Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 startet nicht, schwarzer BS, ...

Win7 startet nicht, schwarzer BS, ...


Log-Analyse und Auswertung: Win7 startet nicht, schwarzer BS, ...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.04.2015, 21:20   #1
RayParker
 
Win7 startet nicht, schwarzer BS, ... - Standard

Win7 startet nicht, schwarzer BS, ...


Hallo, ich habe bereits viel recherchiert, hier und anderswo, nichts passt richtig:
Mein PC startet beim ersten Mal meist nicht mehr (kein Mauszeiger, kein Bluescreen), erst beim "Kaltstart".
Systemstartreparatur u. Tweaking.com-Windows Repair finden nichts, Windows lässt sich beim zweiten Versuch aber auch normal starten.
Eine von zwei externen Festplatten wird nicht erkannt (muss erst aus- und wieder eingesteckt werden) und auch meist nicht mit runtergefahren.
Außerdem fährt der PC meist nicht herunter (bleibt bei "Herunterfahren"-Bildschirm hängen).
Explorer bleibt oft hängen (keine Rückmeldung), kein Task-beenden möglich.
Geräuschmäßig ist alles normal (Festplatte summt leicht, normale Lüftergeräusche), auch HDScan oder so hatte nichts zu beanstanden.

Kann mir bitte jemand helfen? Vielen Dank!

Ich poste schon mal, was ich habe (defogger ohne Beanstandung, daher kein Logfile):

