ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bc0a617a6bd8634da5ecdd10f72707fb
# engine=14761
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-13 07:15:15
# local_time=2013-08-13 09:15:15 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 3229 241841005 0 0
# scanned=13555
# found=0
# cleaned=0
# scan_time=2301
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bc0a617a6bd8634da5ecdd10f72707fb
# engine=14788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-15 09:00:18
# local_time=2013-08-15 11:00:18 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 8004 242020108 749 0
# scanned=134071
# found=2
# cleaned=0
# scan_time=7048
sh=23954B8D4CFD2A4288E214AFAF22CB7681848D46 ft=1 fh=77e18eed0404687d vn="a variant of Win32/Kryptik.BFNU trojan" ac=I fn="C:\WINXP\system32\recovere.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="probably a variant of Win32/Ponmocup.AA trojan" ac=I fn="${Memory}"
Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (23.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Administrator (administrator) on 15-08-2013 23:49:54
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINXP\System32\smss.exe
(Microsoft Corporation) C:\WINXP\system32\csrss.exe
(Microsoft Corporation) C:\WINXP\system32\winlogon.exe
(Microsoft Corporation) C:\WINXP\system32\services.exe
(Microsoft Corporation) C:\WINXP\system32\lsass.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
() C:\WINXP\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINXP\System32\bcmwltry.exe
(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe
(IDT, Inc.) c:\programme\idt\wdm\stacsv.exe
(Microsoft Corporation) C:\WINXP\system32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Preventon Technologies Limited) C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVScanningService.exe
(Preventon Technologies Limited) C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVWatchService.exe
(Teruten) C:\WINXP\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Intel Corporation) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Programme\Dell\Dell WWAN\WMCore\WMCore.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\WMPNetwk.exe
(Microsoft Corporation) C:\WINXP\Explorer.EXE
(Intel Corporation) C:\WINXP\system32\hkcmd.exe
(Intel Corporation) C:\WINXP\system32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Dell Inc.) C:\WINXP\system32\WLTRAY.exe
(Microsoft Corporation) C:\WINXP\system32\ctfmon.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINXP\system32\wbem\wmiapsrv.exe
(Microsoft Corporation) C:\WINXP\System32\alg.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINXP\system32\rundll32.exe
(Microsoft Corporation) C:\WINXP\system32\NOTEPAD.EXE
(Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\WINXP\system32\hkcmd.exe [170008 2010-07-14] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\WINXP\system32\igfxpers.exe [145432 2010-07-14] (Intel Corporation)
HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IgfxTray] - C:\WINXP\system32\igfxtray.exe [136216 2010-07-14] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINXP\system32\WLTRAY.exe [2670592 2012-10-18] (Dell Inc.)
HKLM\...\Run: [AESTFltr] - %SystemRoot%\system32\AESTFltr.exe /NoDlg [x]
HKLM\...\Winlogon: [Userinit] C:\WINXP\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll [X]
Winlogon\Notify\cryptnet: cryptnet.dll [X]
Winlogon\Notify\cscdll: cscdll.dll [X]
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\Schedule: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: sclgntfy.dll [X]
Winlogon\Notify\SensLogn: WlNotify.dll [X]
Winlogon\Notify\termsrv: wlnotify.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
Winlogon\Notify\wlballoon: wlnotify.dll [X]
HKCU\...\Run: [ctfmon.exe] - C:\WINXP\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\_uninst_botsuche.exe.lnk
ShortcutTarget: _uninst_botsuche.exe.lnk -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\_uninst_botsuche.exe.bat (No File)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll No File
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll No File
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\2q4vxv5t.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINXP\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-07-19] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-03] (Avira Operations GmbH & Co. KG)
S3 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R2 EventSystem; C:\WINXP\system32\es.dll [253952 2009-08-03] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 FsUsbExService; C:\WINXP\system32\FsUsbExService.Exe [233472 2013-06-14] (Teruten)
S3 idsvc; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
R2 LMS; C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824 2009-11-04] (Intel Corporation)
S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-10] (Mozilla Foundation)
S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [143360 2008-04-14] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 STacSV; c:\programme\idt\wdm\stacsv.exe [229458 2010-04-07] (IDT, Inc.)
