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\doktagc\AppData\Local\Temp\ICReinstall_FileZilla_3.2.7.1_win32-setup.exe
C:\Users\doktagc\AppData\Local\Temp\vtyx.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 20:50
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by doktagc at 2014-04-20 17:19:17
Running from C:\Users\doktagc\Desktop\trojaner_board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.1217.35202 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.1217.35202 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Automap 4.4 (HKLM\...\Automap Universal_is1) (Version: 4.4 - Focusrite Audio Engineering Ltd.)
BeatportDownloader (HKLM-x32\...\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1) (Version: 1.003 - Beatport LLC)
BeatportDownloader (x32 Version: 1.003 - Beatport LLC) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Age (HKLM-x32\...\Steam App 232790) (Version: - Double Fine Productions)
ByteScout BarCode Generator 3.20.590 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version: - Bytescout Software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClamWin Free Antivirus 0.98.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CopperLan uninstall (HKLM-x32\...\CopperLan) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) C++ Redistributables for Windows* on IA-32 (HKLM-x32\...\{1E958728-CFA3-454A-A2D6-42A9FF718480}) (Version: 11.1.048 - Intel Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{124E908C-C9B3-4AD8-8D1F-728E12A60ACA}) (Version: 11.1.051 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2226 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
Mp3tag v2.51 (HKLM-x32\...\Mp3tag) (Version: v2.51 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version: - Native Instruments)
Native Instruments Audio Kontrol 1 Driver (Version: 2.0.15.007 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.4.1182 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.4.1182 - Native Instruments) Hidden
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version: - Native Instruments)
Native Instruments Maschine (Version: 1.8.2.247 - Native Instruments) Hidden
Native Instruments Maschine Controller (HKLM-x32\...\Native Instruments Maschine Controller) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Maschine Mikro (HKLM-x32\...\Native Instruments Maschine Mikro) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (Version: 3.0.4.719 - Native Instruments) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Massive (Version: 1.3.1.129 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Novation USB Audio Driver 2.3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.3 - Novation DMS Ltd.)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0017 - Pegatron Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Rebeat (HKLM-x32\...\Rebeat_is1) (Version: 1.340.6 - Rebeat)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SimCity 3000 (HKLM-x32\...\SimCity 3000) (Version: - )
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Thesys (HKLM-x32\...\Thesys) (Version: 1.0 - Sugar Bytes)
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
TT-Dynamic-Range 1.1 (HKLM-x32\...\TT-Dynamic-Range 1.1) (Version: - )
UltraNova Editor 1.1.2 (HKLM\...\{04351EBB-5491-4279-B59A-D96ED9296A85}}_is1) (Version: 1.1.2 - Focusrite Audio Engineering Limited)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0B07F4D5-DC6C-4C53-AD8A-4AE42B6809EC} - System32\Tasks\{64D215F3-00D3-40F1-A185-15DA2B2C9031} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {122D32F8-2045-45C1-8F5F-F003318F0389} - System32\Tasks\FoxTab => C:\Users\doktagc\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {2F127C2E-E2E3-4E26-94E3-FBE520C0BA28} - System32\Tasks\{D13C65F6-E20E-452D-B8DB-71046073C994} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.3\MonomeSerial.exe
Task: {33156EC2-473E-4D5C-B6EF-A31BE3058B67} - System32\Tasks\{DD3C4AA0-B093-45CA-B726-7BC3542DEC5D} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {496BB81F-DB81-4589-BBBC-DC5E7A3D6CFA} - System32\Tasks\{3CB3FCDD-2897-4730-9D22-9902919A7E77} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {4B22F94B-9DF3-4B22-973B-E05FA8222F50} - System32\Tasks\{295455FD-1CE3-49AD-831F-262AA6BC335A} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {54292B79-5862-4BA4-8C79-813A73ABAF73} - System32\Tasks\{D4224549-6B8B-4710-8328-249380D625E1} => E:\LSL3\INSTALL.EXE
Task: {5497A191-249A-4C6D-9446-D41BEFD66CEC} - System32\Tasks\{FDA186E6-F50B-46A2-9711-32E5D92A5AA0} => C:\Users\doktagc\Downloads\Sony_EricssonPC_Suite_2_1046.exe [2013-05-01] ()
Task: {7DB9139A-E62C-47D5-8E64-24B339FC3561} - System32\Tasks\{DF14A9E1-3454-4870-8CC2-AF24A808F5A2} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {90AEBC30-3E3C-4A34-8BFE-F99EA8B1F750} - System32\Tasks\{F82BC7D4-7061-4E01-B64A-0AA4DB87D1B8} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {A737937A-E6D2-41DC-83DA-38B6872882E4} - System32\Tasks\{B54DD49A-B50A-4CD9-B75F-428354B84ED5} => C:\Program Files\Maxis\SimCity 2000\SIMCITY.EXE [2013-09-19] (Maxis, Inc.)