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by admin (administrator) on ADMIN-PC on 21-04-2015 20:21:40
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(G DATA Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\admin\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6695456 2008-12-02] (Realtek Semiconductor)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-05-25] (RealNetworks, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1410344 2007-10-15] (Nero AG)
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [145496 2007-03-21] (Pinnacle Systems)
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2011-08-13] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010-03-06]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-2768590567-3162752184-885813804-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM -> {8A96AF9E-4074-43b7-BEA3-87217BDA7403} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=403&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2768590567-3162752184-885813804-1004 -> {64694918-CA94-4B4C-A82B-121E4FB71A37} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2768590567-3162752184-885813804-1004 -> {8A96AF9E-4074-43b7-BEA3-87217BDA7403} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=403&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2768590567-3162752184-885813804-1004 -> {F9ADB875-E0A9-43BD-AD13-1974E2A85919} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-25] (RealPlayer)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2768590567-3162752184-885813804-1004 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  No File []
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-05-25] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-05-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-05-25] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\searchplugins\icq.xml [2013-01-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-09]
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: preisspion.de - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\at5r9ho1.default\Extensions\finder@meingutscheincode.de.xpi [2011-06-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-08-10]
FF HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF HKU\S-1-5-21-2768590567-3162752184-885813804-1004\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-21]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-21]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-21]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-21]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-21]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-21]
CHR Extension: (Bookmark Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-10-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-02] (SUPERAntiSpyware.com)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-08-01] (Freemake) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S2 Fun4IM Coordinator; "C:\PROGRA~1\Fun4IM\Bandoo.exe" [X]
S3 ServiceLayer; "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2010-11-20] () [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-03-31] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-03-31] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-03-31] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-03-31] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-03-31] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-04-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-09-12] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-03-31] (G Data Software AG)
R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2010-11-20] () [File not signed]
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2003-03-25] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [21216 2003-03-25] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5728 2003-03-25] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [40256 2003-03-25] (Logitech Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 gel90xne; \??\C:\Users\admin\AppData\Local\Temp\gel90xne.sys [X]
S1 GLogin; No ImagePath
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 20:17 - 2015-04-21 20:18 - 01139200 _____ (Farbar) C:\Users\admin\Downloads\FRST (1).exe
2015-04-21 20:15 - 2015-04-21 20:15 - 00050477 _____ () C:\Users\admin\Downloads\Defogger (1).exe
2015-04-19 13:44 - 2015-04-19 14:02 - 00000000 ____D () C:\Users\admin\Documents\Kosovo 1999
2015-04-18 19:04 - 2015-04-18 19:05 - 01079280 _____ (Uniblue Systems Limited ) C:\Users\admin\Downloads\pcmechanicpm.exe
2015-04-15 20:55 - 2015-04-15 20:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Home-Premium-(32-bit).dat
2015-04-15 20:55 - 2015-04-15 20:55 - 00000000 ____D () C:\RegBackup
2015-04-15 20:23 - 2015-04-15 20:23 - 00002121 _____ () C:\Users\admin\Desktop\Tweaking.com - Windows Repair.lnk
2015-04-15 20:23 - 2015-04-15 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-15 20:22 - 2015-04-15 20:22 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-15 20:20 - 2015-04-15 20:21 - 12850184 _____ () C:\Users\admin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-04-15 20:18 - 2015-04-15 20:19 - 00000000 ____D () C:\Users\admin\Desktop\Tweaking.com - Windows Repair
2015-04-15 20:17 - 2015-04-15 20:17 - 10661081 _____ () C:\Users\admin\Downloads\tweaking.com_windows_repair_aio.zip
2015-04-15 19:45 - 2015-04-15 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-15 19:41 - 2015-04-15 20:14 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2015-04-15 19:38 - 2015-04-15 19:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.09.1.1004.exe
2015-04-09 23:44 - 2015-04-09 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-04-07 00:46 - 2015-04-07 00:48 - 00000000 ____D () C:\Users\admin\Documents\Spanien 2015
2015-04-05 00:33 - 2015-04-15 20:12 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 16:58 - 2015-04-09 23:44 - 00001940 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-03-31 16:58 - 2015-03-31 16:58 - 00024192 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB32.sys
2015-03-31 16:58 - 2015-03-31 16:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBB32_01007.Wdf
2015-03-22 00:07 - 2015-03-22 00:07 - 19605741 _____ () C:\Users\admin\Downloads\freeticnikkidreamje-wmv-1280-free.wmv
2015-03-22 00:04 - 2015-03-22 00:05 - 25021783 _____ () C:\Users\admin\Downloads\freeorgmorganblanchermx-wmv-1280-free.wmv
2015-03-22 00:02 - 2015-03-22 00:03 - 23493771 _____ () C:\Users\admin\Downloads\freeorgcristincaitlinmx-wmv-1280-free.wmv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 20:21 - 2015-02-02 20:44 - 00026263 _____ () C:\Users\admin\Downloads\FRST.txt
2015-04-21 20:21 - 2015-02-02 20:44 - 00000000 ____D () C:\FRST
2015-04-21 20:16 - 2015-02-02 20:32 - 00000472 _____ () C:\Users\admin\Downloads\defogger_disable.log
2015-04-21 20:10 - 2013-09-14 12:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 19:54 - 2010-07-08 13:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 19:51 - 2010-03-12 18:56 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 19:51 - 2010-03-12 18:56 - 00019120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 19:50 - 2010-03-12 19:57 - 00801964 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-21 19:45 - 2014-08-15 03:33 - 34319113 _____ () C:\Windows\setupact.log
2015-04-21 19:45 - 2010-07-08 13:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 19:45 - 2009-09-11 10:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-21 19:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 12:34 - 2010-03-12 19:45 - 01784846 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 01:21 - 2014-07-14 23:22 - 00015014 _____ () C:\Users\admin\Desktop\RBCQuiz.odt
2015-04-16 15:30 - 2010-03-13 00:17 - 00146960 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 15:25 - 2014-08-15 03:31 - 00110476 _____ () C:\Windows\PFRO.log
2015-04-16 15:25 - 2009-07-14 06:33 - 00492272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 22:11 - 2013-08-06 22:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 22:11 - 2013-08-06 22:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 20:12 - 2011-01-16 19:45 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2015-04-15 20:12 - 2010-01-13 21:42 - 00000000 ____D () C:\ProgramData\Real
2015-04-15 20:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-15 20:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-15 19:45 - 2014-08-15 00:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 19:41 - 2014-08-15 00:49 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 19:14 - 2010-03-12 19:01 - 00000000 ____D () C:\Users\admin
2015-04-09 23:44 - 2014-09-12 20:46 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2015-04-09 23:44 - 2014-09-12 20:45 - 00014242 _____ () C:\Windows\DPINST.LOG
2015-04-08 11:34 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 17:27 - 2014-09-12 20:47 - 00073216 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-03-31 17:19 - 2014-05-05 13:41 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-31 16:58 - 2014-09-12 20:46 - 00020352 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt32.sys
2015-03-31 16:57 - 2014-09-12 20:46 - 00161792 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-03-31 16:57 - 2014-09-12 20:46 - 00108032 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-03-31 16:57 - 2014-09-12 20:46 - 00087040 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-03-31 16:56 - 2014-09-12 20:43 - 00000000 ____D () C:\Program Files\Common Files\G Data