S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation)
R2 UNS; C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920 2009-11-04] (Intel Corporation)
R2 VMCService; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone)
R2 WMCoreService; C:\Programme\Dell\Dell WWAN\WMCore\WMCore.exe [695296 2009-10-28] ()
S3 WmdmPmSN; C:\WINXP\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation)
R3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2009-02-04] (Microsoft Corporation)
S4 Alerter; %SystemRoot%\system32\alrsvc.dll [x]
R3 ALG; %SystemRoot%\System32\alg.exe [x]
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
R2 AudioSrv; %SystemRoot%\System32\audiosrv.dll [x]
R2 AV Engine Scanning Service; C:/Programme/Gemeinsame Dateien/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service; C:/Programme/Gemeinsame Dateien/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]
S3 BITS; %systemroot%\system32\qmgr.dll [x]
R2 Browser; %SystemRoot%\System32\browser.dll [x]
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [x]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
R2 CryptSvc; %SystemRoot%\System32\cryptsvc.dll [x]
R2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [x]
R2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [x]
S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x]
R2 dmserver; %SystemRoot%\System32\dmserver.dll [x]
R2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [x]
S3 Dot3svc; %SystemRoot%\System32\dot3svc.dll [x]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [x]
R2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
R2 Eventlog; %SystemRoot%\system32\services.exe [x]
R3 FastUserSwitchingCompatibility; %SystemRoot%\System32\shsvcs.dll [x]
R2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [x]
S3 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 hkmsvc; %SystemRoot%\System32\kmsvc.dll [x]
R3 HTTPFilter; %SystemRoot%\System32\w3ssl.dll [x]
S3 ImapiService; %systemroot%\system32\imapi.exe [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
R2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [x]
R2 lanmanworkstation; %SystemRoot%\System32\wkssvc.dll [x]
R2 LmHosts; %SystemRoot%\System32\lmhsvc.dll [x]
S4 Messenger; %SystemRoot%\System32\msgsvc.dll [x]
S3 MSIServer; %SystemRoot%\system32\msiexec.exe /V [x]
S3 napagent; %SystemRoot%\System32\qagentrt.dll [x]
S4 NetDDE; %SystemRoot%\system32\netdde.exe [x]
S4 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x]
S3 Netlogon; %SystemRoot%\system32\lsass.exe [x]
R3 Netman; %SystemRoot%\System32\netman.dll [x]
R3 Nla; %SystemRoot%\System32\mswsock.dll [x]
S3 NtLmSsp; %SystemRoot%\system32\lsass.exe [x]
S3 NtmsSvc; %SystemRoot%\system32\ntmssvc.dll [x]
R2 PlugPlay; %SystemRoot%\system32\services.exe [x]
R2 PolicyAgent; %SystemRoot%\system32\lsass.exe [x]
R2 ProtectedStorage; %SystemRoot%\system32\lsass.exe [x]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [x]
R3 RasMan; %SystemRoot%\System32\rasmans.dll [x]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [x]
S4 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]
R2 RpcSs; %SystemRoot%\system32\rpcss.dll [x]
S3 RSVP; %SystemRoot%\system32\rsvp.exe [x]
R2 SamSs; %SystemRoot%\system32\lsass.exe [x]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x]
R2 Schedule; %SystemRoot%\system32\schedsvc.dll [x]
R2 seclogon; %SystemRoot%\System32\seclogon.dll [x]
R2 SENS; %SystemRoot%\system32\sens.dll [x]
R2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [x]
R2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [x]
R2 Spooler; %SystemRoot%\system32\spoolsv.exe [x]
R2 srservice; %SystemRoot%\system32\srsvc.dll [x]