Task: {B44A66AB-2912-4CA5-9751-12A7618C68AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D3DB6383-7F0A-478C-BFA2-515B816A4A72} - System32\Tasks\{F375B75B-0913-4BD6-AA5C-CAD05522B394} => C:\Program Files (x86)\monome\Monome Serial 0.2.1.5\MonomeSerial.exe
Task: {E68DC764-E816-46B5-BE6F-AC13BC3691E4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EECA56C1-01F2-432B-8DCF-53113577699B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-DOKTAGC_LAPTOP => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\doktagc\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-11 18:19 - 2009-12-19 01:40 - 00104968 ____R () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-03-11 18:19 - 2010-04-24 04:13 - 00159752 ____R () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-10-28 15:29 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-10-11 14:30 - 2012-10-11 14:30 - 00044032 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoNet.clp
2012-03-05 10:05 - 2012-03-05 10:05 - 00081408 _____ () C:\Program Files\CopperLan\CPVNM\CLP\CLoUSB.clp
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-12-18 09:58 - 2008-04-19 17:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2011-03-11 18:19 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-03-11 18:19 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-03-11 18:19 - 2009-12-19 01:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\doktagc\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-18 09:58 - 2005-02-08 18:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2012-12-18 09:58 - 2004-11-20 04:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2012-12-18 09:58 - 2004-10-11 21:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2012-12-18 09:58 - 2004-05-25 22:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2012-12-18 09:58 - 2004-05-25 22:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2012-12-18 09:58 - 2004-05-25 22:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2012-12-18 09:58 - 2004-05-25 22:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2012-12-18 09:58 - 2004-10-11 21:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2012-12-18 09:58 - 2004-11-20 04:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2012-12-18 09:58 - 2004-01-15 15:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2012-12-18 09:58 - 2004-11-20 04:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2012-12-18 09:58 - 2003-10-01 14:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2012-12-18 09:58 - 2003-10-01 12:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2012-12-18 09:58 - 2003-08-10 10:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2012-12-18 09:58 - 2004-05-25 22:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2012-12-18 09:58 - 2004-05-25 22:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\doktagc:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:faeOqa2Tja2OpmtKgDYU
AlternateDataStreams: C:\ProgramData\Microsoft:Mj5t13c78HsvhxA5u3LYECqtQAo
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\doktagc\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\Cookies:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Lokale Einstellungen:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\doktagc\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:6786XXKc9Jk7X1OewaZndg
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Anwendungsdaten:pXvPbpFfI7rDkHo0M1lznYMcBa
AlternateDataStreams: C:\Users\doktagc\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\doktagc\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^doktagc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wavav0bdtzbtb43b.lnk => C:\Windows\pss\wavav0bdtzbtb43b.lnk.Startup
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/17/2014 09:20:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/16/2014 08:32:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:18:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (04/20/2014 05:25:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:25:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:24:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:24:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:23:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:23:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:22:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:22:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:21:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (04/20/2014 05:21:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:21:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/17/2014 09:20:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/16/2014 08:32:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:18:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/13/2014 03:06:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3893.14 MB
Available physical RAM: 2633.58 MB
Total Pagefile: 7784.48 MB
Available Pagefile: 6448.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:225.36 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-20 17:43:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\doktagc\AppData\Local\Temp\kwlorkog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 00000000732c13c6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 00000000732c13f6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 00000000732c14ad 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 00000000732c14db 2 bytes [2C, 73]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 00000000732c1577 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 00000000732c15d7 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 00000000732c1794 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 00000000732c18c1 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 0000000072c01a22 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 0000000072c01ad0 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 0000000072c01b08 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 0000000072c01bba 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2684] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 0000000072c01bda 2 bytes [C0, 72]
.text C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2460] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 26 00000000732c13c6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 74 00000000732c13f6 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 257 00000000732c14ad 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 303 00000000732c14db 2 bytes [2C, 73]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 79 00000000732c1577 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 175 00000000732c15d7 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 620 00000000732c1794 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 921 00000000732c18c1 2 bytes [2C, 73]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 0000000072c01a22 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 0000000072c01ad0 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 0000000072c01b08 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 0000000072c01bba 2 bytes [C0, 72]
.text C:\Windows\SysWOW64\rundll32.exe[2588] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 0000000072c01bda 2 bytes [C0, 72]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2504] entry point in ".rdata" section 00000000743671e6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3856:4032] 000007fef27f9688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3784:2336] 000007fefbdc2ab8
---- Processes - GMER 2.1 ----
Library c:\progra~3\2992199f9a\imq1zjrjg.faa (*** suspicious ***) @ C:\Windows\system32\svchost.exe [128] (Non-COM WMI Event Provision APIs/Microsoft Corporation)(2014-04- 00000000732d0000
Library c:\progra~3\2992199f9a\imq1zjrjg.faa (*** suspicious ***) @ C:\Windows\Explorer.EXE [2632] (Non-COM WMI Event Provision APIs/Microsoft Corporation)(2014-04-17 07:31:07) 00000000732d0000
Library c:\progra~3\299219~1\gjrjz1qmi.cpp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2684] (Internet Connection Wizard/Microsoft Corporation)(2014-04-17 07: 0000000000400000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2014-01-03 00:45:04) 0000000004010000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460](2013-10-18 23:55:02) 000000006fa10000
Library C:\Users\doktagc\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\doktagc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2460] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006f080000
Library C:\PROGRA~3\299219~1\gjrjz1qmi.cpp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2588] (Internet Connection Wizard/Microsoft Corporation)(2014-04-17 07: 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x2C 0x51 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x0B 0xC7 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xC6 0xFB 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x2C 0x51 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x0B 0xC7 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x08 0xC6 0xFB 0x66 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk |
| browser, checkliste, desktop, device driver, downloader, error, ftp, icreinstall, iexplore.exe, java/exploit.agent.oea, kein netzwerk, msiexec.exe, pup.optional.conduit.a, pup.optional.opencandy, realtek, scan, security, software, spotify web helper, svchost.exe, system, trojaner, usb, win32/kryptik.begm, win32/kryptik.cabk, win32/startpage.oph, win64/reveton.a, windows |
Baum-Darstellung