==================== Files in the root of some directories =======

2011-08-13 20:41 - 2011-08-13 20:39 - 0015832 _____ () C:\Program Files\0x0407.ini
2011-08-13 20:41 - 2011-08-13 20:40 - 0113152 _____ () C:\Program Files\1031.MST
2011-01-15 18:12 - 2011-01-15 18:12 - 0026727 _____ () C:\Program Files\Desktop.zip
2011-08-13 20:41 - 2011-08-13 20:40 - 97979392 _____ () C:\Program Files\Samsung New PC Studio.msi
2011-07-25 12:57 - 2011-07-25 12:58 - 21073936 _____ () C:\Program Files\vlc-1.1.11-win32.exe
2011-08-13 20:46 - 2011-08-13 20:46 - 0002528 _____ () C:\Users\admin\AppData\Roaming\$_hpcst$.hpc
2010-01-16 19:36 - 2010-01-28 04:05 - 0000165 _____ () C:\Users\admin\AppData\Roaming\default.rss
2014-09-12 20:46 - 2014-09-12 20:46 - 0000000 _____ () C:\Users\admin\AppData\Roaming\gdfw.log
2014-09-12 20:46 - 2014-09-12 20:46 - 0000779 _____ () C:\Users\admin\AppData\Roaming\gdscan.log
2004-01-26 17:15 - 2004-01-26 17:15 - 0233472 ____R () C:\Users\admin\AppData\Roaming\MafiaSetup.exe
2014-05-14 19:11 - 2014-08-19 00:11 - 0000094 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2010-08-27 11:47 - 2011-08-27 17:14 - 0006144 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-27 15:37 - 2013-08-01 11:15 - 0007611 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2012-02-21 19:36 - 2014-05-13 20:22 - 0017408 _____ () C:\Users\admin\AppData\Local\WebpageIcons.db
2010-05-01 23:53 - 2010-05-01 23:53 - 0000085 ___SH () C:\ProgramData\.zreglib
2010-06-02 06:21 - 2010-06-02 06:21 - 1347354 _____ () C:\ProgramData\Apr2005_d3dx9_25_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1078962 _____ () C:\ProgramData\Apr2005_d3dx9_25_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1397830 _____ () C:\ProgramData\Apr2006_d3dx9_30_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1115221 _____ () C:\ProgramData\Apr2006_d3dx9_30_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0916430 _____ () C:\ProgramData\Apr2006_MDX1_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 4162630 _____ () C:\ProgramData\Apr2006_MDX1_x86_Archive.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0179133 _____ () C:\ProgramData\Apr2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0133103 _____ () C:\ProgramData\Apr2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087101 _____ () C:\ProgramData\Apr2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046010 _____ () C:\ProgramData\Apr2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0698612 _____ () C:\ProgramData\APR2007_d3dx10_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0695865 _____ () C:\ProgramData\APR2007_d3dx10_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1607358 _____ () C:\ProgramData\APR2007_d3dx9_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1606039 _____ () C:\ProgramData\APR2007_d3dx9_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0195766 _____ () C:\ProgramData\APR2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0151225 _____ () C:\ProgramData\APR2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0096817 _____ () C:\ProgramData\APR2007_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0053302 _____ () C:\ProgramData\APR2007_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1350542 _____ () C:\ProgramData\Aug2005_d3dx9_27_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1077644 _____ () C:\ProgramData\Aug2005_d3dx9_27_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0182903 _____ () C:\ProgramData\AUG2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0137235 _____ () C:\ProgramData\AUG2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087142 _____ () C:\ProgramData\AUG2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046058 _____ () C:\ProgramData\AUG2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0852286 _____ () C:\ProgramData\AUG2007_d3dx10_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0796867 _____ () C:\ProgramData\AUG2007_d3dx10_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1800160 _____ () C:\ProgramData\AUG2007_d3dx9_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1708152 _____ () C:\ProgramData\AUG2007_d3dx9_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0198096 _____ () C:\ProgramData\AUG2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0153012 _____ () C:\ProgramData\AUG2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0867612 _____ () C:\ProgramData\Aug2008_d3dx10_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0849167 _____ () C:\ProgramData\Aug2008_d3dx10_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1794084 _____ () C:\ProgramData\Aug2008_d3dx9_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1464672 _____ () C:\ProgramData\Aug2008_d3dx9_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0121772 _____ () C:\ProgramData\Aug2008_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0092996 _____ () C:\ProgramData\Aug2008_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271412 _____ () C:\ProgramData\Aug2008_XAudio_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271038 _____ () C:\ProgramData\Aug2008_XAudio_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0919044 _____ () C:\ProgramData\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0900598 _____ () C:\ProgramData\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3112111 _____ () C:\ProgramData\Aug2009_d3dcsx_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3319740 _____ () C:\ProgramData\Aug2009_d3dcsx_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0232635 _____ () C:\ProgramData\Aug2009_d3dx10_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0192131 _____ () C:\ProgramData\Aug2009_d3dx10_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0136301 _____ () C:\ProgramData\Aug2009_d3dx11_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0105044 _____ () C:\ProgramData\Aug2009_d3dx11_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0930116 _____ () C:\ProgramData\Aug2009_d3dx9_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0728456 _____ () C:\ProgramData\Aug2009_d3dx9_42_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122408 _____ () C:\ProgramData\Aug2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093106 _____ () C:\ProgramData\Aug2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273264 _____ () C:\ProgramData\Aug2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272642 _____ () C:\ProgramData\Aug2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1357976 _____ () C:\ProgramData\Dec2005_d3dx9_28_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1079456 _____ () C:\ProgramData\Dec2005_d3dx9_28_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0212807 _____ () C:\ProgramData\DEC2006_d3dx10_00_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0191720 _____ () C:\ProgramData\DEC2006_d3dx10_00_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1571154 _____ () C:\ProgramData\DEC2006_d3dx9_32_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1574376 _____ () C:\ProgramData\DEC2006_d3dx9_32_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0192475 _____ () C:\ProgramData\DEC2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0145599 _____ () C:\ProgramData\DEC2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0089944 _____ (Microsoft Corporation) C:\ProgramData\DSETUP.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 1801048 _____ () C:\ProgramData\dsetup32.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 0042410 _____ () C:\ProgramData\dxdllreg_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0094011 _____ () C:\ProgramData\dxupdate.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1247499 _____ () C:\ProgramData\Feb2005_d3dx9_24_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1013225 _____ () C:\ProgramData\Feb2005_d3dx9_24_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1362796 _____ () C:\ProgramData\Feb2006_d3dx9_29_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1084720 _____ () C:\ProgramData\Feb2006_d3dx9_29_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0178359 _____ () C:\ProgramData\Feb2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0132409 _____ () C:\ProgramData\Feb2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0194675 _____ () C:\ProgramData\FEB2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0147983 _____ () C:\ProgramData\FEB2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054678 _____ () C:\ProgramData\Feb2010_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0020713 _____ () C:\ProgramData\Feb2010_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122446 _____ () C:\ProgramData\Feb2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093180 _____ () C:\ProgramData\Feb2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0276960 _____ () C:\ProgramData\Feb2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277191 _____ () C:\ProgramData\Feb2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1336002 _____ () C:\ProgramData\Jun2005_d3dx9_26_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1064925 _____ () C:\ProgramData\Jun2005_d3dx9_26_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0180785 _____ () C:\ProgramData\JUN2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0133671 _____ () C:\ProgramData\JUN2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0699044 _____ () C:\ProgramData\JUN2007_d3dx10_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0698472 _____ () C:\ProgramData\JUN2007_d3dx10_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607774 _____ () C:\ProgramData\JUN2007_d3dx9_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607286 _____ () C:\ProgramData\JUN2007_d3dx9_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197122 _____ () C:\ProgramData\JUN2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0152909 _____ () C:\ProgramData\JUN2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0867828 _____ () C:\ProgramData\JUN2008_d3dx10_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0849919 _____ () C:\ProgramData\JUN2008_d3dx10_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1792608 _____ () C:\ProgramData\JUN2008_d3dx9_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1463878 _____ () C:\ProgramData\JUN2008_d3dx9_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055154 _____ () C:\ProgramData\JUN2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021905 _____ () C:\ProgramData\JUN2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121054 _____ () C:\ProgramData\JUN2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093128 _____ () C:\ProgramData\JUN2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269628 _____ () C:\ProgramData\JUN2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269024 _____ () C:\ProgramData\JUN2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0944460 _____ () C:\ProgramData\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0931471 _____ () C:\ProgramData\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0752783 _____ () C:\ProgramData\Jun2010_d3dcsx_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0762188 _____ () C:\ProgramData\Jun2010_d3dcsx_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0235955 _____ () C:\ProgramData\Jun2010_d3dx10_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197283 _____ () C:\ProgramData\Jun2010_d3dx10_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138205 _____ () C:\ProgramData\Jun2010_d3dx11_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0109445 _____ () C:\ProgramData\Jun2010_d3dx11_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0937246 _____ () C:\ProgramData\Jun2010_d3dx9_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0768036 _____ () C:\ProgramData\Jun2010_d3dx9_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0124596 _____ () C:\ProgramData\Jun2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093686 _____ () C:\ProgramData\Jun2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277338 _____ () C:\ProgramData\Jun2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0278060 _____ () C:\ProgramData\Jun2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0844884 _____ () C:\ProgramData\Mar2008_d3dx10_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0818260 _____ () C:\ProgramData\Mar2008_d3dx10_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1769862 _____ () C:\ProgramData\Mar2008_d3dx9_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1443282 _____ () C:\ProgramData\Mar2008_d3dx9_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055058 _____ () C:\ProgramData\Mar2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021867 _____ () C:\ProgramData\Mar2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122336 _____ () C:\ProgramData\Mar2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093734 _____ () C:\ProgramData\Mar2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0251194 _____ () C:\ProgramData\Mar2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0226250 _____ () C:\ProgramData\Mar2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1067160 _____ () C:\ProgramData\Mar2009_d3dx10_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1040745 _____ () C:\ProgramData\Mar2009_d3dx10_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1973702 _____ () C:\ProgramData\Mar2009_d3dx9_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1612446 _____ () C:\ProgramData\Mar2009_d3dx9_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054600 _____ () C:\ProgramData\Mar2009_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021298 _____ () C:\ProgramData\Mar2009_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121506 _____ () C:\ProgramData\Mar2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092740 _____ () C:\ProgramData\Mar2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0275044 _____ () C:\ProgramData\Mar2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273018 _____ () C:\ProgramData\Mar2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0864600 _____ () C:\ProgramData\Nov2007_d3dx10_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0803884 _____ () C:\ProgramData\Nov2007_d3dx10_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1802058 _____ () C:\ProgramData\Nov2007_d3dx9_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1709360 _____ () C:\ProgramData\Nov2007_d3dx9_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0046144 _____ () C:\ProgramData\NOV2007_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0018496 _____ () C:\ProgramData\NOV2007_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0196762 _____ () C:\ProgramData\NOV2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0148264 _____ () C:\ProgramData\NOV2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0994154 _____ () C:\ProgramData\Nov2008_d3dx10_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0965421 _____ () C:\ProgramData\Nov2008_d3dx10_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1906878 _____ () C:\ProgramData\Nov2008_d3dx9_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1550796 _____ () C:\ProgramData\Nov2008_d3dx9_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054522 _____ () C:\ProgramData\Nov2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021851 _____ () C:\ProgramData\Nov2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121794 _____ () C:\ProgramData\Nov2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092684 _____ () C:\ProgramData\Nov2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273960 _____ () C:\ProgramData\Nov2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272611 _____ () C:\ProgramData\Nov2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0086037 _____ () C:\ProgramData\Oct2005_xinput_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0045359 _____ () C:\ProgramData\Oct2005_xinput_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1412902 _____ () C:\ProgramData\OCT2006_d3dx9_31_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1127217 _____ () C:\ProgramData\OCT2006_d3dx9_31_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0182361 _____ () C:\ProgramData\OCT2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138017 _____ () C:\ProgramData\OCT2006_XACT_x86.cab
2010-11-17 00:18 - 2014-11-14 23:21 - 0000024 _____ () C:\ProgramData\__FileUploader.log