R3 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [x]
R2 stisvc; %SystemRoot%\system32\wiaservc.dll [x]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{861AEBB7-1C9A-4391-BAFF-83D353DE5DD3} [x]
S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x]
R3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [x]
R3 TermService; %SystemRoot%\System32\termsrv.dll [x]
R2 Themes; %SystemRoot%\System32\shsvcs.dll [x]
R2 TrkWks; %SystemRoot%\system32\trkwks.dll [x]
R3 upnphost; %SystemRoot%\System32\upnphost.dll [x]
S3 UPS; %SystemRoot%\System32\ups.exe [x]
S3 VSS; %SystemRoot%\System32\vssvc.exe [x]
S3 W32Time; %systemroot%\system32\w32time.dll [x]
S3 WebClient; %SystemRoot%\System32\webclnt.dll [x]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [x]
R2 wltrysvc; %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe [x]
S3 Wmi; %SystemRoot%\System32\advapi32.dll [x]
S4 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]
R2 wuauserv; %systemroot%\system32\wuauserv.dll [x]
R2 WudfSvc; %SystemRoot%\System32\WUDFSvc.dll [x]
S2 WZCSVC; %SystemRoot%\System32\wzcsvc.dll [x]
S3 xmlprov; %SystemRoot%\System32\xmlprov.dll [x]
==================== Drivers (Whitelisted) ====================
S3 cpudrv; C:\Programme\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R3 FsUsbExDisk; C:\WINXP\system32\FsUsbExDisk.SYS [37344 2013-06-14] ()
S3 MBAMSwissArmy; C:\WINXP\system32\drivers\mbamswissarmy.sys [40776 2013-07-21] (Malwarebytes Corporation)
R0 ACPI; system32\DRIVERS\ACPI.sys [x]
S4 ACPIEC; No ImagePath
S3 aec; system32\drivers\aec.sys [x]
R3 AESTAud; system32\drivers\AESTAud.sys [x]
S3 Afc; system32\drivers\Afc.sys [x]
R1 AFD; \SystemRoot\System32\drivers\afd.sys [x]
R3 AsyncMac; system32\DRIVERS\asyncmac.sys [x]
R0 atapi; system32\DRIVERS\atapi.sys [x]
S3 Atmarpc; system32\DRIVERS\atmarpc.sys [x]
R3 audstub; system32\DRIVERS\audstub.sys [x]
R3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
R3 BCM43XX; system32\DRIVERS\bcmwl5.sys [x]
R1 Beep; No ImagePath
S3 btaudio; system32\drivers\btaudio.sys [x]
S3 BTDriver; system32\DRIVERS\btport.sys [x]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [x]
S3 btwhid; system32\DRIVERS\btwhid.sys [x]
S3 BTWUSB; System32\Drivers\btwusb.sys [x]
S3 catchme; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys [x]
S4 cbidf2k; No ImagePath
S3 CCDECODE; system32\DRIVERS\CCDECODE.sys [x]
S1 Cdaudio; No ImagePath
R4 Cdfs; No ImagePath
R1 Cdrom; system32\DRIVERS\cdrom.sys [x]
R3 CmBatt; system32\DRIVERS\CmBatt.sys [x]
R0 Compbatt; system32\DRIVERS\compbatt.sys [x]
U3 DfSdkS;
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
R0 Disk; system32\DRIVERS\disk.sys [x]
S4 dmboot; System32\drivers\dmboot.sys [x]
R0 dmio; System32\drivers\dmio.sys [x]
R0 dmload; System32\drivers\dmload.sys [x]
S3 DMusic; system32\drivers\DMusic.sys [x]
S3 dot4; system32\DRIVERS\Dot4.sys [x]
S3 Dot4Print; system32\DRIVERS\Dot4Prt.sys [x]
S3 dot4usb; system32\DRIVERS\dot4usb.sys [x]
S3 drmkaud; system32\drivers\drmkaud.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 Fastfat; No ImagePath
S1 Fdc; No ImagePath
R1 Fips; No ImagePath
S1 Flpydisk; No ImagePath
R0 FltMgr; system32\DRIVERS\fltMgr.sys [x]
U1 Fs_Rec; No ImagePath
R0 Ftdisk; system32\DRIVERS\ftdisk.sys [x]
R3 Gpc; system32\DRIVERS\msgpc.sys [x]
R3 HDAudBus; system32\DRIVERS\HDAudBus.sys [x]
R3 HECI; system32\DRIVERS\HECI.sys [x]
R3 hidusb; system32\DRIVERS\hidusb.sys [x]
R3 HTTP; System32\Drivers\HTTP.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
R1 i8042prt; system32\DRIVERS\i8042prt.sys [x]
R3 ialm; system32\DRIVERS\igxpmp32.sys [x]
R1 Imapi; system32\DRIVERS\imapi.sys [x]
R3 Impcd; system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud; system32\DRIVERS\IntcDAud.sys [x]
S4 IntelIde; No ImagePath
R1 intelppm; system32\DRIVERS\intelppm.sys [x]
S3 Ip6Fw; system32\DRIVERS\Ip6Fw.sys [x]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
R3 IpNat; system32\DRIVERS\ipnat.sys [x]
R1 IPSec; system32\DRIVERS\ipsec.sys [x]
S3 IRENUM; system32\DRIVERS\irenum.sys [x]
R0 isapnp; system32\DRIVERS\isapnp.sys [x]
R1 Kbdclass; system32\DRIVERS\kbdclass.sys [x]
R1 kbdhid; system32\DRIVERS\kbdhid.sys [x]
R3 kmixer; system32\drivers\kmixer.sys [x]
R0 KSecDD; No ImagePath
S3 massfilter; system32\DRIVERS\massfilter.sys [x]
R1 mnmdd; No ImagePath
S3 Modem; No ImagePath
R1 Mouclass; system32\DRIVERS\mouclass.sys [x]
R3 mouhid; system32\DRIVERS\mouhid.sys [x]
R0 MountMgr; No ImagePath
S3 MRxDAV; system32\DRIVERS\mrxdav.sys [x]
R1 MRxSmb; system32\DRIVERS\mrxsmb.sys [x]
R1 Msfs; No ImagePath
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
S3 MSPQM; system32\drivers\MSPQM.sys [x]
R3 mssmbios; system32\DRIVERS\mssmbios.sys [x]
S3 MSTEE; system32\drivers\MSTEE.sys [x]
R0 Mup; No ImagePath
S3 NABTSFEC; system32\DRIVERS\NABTSFEC.sys [x]
R0 NDIS; No ImagePath
S3 NdisIP; system32\DRIVERS\NdisIP.sys [x]
R3 NdisTapi; system32\DRIVERS\ndistapi.sys [x]
R3 Ndisuio; system32\DRIVERS\ndisuio.sys [x]
R3 NdisWan; system32\DRIVERS\ndiswan.sys [x]
R3 NDProxy; No ImagePath
R1 NetBIOS; system32\DRIVERS\netbios.sys [x]
R1 NetBT; system32\DRIVERS\netbt.sys [x]
R1 Npfs; No ImagePath
S3 NSNDIS5; \??\C:\WINXP\system32\NSNDIS5.SYS [x]
R4 Ntfs; No ImagePath
R1 Null; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Parport; No ImagePath
R0 PartMgr; No ImagePath
S2 ParVdm; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
R0 PCI; system32\DRIVERS\pci.sys [x]
R0 PCIIde; system32\DRIVERS\pciide.sys [x]
S4 Pcmcia; No ImagePath
R3 PptpMiniport; system32\DRIVERS\raspptp.sys [x]
R3 PSched; system32\DRIVERS\psched.sys [x]
R3 Ptilink; system32\DRIVERS\ptilink.sys [x]
R1 RasAcd; system32\DRIVERS\rasacd.sys [x]
R3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [x]
R3 RasPppoe; system32\DRIVERS\raspppoe.sys [x]
R3 Raspti; system32\DRIVERS\raspti.sys [x]
R1 Rdbss; system32\DRIVERS\rdbss.sys [x]
R1 RDPCDD; System32\DRIVERS\RDPCDD.sys [x]
R3 rdpdr; system32\DRIVERS\rdpdr.sys [x]
S3 RDPWD; No ImagePath
R1 redbook; system32\DRIVERS\redbook.sys [x]
R3 RTLE8023xp; system32\DRIVERS\Rtenicxp.sys [x]
S3 Secdrv; system32\DRIVERS\secdrv.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [x]
S3 Serenum; system32\DRIVERS\serenum.sys [x]
S3 Serial; No ImagePath
S3 sermouse; system32\DRIVERS\sermouse.sys [x]
S3 Sfloppy; system32\DRIVERS\sfloppy.sys [x]
S3 SLIP; system32\DRIVERS\SLIP.sys [x]
S3 splitter; system32\drivers\splitter.sys [x]
R0 sr; system32\DRIVERS\sr.sys [x]
R3 Srv; system32\DRIVERS\srv.sys [x]
R1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
S2 StarOpen; No ImagePath
R3 STHDA; system32\drivers\sthda.sys [x]
S3 streamip; system32\DRIVERS\StreamIP.sys [x]
R3 swenum; system32\DRIVERS\swenum.sys [x]
S3 swmidi; system32\drivers\swmidi.sys [x]
R3 sysaudio; system32\drivers\sysaudio.sys [x]
R1 Tcpip; system32\DRIVERS\tcpip.sys [x]
S3 TDPIPE; No ImagePath
S3 TDTCP; No ImagePath
R1 TermDD; system32\DRIVERS\termdd.sys [x]
S4 Udfs; No ImagePath
R3 Update; system32\DRIVERS\update.sys [x]
R3 usbccgp; system32\DRIVERS\usbccgp.sys [x]
R3 usbehci; system32\DRIVERS\usbehci.sys [x]
R3 usbhub; system32\DRIVERS\usbhub.sys [x]
S3 usbscan; system32\DRIVERS\usbscan.sys [x]
S3 usbser; system32\DRIVERS\usbser1330.sys [x]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [x]
S3 usbuhci; system32\DRIVERS\usbuhci.sys [x]