Files to move or delete:
====================
C:\Users\admin\BootSafe.exe
C:\Users\admin\deupx.dll
C:\Users\admin\msvcr71.dll
C:\Users\admin\SASCore.exe
C:\Users\admin\SASCTXMN.DLL
C:\Users\admin\SASINST.EXE
C:\Users\admin\SASSEH.DLL
C:\Users\admin\SASWINLO.DLL
C:\Users\admin\SSUpdate.exe
C:\Users\admin\SUPERANTISPYWARE.EXE
C:\Users\admin\Uninstall.dat
C:\ProgramData\DSETUP.dll
C:\ProgramData\dsetup32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 20:09

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-21 21:31:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AACS-00ZUB0 rev.01.01B01 465,76GB
Running: Gmer-19357 (1).exe; Driver: C:\Users\admin\AppData\Local\Temp\pwlorpod.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495                                                                          8304F9E5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              83089312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.vmp2  C:\Windows\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0xA4AA669D]
.text  C:\Windows\system32\DRIVERS\athsgt.sys                                                                              section is writeable [0xA4AAB300, 0x21F20, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\Explorer.EXE[1804] SHELL32.dll!SHFileOperationW                                                          75CA9708 5 Bytes  JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text  C:\Program Files\Real\RealPlayer\Update\realsched.exe[3268] kernel32.dll!SetUnhandledExceptionFilter                7709F5AB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                  
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@AA7D254B                         3172
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0x2E 0xE8 0xE1 0x00 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x97 0x20 0x4E 0x9A ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0xAA 0x52 0xC6 0x00 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 2.1 ----

 

Themen zu Win7 startet nicht, schwarzer BS, ...
adobe, bluescreen, browser, defender, desktop, downloader, festplatte, flash player, google, helper, herunterfahren, home, homepage, hängen, kein bluescreen, keine rückmeldung, logfile, mozilla, realtek, registry, rundll, security, services.exe, software, svchost.exe, temp, wird nicht erkannt


« istartsurf | Hoher Ping bei Spielen (LoL & CS:GO usw. ) »


Ähnliche Themen: Win7 startet nicht, schwarzer BS, ...


  1. Win7 bootet nicht/ schwarzer Bildschirm / Abgesicherter Modus funktioniert nicht /driver aswrvrt.sys
    Alles rund um Windows - 28.12.2014 (5)
  2. AVIRA professional startet nicht mehr, AVAST setup geht auch nicht Win7 64
    Log-Analyse und Auswertung - 10.12.2014 (23)
  3. win7 startet nicht - nur schwarzer Bildschim und erneuter S+tart
    Alles rund um Windows - 14.09.2014 (24)
  4. Windows 7 startet nicht mehr - Schwarzer Bildschirm mit Mauszeiger
    Log-Analyse und Auswertung - 19.08.2014 (25)
  5. Win7 Avast deaktiviert und nicht aktivierbar schwarzer bildschirm
    Log-Analyse und Auswertung - 24.07.2014 (15)
  6. Windows 7: startet nicht richtig Trojaner? ähnlich BSI BKA, schwarzer Bildschirm
    Log-Analyse und Auswertung - 01.07.2014 (13)
  7. Windows 7 startet nicht mehr, schwarzer Bildschirm
    Log-Analyse und Auswertung - 24.06.2014 (7)
  8. Desktop PC startet nicht. Schwarzer Bildschirm Monate nach Bundestrojaner
    Netzwerk und Hardware - 21.03.2014 (15)
  9. Win7-64: Eltern-PC infiziert; ESET startet nicht, Malwarebytes updatet nicht
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (11)
  10. Sicherheitscenter Win7 startet nicht beim Start!
    Log-Analyse und Auswertung - 19.12.2013 (25)
  11. Win7 64bit startet nicht (c0000135 %hs missing)
    Log-Analyse und Auswertung - 17.10.2013 (19)
  12. Windows 8 startet nicht - schwarzer Bilderschirm - Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 25.08.2013 (7)
  13. Windows 7 startet nicht mehr, schwarzer Bildschirm beim Booten mit weißem Mauszeiger
    Log-Analyse und Auswertung - 19.03.2013 (0)
  14. WIN7 explorer.exe startet nicht korrekt
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (1)
  15. Windows startet nicht mehr! Nur schwarzer Bildschirm mit Cursor oben links!
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (11)
  16. PC startet nicht- schwarzer Bildschirm, habe CPU im Verdacht.
    Netzwerk und Hardware - 01.09.2010 (15)
  17. Windows XP / schwarzer Bildschirm / explorer startet nicht
    Alles rund um Windows - 23.08.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 startet nicht, schwarzer BS, ... - Hallo, ich habe bereits viel recherchiert, hier und anderswo, nichts passt richtig: Mein PC startet beim ersten Mal meist nicht mehr (kein Mauszeiger, kein Bluescreen), erst beim "Kaltstart". Systemstartreparatur u. - Win7 startet nicht, schwarzer BS, ......
Archiv
Du betrachtest: Win7 startet nicht, schwarzer BS, ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19