R3 usbvideo; System32\Drivers\usbvideo.sys [x]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x]
R0 VolSnap; No ImagePath
R3 Wanarp; system32\DRIVERS\wanarp.sys [x]
S3 Wdf01000; System32\Drivers\wdf01000.sys [x]
R3 wdmaud; system32\drivers\wdmaud.sys [x]
S3 WinUSB; system32\DRIVERS\WinUSB.sys [x]
R1 WmiAcpi; system32\DRIVERS\wmiacpi.sys [x]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [x]
R1 WS2IFSL; \SystemRoot\System32\drivers\ws2ifsl.sys [x]
S3 WSTCODEC; system32\DRIVERS\WSTCODEC.SYS [x]
R0 WudfPf; system32\DRIVERS\WudfPf.sys [x]
S3 WudfRd; system32\DRIVERS\wudfrd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 23:48 - 2013-08-15 23:48 - 01575570 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST64.exe
2013-08-15 23:36 - 2013-08-15 23:36 - 00891115 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-08-15 20:48 - 2013-08-15 20:48 - 00068096 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Einteilung KW34-13.xls
2013-08-15 13:39 - 2013-08-15 13:39 - 00002247 _____ C:\WINXP\setupapi.log
2013-08-15 13:39 - 2013-08-15 13:39 - 00001426 _____ C:\WINXP\setupact.log
2013-08-15 13:39 - 2013-08-15 13:39 - 00000000 _____ C:\WINXP\setuperr.log
2013-08-14 07:53 - 2013-08-14 07:53 - 00741658 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Kassel Waldau.xlsx
2013-08-13 20:30 - 2013-08-13 20:30 - 00000000 ____D C:\Programme\ESET
2013-08-12 19:48 - 2013-08-12 19:48 - 00001439 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner[S2].txt
2013-08-12 19:46 - 2013-08-12 19:49 - 00000926 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-08-12 19:43 - 2013-08-12 19:43 - 00959697 _____ (Oleg N. Scherbakov) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-08-12 19:35 - 2013-08-12 19:48 - 00001439 _____ C:\AdwCleaner[S2].txt
2013-08-12 19:35 - 2013-08-12 19:35 - 00666633 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-08-11 19:49 - 2013-08-11 19:49 - 00000000 ____D C:\Dokumente und Einstellungen\NetworkService\Application Data\Vodafone
2013-08-11 19:41 - 2013-08-11 19:47 - 00000000 ___SD C:\ComboFix
2013-08-11 17:54 - 2013-08-11 19:19 - 00009876 _____ C:\WINXP\system32\reset.log
2013-08-11 17:42 - 2013-08-11 17:42 - 00000000 ____D C:\RegBackup
2013-08-11 17:10 - 2013-08-11 19:33 - 00181064 _____ (Sysinternals) C:\WINXP\PSEXESVC.EXE
2013-08-10 17:26 - 2013-08-10 23:15 - 00019030 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Mappe1.xlsx
2013-08-10 17:14 - 2013-08-10 17:14 - 00000000 ____D C:\Qoobox
2013-08-10 17:14 - 2011-06-26 08:45 - 00256000 _____ C:\WINXP\PEV.exe
2013-08-10 17:14 - 2010-11-07 19:20 - 00208896 _____ C:\WINXP\MBR.exe
2013-08-10 17:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00098816 _____ C:\WINXP\sed.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00080412 _____ C:\WINXP\grep.exe
2013-08-10 17:14 - 2000-08-31 02:00 - 00068096 _____ C:\WINXP\zip.exe
2013-08-10 17:11 - 2013-08-11 19:41 - 05104749 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-08-10 16:35 - 2013-08-10 16:35 - 00000000 ____D C:\WINXP\system32\LogFiles
2013-08-10 13:03 - 2013-08-10 13:35 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-10 11:46 - 2013-08-13 21:28 - 00000000 ____D C:\WINXP\Minidump
2013-08-10 11:40 - 2013-08-10 11:40 - 00000000 _RSHD C:\cmdcons
2013-08-10 11:40 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr
2013-08-10 11:35 - 2013-08-10 17:14 - 00000000 ____D C:\WINXP\erdnt
2013-08-10 11:15 - 2013-08-10 11:15 - 00000000 ____D C:\FRST
2013-08-08 10:41 - 2013-08-08 17:49 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Steiger KW 32
2013-08-07 17:52 - 2013-08-07 17:52 - 00434217 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Holzwickede Dorf nachher.xlsx
2013-08-06 10:53 - 2013-08-06 10:53 - 00850227 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Wickede Dorf.xlsx
2013-08-02 08:55 - 2013-08-02 08:59 - 00000000 ____D C:\WINXP\pss
2013-07-27 12:32 - 2013-06-14 12:57 - 00233472 _____ (Teruten) C:\WINXP\system32\FsUsbExService.Exe
2013-07-27 12:32 - 2013-06-14 12:57 - 00037344 _____ C:\WINXP\system32\FsUsbExDisk.Sys
2013-07-27 12:32 - 2012-08-28 10:05 - 00110592 _____ () C:\WINXP\system32\FsUsbExDevice.Dll
2013-07-27 12:22 - 2013-07-27 12:22 - 00000000 __HDC C:\WINXP\$NtUninstallwinusb0200$
2013-07-27 12:22 - 2013-07-27 12:22 - 00000000 ____H C:\WINXP\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-27 08:45 - 2013-07-27 08:45 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\.android
2013-07-27 08:44 - 2013-07-27 08:44 - 00000000 ____D C:\Programme\ClockworkMod
2013-07-24 19:32 - 2013-07-25 17:54 - 00750251 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots RE Hillerheide Süd.xlsx
2013-07-20 15:52 - 2013-07-21 19:08 - 00040776 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamswissarmy.sys
2013-07-20 14:48 - 2013-07-20 14:48 - 00000000 ____D C:\WINXP\ERUNT
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Common Toolkit Suite
2013-07-20 12:15 - 2013-07-20 13:36 - 00000000 ____D C:\WINXP\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-20 12:15 - 2013-07-20 12:15 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-20 12:14 - 2013-07-20 12:14 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-20 07:14 - 2013-08-03 09:53 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-07-20 07:14 - 2013-08-03 09:53 - 00000000 ____D C:\Programme\CCleaner
2013-07-19 20:38 - 2013-07-19 20:38 - 00000000 ____H C:\WINXP\system32\config\system.sav.LOG
2013-07-19 20:38 - 2013-07-19 20:38 - 00000000 ____H C:\WINXP\system32\config\software.sav.LOG
2013-07-19 20:37 - 2013-07-19 20:37 - 00000000 ____H C:\WINXP\system32\config\SECURITY.sav.LOG
2013-07-19 20:37 - 2013-07-19 20:37 - 00000000 ____H C:\WINXP\system32\config\SAM.sav.LOG
2013-07-19 20:35 - 2013-07-19 20:39 - 00002510 _____ C:\WINXP\system32\ASOROSet.bin
2013-07-19 20:35 - 2013-07-19 20:35 - 00000000 ____D C:\WINXP\system32\config\RCCBakup
2013-07-19 20:29 - 2013-07-19 20:29 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\amazon
2013-07-19 20:28 - 2013-08-10 17:21 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-07-19 20:28 - 2013-07-19 20:28 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
==================== One Month Modified Files and Folders =======
2013-08-15 23:49 - 2013-08-15 23:49 - 01068807 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-08-15 23:48 - 2013-08-15 23:48 - 01575570 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST64.exe
2013-08-15 23:36 - 2013-08-15 23:36 - 00891115 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-08-15 23:04 - 2012-04-09 09:54 - 00000880 _____ C:\WINXP\Tasks\Adobe Flash Player Updater.job
2013-08-15 20:48 - 2013-08-15 20:48 - 00068096 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Einteilung KW34-13.xls
2013-08-15 20:45 - 2011-04-21 12:28 - 00000000 ____D C:\WINXP
2013-08-15 20:45 - 2011-04-21 10:43 - 02069641 _____ C:\WINXP\WindowsUpdate.log
2013-08-15 20:44 - 2011-04-21 11:38 - 00000050 _____ C:\WINXP\wiaservc.log
2013-08-15 20:44 - 2011-04-21 11:37 - 00000159 _____ C:\WINXP\wiadebug.log
2013-08-15 20:44 - 2008-04-14 08:00 - 00002206 _____ C:\WINXP\system32\wpa.dbl
2013-08-15 20:43 - 2013-07-04 18:49 - 00000318 _____ C:\WINXP\Tasks\Qxzgdjinei.job
2013-08-15 20:43 - 2011-04-21 10:53 - 00000006 ____H C:\WINXP\Tasks\SA.DAT
2013-08-15 14:18 - 2011-04-21 10:53 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-08-15 14:18 - 2011-04-21 10:53 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-08-15 14:18 - 2011-04-21 10:52 - 00032546 _____ C:\WINXP\SchedLgU.Txt
2013-08-15 13:39 - 2013-08-15 13:39 - 00002247 _____ C:\WINXP\setupapi.log
2013-08-15 13:39 - 2013-08-15 13:39 - 00001426 _____ C:\WINXP\setupact.log
2013-08-15 13:39 - 2013-08-15 13:39 - 00000000 _____ C:\WINXP\setuperr.log
2013-08-14 07:53 - 2013-08-14 07:53 - 00741658 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Kassel Waldau.xlsx
2013-08-13 21:38 - 2012-12-21 13:18 - 00000000 ____D C:\Programme\MyFree Codec
2013-08-13 21:36 - 2012-12-14 18:27 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung
2013-08-13 21:35 - 2011-04-21 11:08 - 00000000 ___HD C:\Programme\InstallShield Installation Information
2013-08-13 21:33 - 2013-01-22 09:37 - 00000000 ____D C:\Programme\Samsung
2013-08-13 21:28 - 2013-08-10 11:46 - 00000000 ____D C:\WINXP\Minidump
2013-08-13 20:30 - 2013-08-13 20:30 - 00000000 ____D C:\Programme\ESET
2013-08-13 20:30 - 2011-04-21 11:35 - 00000000 ___RD C:\Programme
2013-08-12 19:49 - 2013-08-12 19:46 - 00000926 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-08-12 19:48 - 2013-08-12 19:48 - 00001439 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner[S2].txt
2013-08-12 19:48 - 2013-08-12 19:35 - 00001439 _____ C:\AdwCleaner[S2].txt
2013-08-12 19:43 - 2013-08-12 19:43 - 00959697 _____ (Oleg N. Scherbakov) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-08-12 19:35 - 2013-08-12 19:35 - 00666633 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-08-11 19:49 - 2013-08-11 19:49 - 00000000 ____D C:\Dokumente und Einstellungen\NetworkService\Application Data\Vodafone
2013-08-11 19:49 - 2011-04-21 10:48 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-08-11 19:47 - 2013-08-11 19:41 - 00000000 ___SD C:\ComboFix
2013-08-11 19:41 - 2013-08-10 17:11 - 05104749 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-08-11 19:37 - 2011-04-21 11:35 - 01107104 _____ C:\WINXP\system32\PerfStringBackup.INI
2013-08-11 19:35 - 2011-08-09 06:30 - 00166712 _____ C:\WINXP\system32\FNTCACHE.DAT
2013-08-11 19:33 - 2013-08-11 17:10 - 00181064 _____ (Sysinternals) C:\WINXP\PSEXESVC.EXE
2013-08-11 19:19 - 2013-08-11 17:54 - 00009876 _____ C:\WINXP\system32\reset.log
2013-08-11 19:19 - 2011-04-21 10:44 - 00023392 _____ C:\WINXP\system32\nscompat.tlb
2013-08-11 19:19 - 2011-04-21 10:44 - 00016832 _____ C:\WINXP\system32\amcompat.tlb
2013-08-11 17:56 - 2011-04-21 10:40 - 00000000 ____D C:\WINXP\Registration
2013-08-11 17:43 - 2011-04-21 12:28 - 00000000 ____D C:\WINXP\repair
2013-08-11 17:42 - 2013-08-11 17:42 - 00000000 ____D C:\RegBackup
2013-08-10 23:15 - 2013-08-10 17:26 - 00019030 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Mappe1.xlsx
2013-08-10 19:31 - 2011-05-06 16:17 - 00000000 ____D C:\WINXP\system32\NtmsData
2013-08-10 17:53 - 2011-04-21 10:41 - 00000000 ____D C:\WINXP\system32\Restore
2013-08-10 17:21 - 2013-07-19 20:28 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-10 17:14 - 2013-08-10 17:14 - 00000000 ____D C:\Qoobox
2013-08-10 17:14 - 2013-08-10 11:35 - 00000000 ____D C:\WINXP\erdnt
2013-08-10 16:35 - 2013-08-10 16:35 - 00000000 ____D C:\WINXP\system32\LogFiles
2013-08-10 13:35 - 2013-08-10 13:03 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-10 11:40 - 2013-08-10 11:40 - 00000000 _RSHD C:\cmdcons
2013-08-10 11:40 - 2011-04-21 12:32 - 00000323 __RSH C:\boot.ini
2013-08-10 11:15 - 2013-08-10 11:15 - 00000000 ____D C:\FRST
2013-08-08 17:49 - 2013-08-08 10:41 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Steiger KW 32
2013-08-07 17:52 - 2013-08-07 17:52 - 00434217 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Holzwickede Dorf nachher.xlsx
2013-08-06 10:53 - 2013-08-06 10:53 - 00850227 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots Wickede Dorf.xlsx
2013-08-06 10:29 - 2008-04-14 08:00 - 00000582 _____ C:\WINXP\win.ini
2013-08-06 10:29 - 2008-04-14 08:00 - 00000227 _____ C:\WINXP\system.ini
2013-08-03 09:53 - 2013-07-20 07:14 - 00000654 _____ C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
2013-08-03 09:53 - 2013-07-20 07:14 - 00000000 ____D C:\Programme\CCleaner
2013-08-02 08:59 - 2013-08-02 08:55 - 00000000 ____D C:\WINXP\pss
2013-08-01 13:27 - 2012-12-14 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\SelfMV
2013-08-01 13:26 - 2011-04-21 11:34 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-08-01 12:05 - 2012-01-22 16:56 - 00000664 _____ C:\WINXP\system32\d3d9caps.dat
2013-08-01 07:30 - 2013-06-26 16:46 - 03283456 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Anfahrtsbeschreibung Offline_20130128.xls
2013-07-27 13:31 - 2011-04-21 10:53 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2013-07-27 12:22 - 2013-07-27 12:22 - 00000000 __HDC C:\WINXP\$NtUninstallwinusb0200$
2013-07-27 12:22 - 2013-07-27 12:22 - 00000000 ____H C:\WINXP\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-27 08:45 - 2013-07-27 08:45 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\.android
2013-07-27 08:44 - 2013-07-27 08:44 - 00000000 ____D C:\Programme\ClockworkMod
2013-07-25 17:54 - 2013-07-24 19:32 - 00750251 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Screenshots RE Hillerheide Süd.xlsx
2013-07-21 19:08 - 2013-07-20 15:52 - 00040776 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamswissarmy.sys
2013-07-20 14:48 - 2013-07-20 14:48 - 00000000 ____D C:\WINXP\ERUNT
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Common Toolkit Suite
2013-07-20 13:36 - 2013-07-20 12:15 - 00000000 ____D C:\WINXP\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-20 12:15 - 2013-07-20 12:15 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-20 12:14 - 2013-07-20 12:14 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-19 20:39 - 2013-07-19 20:35 - 00002510 _____ C:\WINXP\system32\ASOROSet.bin
2013-07-19 20:39 - 2011-04-21 12:32 - 31719424 _____ C:\WINXP\system32\config\software.bak
2013-07-19 20:39 - 2011-04-21 12:32 - 05242880 _____ C:\WINXP\system32\config\system.bak
2013-07-19 20:39 - 2011-04-21 11:33 - 00057344 _____ C:\WINXP\system32\config\SECURITY.bak
2013-07-19 20:38 - 2013-07-19 20:38 - 00000000 ____H C:\WINXP\system32\config\system.sav.LOG
2013-07-19 20:38 - 2013-07-19 20:38 - 00000000 ____H C:\WINXP\system32\config\software.sav.LOG
2013-07-19 20:38 - 2011-04-21 10:52 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-07-19 20:37 - 2013-07-19 20:37 - 00000000 ____H C:\WINXP\system32\config\SECURITY.sav.LOG
2013-07-19 20:37 - 2013-07-19 20:37 - 00000000 ____H C:\WINXP\system32\config\SAM.sav.LOG
2013-07-19 20:36 - 2011-04-21 11:33 - 00024576 _____ C:\WINXP\system32\config\SAM.bak
2013-07-19 20:35 - 2013-07-19 20:35 - 00000000 ____D C:\WINXP\system32\config\RCCBakup
2013-07-19 20:29 - 2013-07-19 20:29 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\amazon
2013-07-19 20:28 - 2013-07-19 20:28 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-07-19 20:05 - 2012-04-09 09:54 - 00692104 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
2013-07-19 20:05 - 2011-05-13 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== End Of Log ============================
--- --- ---
--- --- ---
SecurityCheck und:
