Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannot run or install any anti-virus software [Solved]


  • This topic is locked This topic is locked

#1
picard

picard

    Member

  • Member
  • PipPip
  • 12 posts

Hi all,

my XP System probabely is infected.

Symptom:
I cannot run or install any anti-virus software.

Any non-anti-virus software is executable.
I tried:

AVG, Avast, Malwaredestroyer, rkill, tdskiller, ...
OTL.exe is the only one that i can start.

I tried 2 boot CDs too.
Kaspersky 10 rescue disk had problems with a database...did not work.
Avira Rescue-Disk was running without problems but did not find any virus.

History:
First suspicious thing was that XP now 'detects' hundreds of SCSI controllers on every start and pops up hardware installation wizard infinitely.
I did not change any hardware components, except some USB devices. No SCSI controller.

Then i randomly used Wireshark an noticed that my PC was communicating with some IP in russia (whois). Though no programs were running. (currently not reproducable, i think it was 94.142.140.90)

Then tried to install anti-virus software....
an here i am.

 

Any help appreciated.

The source of infection is also something i very much would like to know.

 

greets, jo

 

here's the OTL.Txt quick-scan contents. (created with default settings):

-----

OTL logfile created on: 24.10.2014 12:31:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\picard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 74,50% Memory free
3,72 Gb Paging File | 3,40 Gb Available in Paging File | 91,21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,61 Gb Total Space | 255,16 Gb Free Space | 54,80% Space Free | Partition Type: NTFS
 
Computer Name: ENTERPRI-B7D308 | User Name: picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.10.24 12:26:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
PRC - [2013.04.02 05:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.2\bin\pg_ctl.exe
PRC - [2013.04.02 05:27:00 | 004,525,568 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.2\bin\postgres.exe
PRC - [2011.11.05 06:32:34 | 000,094,208 | ---- | M] (Adaptec Incorporated) -- C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe
PRC - [2009.05.08 16:07:40 | 000,114,793 | ---- | M] (http://subversion.tigris.org/) -- C:\Programme\CollabNet Subversion Server\svnserve.exe
PRC - [2008.04.14 09:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.24 22:30:50 | 000,065,024 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2009.04.27 23:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2001.07.31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Programme\LSBWebServer\Jetty-Service.exe -- (LSBWebServer)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Disabled | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2014.07.03 19:12:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.11.02 18:05:40 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.07.03 00:15:41 | 000,535,320 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Programme\OPC-UA\Inductive Automation\Ignition\IgnitionGateway.exe -- (Ignition)
SRV - [2013.05.08 17:09:12 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\VisioControl\Jetty-Service.exe -- (VisioControl)
SRV - [2013.04.02 05:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-9.2)
SRV - [2013.03.01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [Disabled | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2011.11.05 06:32:34 | 000,094,208 | ---- | M] (Adaptec Incorporated) [Auto | Running] -- C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.11.08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.05.08 16:07:40 | 000,114,793 | ---- | M] (http://subversion.tigris.org/) [Auto | Running] -- C:\Programme\CollabNet Subversion Server\svnserve.exe -- (CSVNsvnserve)
SRV - [2008.03.19 13:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\picard\LOKALE~1\Temp\NTFS.sys -- (BS951220212)
DRV - [2014.09.09 18:34:28 | 000,741,488 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2014.09.09 18:32:52 | 000,127,584 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2014.09.09 18:32:52 | 000,117,272 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2014.09.09 18:32:52 | 000,105,472 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2014.05.16 15:24:52 | 000,095,520 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2014.03.19 03:27:24 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014.03.19 03:27:24 | 000,088,832 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.03.30 14:39:41 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2013.03.03 14:13:58 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2013.03.01 03:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2013.01.29 15:00:52 | 000,068,856 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanl4.sys -- (USBCANL4)
DRV - [2013.01.29 15:00:20 | 000,024,824 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanl2.sys -- (USBCANL2)
DRV - [2013.01.29 15:00:10 | 000,026,872 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcanld.sys -- (USBCANLD)
DRV - [2013.01.29 14:59:54 | 000,034,040 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcan.sys -- (USBCAN)
DRV - [2013.01.29 14:59:38 | 000,035,576 | ---- | M] (SYS TEC electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucannet.sys -- (UCANNET)
DRV - [2010.11.08 23:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.15 09:20:56 | 000,061,440 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\com0com.sys -- (com0com)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.12.12 09:23:54 | 000,322,048 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\adp3132.sys -- (adp3132)
DRV - [2007.10.16 19:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.03.06 13:27:00 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.03.06 13:27:00 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005.11.07 19:10:00 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(WLAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\v18.0.2\components [2014.07.03 19:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\v18.0.2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2013.03.03 13:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Extensions
[2014.10.09 02:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions
[2014.09.06 12:49:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.19 11:50:17 | 000,854,402 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.04.19 11:36:03 | 002,298,147 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.07.11 02:03:49 | 000,194,964 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.07.11 02:12:46 | 000,389,107 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\[email protected]
[2014.10.09 02:41:55 | 000,558,509 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2014.07.03 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2014.07.03 19:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}
[2014.07.03 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.07.03 19:12:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.07.03 19:12:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\v18.0.2\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google-aktuell\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013.11.21 03:13:41 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362307452276 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_43)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04BDE12A-8D68-4AD5-AE91-EFE53BB62713}: NameServer = 8.8.8.8,50.23.197.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04F6895-5CD4-4A78-949A-182C27D560C3}: NameServer = 8.8.8.8,59.23.197.95
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.03 11:22:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19c3e677-83f5-11e2-a442-00e04d77ee78}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.10.24 12:21:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
[2014.10.23 22:48:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.10.23 14:59:56 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller(1).exe
[2014.10.23 14:58:02 | 001,944,824 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
[2014.10.19 00:09:13 | 000,000,000 | ---D | C] -- C:\cmdcons
[2014.10.19 00:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.10.19 00:03:35 | 000,368,256 | ---- | C] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
[2014.10.19 00:00:34 | 000,368,256 | ---- | C] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
[2014.10.18 11:28:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014.10.18 10:56:20 | 053,532,144 | ---- | C] (EMCO Software                                               ) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
[2014.10.18 10:33:28 | 053,532,144 | ---- | C] (EMCO Software                                               ) -- C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
[2014.10.18 10:20:54 | 000,519,488 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
[2014.10.18 09:37:43 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
[2014.10.18 09:29:01 | 030,408,704 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
[2014.10.18 01:35:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2014.10.18 01:33:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\avg
[2014.10.18 01:30:03 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
[2014.10.18 01:02:21 | 153,796,568 | ---- | C] (AVG Technologies) -- C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
[2014.10.18 00:23:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
[2014.10.18 00:21:23 | 091,906,368 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
[2014.10.17 23:30:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
[2014.10.17 23:30:20 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2014.10.17 23:28:17 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark
[2014.10.17 23:06:25 | 000,069,880 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl5.sys
[2014.10.17 23:06:25 | 000,068,856 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl4.sys
[2014.10.17 23:06:25 | 000,061,176 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl21.sys
[2014.10.17 23:06:25 | 000,046,328 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl3.sys
[2014.10.17 23:06:25 | 000,035,576 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\ucannet.sys
[2014.10.17 23:06:25 | 000,034,040 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcan.sys
[2014.10.17 23:06:25 | 000,026,872 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanld.sys
[2014.10.17 23:06:25 | 000,024,824 | ---- | C] (SYS TEC electronic GmbH) -- C:\WINDOWS\System32\drivers\usbcanl2.sys
[2014.10.17 23:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\USB-CANmodul Utilities
[2014.10.17 01:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\dkb-oktober
[2014.10.13 23:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\ba
[2014.10.09 02:31:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\re
[2014.10.08 04:39:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\testdll-141008
[2014.10.07 22:22:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\picard\Desktop\testdll
[2014.10.01 16:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual Studio 2010 Express
[2014.10.01 16:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2014.10.01 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2014.10.01 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Merge Modules
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2014.10.24 12:26:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
[2014.10.24 11:48:48 | 000,581,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2014.10.24 11:48:48 | 000,558,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.10.24 11:48:48 | 000,125,818 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2014.10.24 11:48:48 | 000,108,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.10.24 11:44:51 | 000,051,282 | ---- | M] () -- C:\WINDOWS\StorShMem-512-0-evt
[2014.10.24 11:44:39 | 000,124,172 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014.10.24 11:44:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.10.24 11:44:32 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014.10.23 15:31:14 | 000,011,936 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.10.23 15:00:24 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller(1).exe
[2014.10.23 14:58:09 | 001,944,824 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
[2014.10.23 12:54:03 | 000,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
[2014.10.23 12:30:32 | 000,020,117 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2014.10.23 01:01:12 | 000,011,068 | ---- | M] () -- C:\WINDOWS\System32\CFG951220212
[2014.10.19 00:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.10.19 00:03:35 | 000,368,256 | ---- | M] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
[2014.10.19 00:00:35 | 000,368,256 | ---- | M] (RegNow.com) -- C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
[2014.10.18 20:43:37 | 642,560,000 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
[2014.10.18 19:59:07 | 000,110,106 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\imst-landeck.pdf
[2014.10.18 16:29:07 | 338,690,048 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
[2014.10.18 16:29:07 | 338,686,652 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
[2014.10.18 16:26:04 | 306,671,616 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
[2014.10.18 12:10:46 | 000,011,878 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2014.10.18 12:05:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2014.10.18 11:15:58 | 087,018,856 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
[2014.10.18 10:40:45 | 053,532,144 | ---- | M] (EMCO Software                                               ) -- C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
[2014.10.18 10:40:45 | 053,532,144 | ---- | M] (EMCO Software                                               ) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
[2014.10.18 10:21:18 | 000,519,488 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
[2014.10.18 09:51:00 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
[2014.10.18 09:29:01 | 030,408,704 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
[2014.10.18 01:22:47 | 153,796,568 | ---- | M] (AVG Technologies) -- C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
[2014.10.18 00:33:52 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
[2014.10.18 00:33:52 | 091,906,368 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
[2014.10.17 23:53:32 | 004,609,376 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
[2014.10.08 05:14:49 | 000,004,234 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
[2014.10.08 04:35:57 | 000,086,962 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
[2014.10.08 02:34:04 | 000,084,549 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
[2014.10.02 00:31:50 | 000,002,269 | ---- | M] () -- C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2014.10.23 12:54:02 | 000,002,183 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
[2014.10.23 12:30:32 | 000,020,117 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2014.10.19 00:09:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.10.19 00:09:14 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2014.10.18 19:58:33 | 000,110,106 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\imst-landeck.pdf
[2014.10.18 19:54:22 | 642,560,000 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
[2014.10.18 15:06:13 | 306,671,616 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
[2014.10.18 13:49:02 | 338,690,048 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
[2014.10.18 12:31:54 | 338,686,652 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
[2014.10.18 11:04:07 | 087,018,856 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
[2014.10.17 23:53:32 | 004,609,376 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
[2014.10.17 23:28:24 | 000,001,465 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk
[2014.10.08 05:13:37 | 000,004,234 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
[2014.10.08 04:35:56 | 000,086,962 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
[2014.10.08 02:34:04 | 000,084,549 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
[2014.10.02 00:31:50 | 000,002,269 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
[2014.07.19 00:20:22 | 000,027,296 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014.05.01 20:06:44 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.04.30 19:47:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2014.04.30 19:47:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2014.04.30 19:47:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2014.04.30 19:47:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014.04.30 19:47:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2014.04.17 12:12:45 | 001,755,400 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1343024091-287218729-682003330-1003-0.dat
[2014.04.17 12:12:45 | 000,170,638 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2014.04.05 18:25:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014.03.24 21:07:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\lmd010util.exe
[2014.02.06 02:43:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\midas.dll
[2013.10.19 00:31:55 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2013.10.17 23:50:00 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\EEPROM_HP.BIN
[2013.06.23 12:51:01 | 000,001,447 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\.h2.server.properties
[2013.05.21 10:28:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2013.05.21 10:28:35 | 000,020,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2013.04.11 10:57:46 | 000,000,937 | -H-- | C] () -- C:\Dokumente und Einstellungen\picard\.gitk
[2013.04.11 09:37:18 | 000,000,117 | ---- | C] () -- C:\Dokumente und Einstellungen\picard\.gitconfig
[2013.03.30 15:22:05 | 001,183,089 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013.03.30 15:22:05 | 000,159,765 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013.03.30 14:40:00 | 000,004,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\A3396D81.bin
[2013.03.30 14:38:52 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2013.03.19 03:43:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.03.03 11:34:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013.03.03 11:32:51 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2013.03.03 11:24:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.03.03 11:19:35 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013.03.03 11:14:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.03.03 11:13:47 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.01 03:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.04.14 09:00:00 | 000,000,242 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\PBS951220212.ini
[2008.04.14 09:00:00 | 000,000,242 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PBS951220212.ini
 
========== ZeroAccess Check ==========
 
[2013.03.06 02:19:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 09:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.01 22:54:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2014.05.04 12:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2014.10.18 10:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2013.09.27 23:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Navigator
[2014.05.30 22:25:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2014.10.17 07:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\AIMP3
[2013.04.01 23:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Canon
[2014.05.04 12:30:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\elsterformular
[2014.07.29 04:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\FileZilla
[2013.03.03 13:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Foxit
[2013.03.03 11:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\FreeCommander
[2013.05.19 17:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\ImgBurn
[2013.09.05 14:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\ISTool
[2014.06.11 03:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Lamtec
[2013.03.03 13:52:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mael
[2014.04.30 01:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\MPC-HC
[2013.09.27 23:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Navigator
[2013.03.03 16:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\NetBeans
[2013.03.03 11:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Notepad++
[2013.03.20 01:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\OpenOffice.org
[2013.06.14 10:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\PacificPoker
[2013.03.03 14:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\pdfforge
[2013.05.08 22:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\postgresql
[2014.05.30 22:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Samsung
[2013.03.03 14:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Subversion
[2014.10.17 23:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\SYSTEC-electronic
[2013.03.03 17:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Thunderbird
[2013.03.03 14:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\TrueCrypt
[2014.10.18 00:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
[2014.07.29 04:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\picard\Anwendungsdaten\WSOP.com
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


I'd like you to perform a scan with a different scanner.


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#3
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Naat,

 

thank you for the fast reply.

I downloaded and executed frst.exe

Here are the 2 output txt files from this tool.

Forgot to mention that even in 'safe mode' i cannot run any of the well known anti-virus tools.

And one more thing: i'm using a hardware raid-1 (adaptec)

 

Greets, jo

 

FRST.txt

-----------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by picard (administrator) on ENTERPRI-B7D308 on 24-10-2014 14:24:03
Running from C:\Dokumente und Einstellungen\picard\Desktop
Loaded Profile: picard (Available profiles: picard & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adaptec Incorporated) C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe
(http://subversion.tigris.org/) C:\Programme\CollabNet Subversion Server\svnserve.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2008-04-14] ( (Microsoft Corporation))
HKU\S-1-5-21-1343024091-287218729-682003330-1003\...\MountPoints2: {19c3e677-83f5-11e2-a442-00e04d77ee78} - H:\PMBP_Win.exe
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362307452276
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{04BDE12A-8D68-4AD5-AE91-EFE53BB62713}: [NameServer] 8.8.8.8,50.23.197.95
Tcpip\..\Interfaces\{D04F6895-5CD4-4A78-949A-182C27D560C3}: [NameServer] 8.8.8.8,59.23.197.95

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Automatic Save Folder - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2013-05-19]
FF Extension: Firebug - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2013-03-22]
FF Extension: Language Pack Install Helper - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2014-07-11]
FF Extension: Deutsch (DE) Language Pack - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2014-07-11]
FF Extension: UnMHT - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2013-03-15]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} [2014-07-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-06]

Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-03]
CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-03]
CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptecStorageManagerAgent; C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe [94208 2011-11-05] (Adaptec Incorporated) [File not signed]
R2 CSVNsvnserve; C:\Programme\CollabNet Subversion Server\svnserve.exe [114793 2009-05-08] (http://subversion.tigris.org/) [File not signed]
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S3 Ignition; C:\Programme\OPC-UA\Inductive Automation\Ignition\IgnitionGateway.exe [535320 2013-07-03] (Tanuki Software, Ltd.) [File not signed]
S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-11-02] (Oracle Corporation)
S4 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-03] (Mozilla Foundation)
S4 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-21] (Microsoft Corporation)
S3 OpenVPNService; C:\Programme\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
S4 PMBDeviceInfoProvider; C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe [398176 2010-11-27] (Sony Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [254808 2009-03-30] (Microsoft Corporation)
S4 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840 2008-07-10] (Microsoft Corporation)
S3 VisioControl; C:\Programme\VisioControl\Jetty-Service.exe [204800 2013-05-08] () [File not signed]
S4 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 LSBWebServer; C:\Programme\LSBWebServer\Jetty-Service.exe -s C:\Programme\LSBWebServer\jetty-service.conf
R2 postgresql-9.2; C:/Programme/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Programme/PostgreSQL/9.2/data" -w [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 adp3132; C:\WINDOWS\System32\drivers\adp3132.sys [322048 2007-12-12] (Adaptec, Inc.) [File not signed]
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
R3 com0com; C:\WINDOWS\System32\DRIVERS\com0com.sys [61440 2009-12-15] (Vyacheslav Frolov) [File not signed]
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
R3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58752 2007-03-06] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-03-06] (NVIDIA Corporation)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project) [File not signed]
S3 UCANNET; C:\WINDOWS\System32\DRIVERS\ucannet.sys [35576 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCAN; C:\WINDOWS\System32\DRIVERS\usbcan.sys [34040 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANL2; C:\WINDOWS\System32\DRIVERS\usbcanl2.sys [24824 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANL4; C:\WINDOWS\System32\DRIVERS\usbcanl4.sys [68856 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANLD; C:\WINDOWS\System32\DRIVERS\usbcanld.sys [26872 2013-01-29] (SYS TEC electronic GmbH)
R1 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [25344 2008-03-29] (Elaborate Bytes AG) [File not signed]
R2 XHASP; c:\windows\system32\drivers\XHASP.sys [259584 2013-03-30] () [File not signed]
S3 ZD1211BU(WLAN); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [402432 2005-11-07] (ZyDAS Technology Corporation) [File not signed]
S3 BS951220212; \??\C:\DOKUME~1\picard\LOKALE~1\Temp\NTFS.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 14:24 - 2014-10-24 14:24 - 00013944 _____ () C:\Dokumente und Einstellungen\picard\Desktop\FRST.txt
2014-10-24 14:23 - 2014-10-24 14:24 - 00000000 ____D () C:\FRST
2014-10-24 14:21 - 2014-10-24 14:21 - 01103360 _____ (Farbar) C:\Dokumente und Einstellungen\picard\Desktop\FRST.exe
2014-10-24 12:36 - 2014-10-24 12:36 - 00082942 _____ () C:\Dokumente und Einstellungen\picard\Desktop\OTL.Txt
2014-10-24 12:36 - 2014-10-24 12:36 - 00047374 _____ () C:\Dokumente und Einstellungen\picard\Desktop\Extras.Txt
2014-10-24 12:21 - 2014-10-24 12:26 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
2014-10-23 14:59 - 2014-10-23 15:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller(1).exe
2014-10-23 14:58 - 2014-10-23 14:58 - 01944824 _____ (Bleeping Computer, LLC) C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
2014-10-23 12:54 - 2014-10-23 12:54 - 00002183 _____ () C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
2014-10-23 12:30 - 2014-10-23 12:30 - 00020117 _____ () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
2014-10-23 00:46 - 2014-10-23 00:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
2014-10-23 00:46 - 2014-10-23 00:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
2014-10-23 00:46 - 2014-10-23 00:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
2014-10-19 00:09 - 2014-10-19 00:09 - 00000000 ____D () C:\cmdcons
2014-10-19 00:09 - 2014-10-18 12:05 - 00000211 _____ () C:\Boot.bak
2014-10-19 00:09 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-10-19 00:05 - 2014-10-19 00:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-19 00:03 - 2014-10-19 00:03 - 00368256 _____ (RegNow.com) C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
2014-10-19 00:00 - 2014-10-19 00:00 - 00368256 _____ (RegNow.com) C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
2014-10-18 19:54 - 2014-10-18 20:43 - 642560000 _____ () C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
2014-10-18 15:06 - 2014-10-18 16:26 - 306671616 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
2014-10-18 13:49 - 2014-10-18 16:29 - 338690048 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
2014-10-18 12:31 - 2014-10-18 16:29 - 338686652 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
2014-10-18 11:39 - 2014-10-18 11:44 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2014-10-18 11:39 - 2014-10-18 11:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2014-10-18 11:38 - 2014-10-18 11:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lamtec
2014-10-18 11:35 - 2014-10-23 00:47 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2014-10-18 11:35 - 2014-10-23 00:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-10-18 11:35 - 2014-10-23 00:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-10-18 11:35 - 2014-10-23 00:45 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\TSVNCache
2014-10-18 11:35 - 2014-10-18 11:44 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-10-18 11:35 - 2014-10-18 11:35 - 00000000 __SHD () C:\Dokumente und Einstellungen\Administrator\IETldCache
2014-10-18 11:35 - 2014-10-18 11:35 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Subversion
2014-10-18 11:35 - 2013-03-03 11:22 - 00001599 _____ () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2014-10-18 11:35 - 2013-03-03 11:22 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
2014-10-18 11:35 - 2013-03-03 11:14 - 00000000 __SHD () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf
2014-10-18 11:35 - 2013-03-03 11:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
2014-10-18 11:35 - 2013-03-03 11:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü
2014-10-18 11:35 - 2013-03-03 11:14 - 00000000 ___HD () C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2014-10-18 11:35 - 2013-03-03 11:14 - 00000000 ___HD () C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2014-10-18 11:28 - 2014-10-23 00:52 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-18 11:04 - 2014-10-18 11:15 - 87018856 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
2014-10-18 10:56 - 2014-10-18 10:40 - 53532144 _____ (EMCO Software ) C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
2014-10-18 10:44 - 2014-10-18 10:44 - 00000035 _____ () C:\Dokumente und Einstellungen\picard\Desktop\saegemuehle.txt
2014-10-18 10:33 - 2014-10-18 10:40 - 53532144 _____ (EMCO Software ) C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
2014-10-18 10:20 - 2014-10-18 10:21 - 00519488 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
2014-10-18 09:37 - 2014-10-18 09:51 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
2014-10-18 09:29 - 2014-10-18 09:29 - 30408704 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
2014-10-18 01:59 - 2014-10-18 01:59 - 00000050 _____ () C:\Dokumente und Einstellungen\picard\Desktop\avg-code.txt
2014-10-18 01:35 - 2014-10-18 10:14 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
2014-10-18 01:33 - 2014-10-18 01:34 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\avg
2014-10-18 01:30 - 2014-10-18 00:33 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
2014-10-18 01:02 - 2014-10-18 01:22 - 153796568 _____ (AVG Technologies) C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
2014-10-18 00:23 - 2014-10-18 00:24 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
2014-10-18 00:21 - 2014-10-18 00:33 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-10-17 23:53 - 2014-10-17 23:53 - 04609376 _____ () C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
2014-10-17 23:30 - 2014-10-17 23:30 - 00000000 ____D () C:\Programme\WinPcap
2014-10-17 23:30 - 2014-10-17 23:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
2014-10-17 23:28 - 2014-10-17 23:30 - 00000000 ____D () C:\Programme\Wireshark
2014-10-17 23:28 - 2014-10-17 23:28 - 00001465 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk
2014-10-17 23:06 - 2014-10-17 23:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\USB-CANmodul Utilities
2014-10-17 23:06 - 2013-01-29 15:01 - 00069880 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl5.sys
2014-10-17 23:06 - 2013-01-29 15:01 - 00061176 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl21.sys
2014-10-17 23:06 - 2013-01-29 15:00 - 00068856 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl4.sys
2014-10-17 23:06 - 2013-01-29 15:00 - 00046328 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl3.sys
2014-10-17 23:06 - 2013-01-29 15:00 - 00026872 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanld.sys
2014-10-17 23:06 - 2013-01-29 15:00 - 00024824 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl2.sys
2014-10-17 23:06 - 2013-01-29 14:59 - 00035576 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\ucannet.sys
2014-10-17 23:06 - 2013-01-29 14:59 - 00034040 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcan.sys
2014-10-17 23:06 - 2008-03-27 15:49 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01007.dll
2014-10-17 01:34 - 2014-10-17 01:35 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\dkb-oktober
2014-10-15 05:00 - 2014-10-15 05:07 - 00000314 _____ () C:\Dokumente und Einstellungen\picard\Desktop\pkr-sept.txt
2014-10-13 23:02 - 2014-10-13 23:04 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\ba
2014-10-12 01:19 - 2014-10-12 02:01 - 00001583 _____ () C:\Dokumente und Einstellungen\picard\Desktop\INTERFACE.txt
2014-10-09 02:31 - 2014-10-09 03:17 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\re
2014-10-08 05:13 - 2014-10-08 05:14 - 00004234 _____ () C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
2014-10-08 04:39 - 2014-10-08 04:39 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\testdll-141008
2014-10-08 04:35 - 2014-10-08 04:35 - 00086962 _____ () C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
2014-10-08 02:34 - 2014-10-08 02:34 - 00084549 _____ () C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
2014-10-07 22:22 - 2014-10-07 22:50 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\testdll
2014-10-02 00:31 - 2014-10-02 00:31 - 00002269 _____ () C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
2014-10-01 16:57 - 2014-10-01 16:57 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual Studio 2010 Express
2014-10-01 16:55 - 2014-10-01 16:55 - 00000000 ____D () C:\WINDOWS\symbols
2014-10-01 16:55 - 2014-10-01 16:55 - 00000000 ____D () C:\Programme\Microsoft SDKs
2014-10-01 16:55 - 2014-10-01 16:55 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Merge Modules

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 14:24 - 2013-03-03 11:25 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Temp
2014-10-24 14:23 - 2014-04-05 18:12 - 06860456 _____ () C:\WINDOWS\setupapi.log
2014-10-24 12:15 - 2013-03-03 11:14 - 00000000 ___RD () C:\Programme
2014-10-24 12:12 - 2013-03-03 11:21 - 01363024 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-24 11:48 - 2013-03-03 11:14 - 01396398 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-24 11:44 - 2013-03-08 00:25 - 00051282 _____ () C:\WINDOWS\StorShMem-512-0-evt
2014-10-24 11:44 - 2013-03-03 11:35 - 00124172 _____ () C:\WINDOWS\system32\nvapps.xml
2014-10-24 11:44 - 2013-03-03 11:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-24 11:44 - 2013-03-03 11:17 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-24 11:44 - 2013-03-03 11:17 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-24 11:44 - 2013-03-03 11:13 - 00135664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-24 11:41 - 2013-03-03 11:25 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-24 11:41 - 2013-03-03 11:25 - 00000190 ___SH () C:\Dokumente und Einstellungen\picard\ntuser.ini
2014-10-23 15:31 - 2008-04-14 09:00 - 00011936 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-23 12:30 - 2013-03-04 10:48 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\.gimp-2.8
2014-10-23 01:01 - 2014-09-11 00:36 - 00011068 _____ () C:\WINDOWS\system32\CFG951220212
2014-10-19 00:09 - 2013-03-03 12:12 - 00000327 __RSH () C:\boot.ini
2014-10-18 13:38 - 2013-03-03 11:13 - 00249115 _____ () C:\WINDOWS\setupact.log
2014-10-18 12:10 - 2013-03-04 10:36 - 00011878 _____ () C:\WINDOWS\system32\wpa.bak
2014-10-18 12:05 - 2008-04-14 09:00 - 00000498 _____ () C:\WINDOWS\win.ini
2014-10-18 12:05 - 2008-04-14 09:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-18 10:44 - 2013-03-03 15:44 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\.VirtualBox
2014-10-17 23:30 - 2013-03-03 11:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-10-17 23:06 - 2014-01-23 03:10 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\SYSTEC-electronic
2014-10-17 23:06 - 2014-01-21 14:37 - 00000000 ____D () C:\Programme\SYSTEC-electronic
2014-10-17 23:06 - 2013-03-03 12:28 - 00311984 _____ () C:\WINDOWS\DPINST.LOG
2014-10-17 07:34 - 2014-04-17 12:12 - 01755400 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1343024091-287218729-682003330-1003-0.dat
2014-10-17 07:34 - 2014-04-17 12:12 - 00170638 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2014-10-17 07:33 - 2013-03-15 23:12 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\AIMP3
2014-10-17 05:33 - 2013-05-19 10:14 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Eigene Dateien\888poker
2014-10-16 00:26 - 2013-03-30 20:42 - 00000000 ____D () C:\No23Recorder
2014-10-15 03:12 - 2014-04-17 11:45 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Eigene Dateien\Visual Studio 2010
2014-10-10 01:32 - 2013-08-29 00:10 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\TGitCache
2014-10-05 12:53 - 2014-08-10 22:37 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\TVB
2014-10-01 17:36 - 2013-03-06 02:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-01 16:56 - 2014-09-17 18:12 - 00000000 ____D () C:\Programme\Microsoft Visual Studio 10.0
2014-10-01 16:55 - 2013-03-06 02:20 - 00000000 ____D () C:\Programme\MSBuild
2014-10-01 16:46 - 2013-03-06 02:22 - 00000000 ____D () C:\Programme\Microsoft.NET
2014-10-01 16:46 - 2013-03-03 11:14 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Addition.txt:

---------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by picard at 2014-10-24 14:24:34
Running from C:\Dokumente und Einstellungen\picard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
888poker (HKLM\...\888poker) (Version:  - )
Adaptec Storage Manager (HKLM\...\{E0082066-E6E7-4567-AE83-4DA31B3F1171}) (Version: 7.30.00.18837 - PMC-Sierra, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
AIMP3 (HKLM\...\AIMP3) (Version: v3.20.1155, 16.11.2012 - AIMP DevTeam)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
Beck CLIB libraries V2.24 / RTOS documentation [29.11.2012] (HKLM\...\Beck CLIB/RTOS documentation_is1) (Version:  - Beck IPC GmbH)
BitNami Redmine Stack (HKLM\...\BitNami Redmine Stack 2.3.2-0) (Version: 2.3.2-0 - BitNami)
bsim 1.7.0.0 (HKLM\...\{F6F4A5C9-C20E-4669-8358-7B34F94A71D5}_is1) (Version:  - LAMTEC GmbH & Co. KG)
Canon MP Navigator 3.0 (HKLM\...\MP Navigator 3.0) (Version:  - )
Canon MP160 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160) (Version:  - )
CollabNet Subversion Client 1.6.2 (HKLM\...\CollabNet Subversion Client) (Version: 1.6.2 - CollabNet)
CollabNet Subversion Server 1.6.2 (HKLM\...\CollabNet Subversion Server) (Version: 1.6.2 - CollabNet)
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
FMS/VMS/ETA Remote Software Version 1.1.0.0 franç.[Service] (HKLM\...\{REMOTESW-441F-A831-8D3F59D74B8A}_is1) (Version:  - Lamtec GmbH & Co KG)
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
FreeCommander 2009.02 (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Git version 1.7.11-preview20120710 (HKLM\...\Git_is1) (Version: 1.7.11-preview20120710 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 20.0.1132.57 - Google Inc.)
Google Update Helper (Version: 1.3.21.99 - Google Inc.) Hidden
H2 (HKCU\...\H2) (Version:  - )
HASP SRM Run-time (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.10.1.6921 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)
Hotfix für Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
HxD Hex Editor Version 1.7.6.4 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.6.4 - Maël Hörz)
Ignition (HKLM\...\Ignition 7.6.2) (Version: 7.6.2 - Inductive Automation)
Ignition Designer (HKCU\...\Ignition Designer) (Version:  - Inductive Automation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inno Setup QuickStart Pack version 5.2.2 (HKLM\...\Inno Setup 5_is1) (Version: 5.2.2 - Martijn Laan)
ISTool 5.3.0.1 (HKLM\...\{A9E12684-DD23-4D11-ACAF-6041954BCA00}_is1) (Version: 5.3.0.1 - Bjørnar Henden)
IzPack 4.3.5 (HKLM\...\IzPack 4.3.5) (Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ 6 Update 43 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216043FF}) (Version: 6.0.430 - Oracle)
Java™ SE Development Kit 6 Update 43 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
LAMTEC NEMS Config 1.8.0.0 (HKLM\...\{F7261A98-2A90-44BA-B915-419D525B9073}_is1) (Version: 1.8.0.0 - LAMTEC GmbH & Co KG)
LMD-Tools (Source) (remove only) (HKLM\...\LMD-Tools (Source)) (Version:  - LMD Innovative)
LSB Remote Software v1.12.1.1 (HKLM\...\{331845FD-9282-430F-ABAD-1CF41F2E6962}_is1) (Version:  - LAMTEC GmbH & Co. KG)
LSB Spy 0.12.0.0 (HKLM\...\{C9F3F804-0947-4CFE-857D-4D0BD19F26D4}_is1) (Version:  - LAMTEC GmbH & Co. KG)
LTVisu Version 1.0.9.2 (HKLM\...\{16912A83-753A-4BC5-9A6E-22E498B254DA}_is1) (Version:  - Lamtec GmbH & Co.KG)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{1C2B3CEA-482E-4453-B3E2-C9731337828A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mozilla Firefox 18.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0.2 (x86 en-US)) (Version: 18.0.2 - Mozilla)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetBeans IDE 7.3 (HKLM\...\nbi-nb-base-7.3.0.0.201302132200) (Version: 7.3 - NetBeans.org)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.8 - )
Null-modem emulator (com0com) (HKLM\...\com0com) (Version: 2.2.2.0 - Vyacheslav Frolov)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.1.4 (HKLM\...\OpenVPN) (Version: 2.1.4 - )
Oracle VM VirtualBox 4.3.16 (HKLM\...\{346795FE-9B53-48C0-A8E7-CC54B7EF7C1F}) (Version: 4.3.16 - Oracle Corporation)
Paradigm C++ Beck IPC Edition (HKLM\...\{7FFD5E34-9392-4B28-8420-38907C84B4E0}) (Version: 7.0 - Beck IPC Edition by Paradigm Systems Inc.)
Paradox Data Editor (HKLM\...\Paradox Data Editor_is1) (Version:  - )
ParamWriter 1.0.6.1 (HKLM\...\{1FE490B8-4306-42E3-A902-89C395178FE8}_is1) (Version:  - LAMTEC GmbH & Co.KG)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5497 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG CDMA Modem Driver Set (HKLM\...\SAMSUNG CDMA Modem) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.0.1.60510 - Samsung Electronics Co., Ltd.)
Samsung PC Studio (Version: 3.0.0.60510 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821-v2) (HKLM\...\KB2803821-v2_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Titan Poker (HKLM\...\Titan Poker) (Version:  - )
TortoiseGit 1.7.3.0 (32 bit) (HKLM\...\{F13E072A-D423-485E-A777-EF64BA796D6A}) (Version: 1.7.3.0 - TortoiseGit)
TortoiseSVN 1.6.16.21511 (32 bit) (HKLM\...\{0DB06704-7DB8-43FC-BE1D-8ACFEFA85C43}) (Version: 1.6.21511 - TortoiseSVN)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UI300 Simulator 3.4.0.0 (HKLM\...\{7E309445-AD8E-41C1-991C-FE9F0EBC65E2}_is1) (Version: 3.4.0.0 - Lamtec GmbH & Co. KG)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{9AA2D735-3375-42D4-9A61-3FFEF82599D6}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB-CANmodul Utility Disk V4.18 (HKLM\...\USB-CANmodul Utility Disk_is1) (Version: 4.18 - SYS TEC electronic GmbH)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows-Treiberpaket - SYS TEC electronic GmbH (USBCANLD) USB-CAN-Hardware  (01/29/2013 4.18.0.0) (HKLM\...\7E05E253EF12661BA9FC845DDE1C37874E200246) (Version: 01/29/2013 4.18.0.0 - SYS TEC electronic GmbH)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.10 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.10 - The Wireshark developer community, http://www.wireshark.org)
WSOP.com (HKLM\...\WSOP.com) (Version:  - )
wxWidgets 3.0.1 (HKLM\...\wxWidgets_is1) (Version:  - wxWidgets)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.4 - X Codec Pack team)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarAPI.dll No File

==================== Restore Points  =========================

18-10-2014 22:12:27 Systemprüfpunkt
22-10-2014 22:18:49 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 09:00 - 2013-11-21 03:13 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2013-10-19 00:31 - 2001-07-31 09:17 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2011-08-24 22:30 - 2011-08-24 22:30 - 00065024 _____ () C:\Programme\TortoiseGit\bin\zlib132.dll
2009-04-27 23:49 - 2009-04-27 23:49 - 00093696 _____ () C:\Programme\FileZilla FTP Client\fzshellext.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00296448 _____ () C:\Programme\Notepad++\NppShell_04.dll
2007-07-23 18:44 - 2008-05-16 15:01 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2014-07-03 19:12 - 2014-07-03 19:12 - 03852912 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
2013-07-02 00:49 - 2013-07-02 00:49 - 16033160 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: KiesTrayAgent => C:\Programme\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-1343024091-287218729-682003330-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-1343024091-287218729-682003330-1004 - Limited - Enabled)
Gast (S-1-5-21-1343024091-287218729-682003330-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-1343024091-287218729-682003330-1000 - Limited - Disabled)
picard (S-1-5-21-1343024091-287218729-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\picard
SUPPORT_388945a0 (S-1-5-21-1343024091-287218729-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA nForce Networking Controller
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SCSI-Controller
Description: SCSI-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 11:05:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung thunderbird.exe, Version 24.4.0.5188, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (10/23/2014 11:02:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung thunderbird.exe, Version 24.4.0.5188, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (10/23/2014 11:01:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung thunderbird.exe, Version 24.4.0.5188, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (10/18/2014 04:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung chrome.exe, Version 35.0.1916.153, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Betriebssystemfehler 2(Das System kann die angegebene Datei nicht finden.) beim Erstellen oder Öffnen der Datei 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBLog.ldf'. Diagnostizieren und korrigieren Sie den Betriebssystemfehler, und wiederholen Sie den Vorgang.

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Betriebssystemfehler 2(Das System kann die angegebene Datei nicht finden.) beim Erstellen oder Öffnen der Datei 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\modellog.ldf'. Diagnostizieren und korrigieren Sie den Betriebssystemfehler, und wiederholen Sie den Vorgang.

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failed: Die Datei e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBData.mdf für die Dateinummer 1 konnte nicht geöffnet werden. Betriebssystemfehler: 21(Das Gerät ist nicht bereit.).

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failed: Die Datei e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\model.mdf für die Dateinummer 1 konnte nicht geöffnet werden. Betriebssystemfehler: 21(Das Gerät ist nicht bereit.).

Error: (10/18/2014 11:21:10 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Betriebssystemfehler 2(Das System kann die angegebene Datei nicht finden.) beim Erstellen oder Öffnen der Datei 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBLog.ldf'. Diagnostizieren und korrigieren Sie den Betriebssystemfehler, und wiederholen Sie den Vorgang.

Error: (10/18/2014 11:21:10 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Betriebssystemfehler 2(Das System kann die angegebene Datei nicht finden.) beim Erstellen oder Öffnen der Datei 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\modellog.ldf'. Diagnostizieren und korrigieren Sie den Betriebssystemfehler, und wiederholen Sie den Vorgang.


System errors:
=============
Error: (10/24/2014 00:15:29 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.0.0.2 für die Netzwerkkarte mit der Netzwerkadresse 00FFC7BECB37 wurde durch
den DHCP-Server 10.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (10/23/2014 10:50:48 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.20.94 für die Netzwerkkarte mit der Netzwerkadresse 00FFC7BECB37 wurde durch
den DHCP-Server 10.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (10/23/2014 07:08:40 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/23/2014 07:08:40 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"0.europe.pool.ntp.org,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/23/2014 07:08:40 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/23/2014 07:08:40 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"0.europe.pool.ntp.org,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/23/2014 06:51:28 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/23/2014 06:51:28 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"0.europe.pool.ntp.org,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/23/2014 06:51:28 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/23/2014 06:51:28 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"0.europe.pool.ntp.org,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (10/23/2014 11:05:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.4.0.5188hungapp0.0.0.000000000

Error: (10/23/2014 11:02:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.4.0.5188hungapp0.0.0.000000000

Error: (10/23/2014 11:01:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.4.0.5188hungapp0.0.0.000000000

Error: (10/18/2014 04:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.153hungapp0.0.0.000000000

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles2(Das System kann die angegebene Datei nicht finden.)e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBLog.ldf

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles2(Das System kann die angegebene Datei nicht finden.)e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\modellog.ldf

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failede:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBData.mdf121(Das Gerät ist nicht bereit.)

Error: (10/18/2014 11:25:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failede:\sql10_main_t\sql\mkmastr\databases\objfre\i386\model.mdf121(Das Gerät ist nicht bereit.)

Error: (10/18/2014 11:21:10 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles2(Das System kann die angegebene Datei nicht finden.)e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\MSDBLog.ldf

Error: (10/18/2014 11:21:10 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles2(Das System kann die angegebene Datei nicht finden.)e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\modellog.ldf


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 45%
Total physical RAM: 1918.36 MB
Available physical RAM: 1050.54 MB
Total Pagefile: 3811.71 MB
Available Pagefile: 3124.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.61 GB) (Free:255.71 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.6 GB) (Disk ID: 8BAD8BAD)
Partition 1: (Active) - (Size=465.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!


  • 0

#5
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi.

unfortunately RogueKiller and aswMBR cannot be started (like nearly all other anti-virus software).

Seems to be a real clever virus ;)

Actually no anti-virus software is running on my system.

Any other suggestions ?

Greets, Jo


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

So far I am not very sure that it's malware. 

 

Are you able to boot your machine info safe mode and try running RogueKiller there?


  • 0

#7
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I cannot boot into normal safe mode.

--> Bluescreen ..."STOP: 0x000000C5 (0x006E0067, 2, 1, 0x805515A1)"

But i can boot into safe mode with networking.

But also in safe mode (with networking) both tools cannot be started (RogueKiller + aswMBR)


  • 0

#8
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
 
OK, let's see if you will be able to run gmer.


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.
  • 0

#9
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

GMER is startable.

but even in safe mode it always cause a bluescreen or freezes windows.

been trying for some hours now...

unchecking ''Devices' did not help.

Bluescreen always with different message.

Here is the log from (rootkit) Pre-Scan:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-26 13:49:23
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\adp31321Port4Path0TargetbLun0 ADAPTEC_ rev.1.0_ 465,63GB
Running: 3dp0k37q.exe; Driver: C:\DOKUME~1\picard\LOKALE~1\Temp\kgriqpob.sys


---- System - GMER 2.1 ----

SSDT      \WINDOWS\system32\ntkrnlpa.exe                              ZwCreateKey [0x804D7FEC]
SSDT      \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FEC]  ZwCreateKey [0x804D7FEC]
SSDT      \WINDOWS\system32\ntkrnlpa.exe                              ZwOpenKey [0x804D7FF1]
SSDT      \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FF1]  ZwOpenKey [0x804D7FF1]

INT 0x03  \WINDOWS\system32\ntkrnlpa.exe[unknown section]             804D7FFB

---- EOF - GMER 2.1 ----

 

sometimes i'm getting this msg:

 

AttachedDevice  \FileSystem\Fastfat \Fat                                     fltMgr.sys


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
OK, let's try to do something little more invasive.


Windows-System-Restore-Point.png Create a System Restore Point

Creating and maintaining System Restore Points is a backup plan if something would go wrong. Better to be safe than sorry.

  • Press the WindowsKey.png key and go to Help and Support menu.
  • Click Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next.
  • Name it somehow (like Fresh Restore Point) and then click Create, then Close.

You may now close the Help and Support Center.


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CLoseProcesses:
    S3 BS951220212; \??\C:\DOKUME~1\picard\LOKALE~1\Temp\NTFS.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.


  • 0

Advertisements


#11
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi,

below the Fixlog.txt of FRST.exe

Seems like everything was executed correctly.

But unfortunately i still cannot run or install all that antivirus tools.

 

Additionally to creating a system-restore-point i've already backed up all my data to some external usb drive.

If for some reason any of your fixes will totally crash my machine, i think i could live with it ;)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2014
Ran by picard at 2014-10-27 09:36:05 Run:1
Running from C:\Dokumente und Einstellungen\picard\Desktop
Loaded Profile: picard (Available profiles: picard & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CLoseProcesses:
S3 BS951220212; \??\C:\DOKUME~1\picard\LOKALE~1\Temp\NTFS.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
EmptyTemp:
end
*****************

Processes closed successfully.
BS951220212 => Service deleted successfully.
cerc6 => Service deleted successfully.
IntelIde => Service deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}" => Key deleted successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Additionally to creating a system-restore-point i've already backed up all my data to some external usb drive.
If for some reason any of your fixes will totally crash my machine, i think i could live with it ;)

 
Wise move, however I will not intentionally do anything that would break it. I'm always trying to be careful.
 
 
I don't see a loading point which may be able to hinder the tools/AV's running. Give me a fresh look.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#13
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

sorry for the delay - long day at work...

here's current logs of FRST.exe:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by picard (administrator) on ENTERPRI-B7D308 on 27-10-2014 23:02:47
Running from C:\Dokumente und Einstellungen\picard\Desktop
Loaded Profile: picard (Available profiles: picard & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adaptec Incorporated) C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe
(http://subversion.tigris.org/) C:\Programme\CollabNet Subversion Server\svnserve.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2008-04-14] ( (Microsoft Corporation))
HKU\S-1-5-21-1343024091-287218729-682003330-1003\...\MountPoints2: {19c3e677-83f5-11e2-a442-00e04d77ee78} - H:\PMBP_Win.exe
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362307452276
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{04BDE12A-8D68-4AD5-AE91-EFE53BB62713}: [NameServer] 8.8.8.8,50.23.197.95
Tcpip\..\Interfaces\{D04F6895-5CD4-4A78-949A-182C27D560C3}: [NameServer] 8.8.8.8,59.23.197.95

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Automatic Save Folder - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2013-05-19]
FF Extension: Firebug - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2013-03-22]
FF Extension: Language Pack Install Helper - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2014-07-11]
FF Extension: Deutsch (DE) Language Pack - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\[email protected] [2014-07-11]
FF Extension: UnMHT - C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Mozilla\Firefox\Profiles\midhw9me.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2013-03-15]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} [2014-10-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-06]

Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-03]
CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-03]
CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptecStorageManagerAgent; C:\Programme\Adaptec\Adaptec Storage Manager\StorServ.exe [94208 2011-11-05] (Adaptec Incorporated) [File not signed]
R2 CSVNsvnserve; C:\Programme\CollabNet Subversion Server\svnserve.exe [114793 2009-05-08] (http://subversion.tigris.org/) [File not signed]
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S3 Ignition; C:\Programme\OPC-UA\Inductive Automation\Ignition\IgnitionGateway.exe [535320 2013-07-02] (Tanuki Software, Ltd.) [File not signed]
S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-11-02] (Oracle Corporation)
S4 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-10-26] (Mozilla Foundation)
S4 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-21] (Microsoft Corporation)
S3 OpenVPNService; C:\Programme\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
S4 PMBDeviceInfoProvider; C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe [398176 2010-11-27] (Sony Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [254808 2009-03-30] (Microsoft Corporation)
S4 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840 2008-07-10] (Microsoft Corporation)
S3 VisioControl; C:\Programme\VisioControl\Jetty-Service.exe [204800 2013-05-08] () [File not signed]
S4 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 LSBWebServer; C:\Programme\LSBWebServer\Jetty-Service.exe -s C:\Programme\LSBWebServer\jetty-service.conf
R2 postgresql-9.2; C:/Programme/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Programme/PostgreSQL/9.2/data" -w [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 adp3132; C:\WINDOWS\System32\drivers\adp3132.sys [322048 2007-12-12] (Adaptec, Inc.) [File not signed]
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
R3 com0com; C:\WINDOWS\System32\DRIVERS\com0com.sys [61440 2009-12-15] (Vyacheslav Frolov) [File not signed]
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58752 2007-03-06] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-03-06] (NVIDIA Corporation)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-11-08] (The OpenVPN Project) [File not signed]
S3 UCANNET; C:\WINDOWS\System32\DRIVERS\ucannet.sys [35576 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCAN; C:\WINDOWS\System32\DRIVERS\usbcan.sys [34040 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANL2; C:\WINDOWS\System32\DRIVERS\usbcanl2.sys [24824 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANL4; C:\WINDOWS\System32\DRIVERS\usbcanl4.sys [68856 2013-01-29] (SYS TEC electronic GmbH)
S3 USBCANLD; C:\WINDOWS\System32\DRIVERS\usbcanld.sys [26872 2013-01-29] (SYS TEC electronic GmbH)
R1 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [25344 2008-03-29] (Elaborate Bytes AG) [File not signed]
R2 XHASP; c:\windows\system32\drivers\XHASP.sys [259584 2013-03-30] () [File not signed]
S3 ZD1211BU(WLAN); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [402432 2005-11-07] (ZyDAS Technology Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 23:02 - 2014-10-27 23:03 - 00013735 _____ () C:\Dokumente und Einstellungen\picard\Desktop\FRST.txt
2014-10-27 22:59 - 2014-10-27 22:59 - 00000075 _____ () C:\WINDOWS\wininit.ini
2014-10-26 18:57 - 2014-10-26 18:57 - 00020762 _____ () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
2014-10-26 16:04 - 2014-10-26 16:12 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-10-26 13:49 - 2014-10-26 13:49 - 00000803 _____ () C:\Dokumente und Einstellungen\picard\Desktop\gmer-malware.log
2014-10-26 11:59 - 2014-10-26 11:59 - 00380416 _____ () C:\Dokumente und Einstellungen\picard\Desktop\3dp0k37q.exe
2014-10-25 22:23 - 2014-10-25 22:23 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Eigene Dateien\ProcAlyzer Dumps
2014-10-25 22:13 - 2014-10-25 22:13 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService\IETldCache
2014-10-25 22:08 - 2014-10-25 22:08 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-10-25 22:07 - 2014-10-27 23:00 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-10-25 22:07 - 2014-10-27 22:59 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2014-10-25 21:54 - 2014-10-25 22:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Dokumente und Einstellungen\picard\Desktop\spybot-2.4.exe
2014-10-25 21:42 - 2014-10-25 21:45 - 19828376 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\picard\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-25 14:35 - 2014-10-25 14:37 - 14349744 _____ (Malwarebytes Corp.) C:\Dokumente und Einstellungen\picard\Desktop\mbar-1.07.0.1012.exe
2014-10-25 14:05 - 2014-10-25 14:05 - 00000200 _____ () C:\Dokumente und Einstellungen\picard\Desktop\otl-custom-scan-options.txt
2014-10-25 09:20 - 2014-10-25 09:23 - 16281688 _____ () C:\Dokumente und Einstellungen\picard\Desktop\RogueKiller.exe
2014-10-25 09:20 - 2014-10-25 09:22 - 05192704 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\aswMBR.exe
2014-10-24 13:23 - 2014-10-27 23:02 - 00000000 ____D () C:\FRST
2014-10-24 13:21 - 2014-10-24 13:21 - 01103360 _____ (Farbar) C:\Dokumente und Einstellungen\picard\Desktop\FRST.exe
2014-10-24 11:36 - 2014-10-25 14:33 - 00085698 _____ () C:\Dokumente und Einstellungen\picard\Desktop\OTL.Txt
2014-10-24 11:36 - 2014-10-24 11:36 - 00047374 _____ () C:\Dokumente und Einstellungen\picard\Desktop\Extras.Txt
2014-10-24 11:21 - 2014-10-24 11:26 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\picard\Desktop\OTL.exe
2014-10-23 13:59 - 2014-10-23 14:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\picard\Desktop\tdsskiller.exe
2014-10-23 13:58 - 2014-10-23 13:58 - 01944824 _____ (Bleeping Computer, LLC) C:\Dokumente und Einstellungen\picard\Desktop\rkill.exe
2014-10-23 11:54 - 2014-10-23 11:54 - 00002183 _____ () C:\Dokumente und Einstellungen\picard\Desktop\integrallenker.jpeg
2014-10-22 23:46 - 2014-10-22 23:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung
2014-10-22 23:46 - 2014-10-22 23:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
2014-10-22 23:46 - 2014-10-22 23:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
2014-10-18 23:09 - 2014-10-18 23:09 - 00000000 ____D () C:\cmdcons
2014-10-18 23:09 - 2014-10-18 11:05 - 00000211 _____ () C:\Boot.bak
2014-10-18 23:09 - 2004-08-03 22:00 - 00262448 __RSH () C:\cmldr
2014-10-18 23:05 - 2014-10-18 23:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-18 23:03 - 2014-10-18 23:03 - 00368256 _____ (RegNow.com) C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew (1).exe
2014-10-18 23:00 - 2014-10-18 23:00 - 00368256 _____ (RegNow.com) C:\Dokumente und Einstellungen\picard\Desktop\Download_MaxSDDMnew.exe
2014-10-18 18:54 - 2014-10-18 19:43 - 642560000 _____ () C:\Dokumente und Einstellungen\picard\Desktop\rescue-system.iso
2014-10-18 14:06 - 2014-10-18 15:26 - 306671616 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_10.iso
2014-10-18 12:49 - 2014-10-18 15:29 - 338690048 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso (1).crdownload
2014-10-18 11:31 - 2014-10-18 15:29 - 338686652 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032 (1).iso.crdownload.iso
2014-10-18 10:39 - 2014-10-18 10:44 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2014-10-18 10:39 - 2014-10-18 10:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2014-10-18 10:38 - 2014-10-18 10:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lamtec
2014-10-18 10:35 - 2014-10-27 09:37 - 00000000 __SHD () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf
2014-10-18 10:35 - 2014-10-22 23:47 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2014-10-18 10:35 - 2014-10-22 23:46 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-10-18 10:35 - 2014-10-22 23:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-10-18 10:35 - 2014-10-22 23:45 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\TSVNCache
2014-10-18 10:35 - 2014-10-18 10:44 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-10-18 10:35 - 2014-10-18 10:35 - 00000000 __SHD () C:\Dokumente und Einstellungen\Administrator\IETldCache
2014-10-18 10:35 - 2014-10-18 10:35 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Subversion
2014-10-18 10:35 - 2013-03-03 10:22 - 00001599 _____ () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
2014-10-18 10:35 - 2013-03-03 10:22 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
2014-10-18 10:35 - 2013-03-03 10:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
2014-10-18 10:35 - 2013-03-03 10:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Startmenü
2014-10-18 10:35 - 2013-03-03 10:14 - 00000000 ___HD () C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2014-10-18 10:35 - 2013-03-03 10:14 - 00000000 ___HD () C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2014-10-18 10:28 - 2014-10-26 12:46 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-18 10:04 - 2014-10-18 10:15 - 87018856 _____ () C:\Dokumente und Einstellungen\picard\Desktop\kav_rescue_1032.iso.crdownload
2014-10-18 09:56 - 2014-10-18 09:40 - 53532144 _____ (EMCO Software ) C:\Dokumente und Einstellungen\picard\Desktop\Kopie von malwaredestroyersetup.exe.msi
2014-10-18 09:44 - 2014-10-18 09:44 - 00000035 _____ () C:\Dokumente und Einstellungen\picard\Desktop\saegemuehle.txt
2014-10-18 09:33 - 2014-10-18 09:40 - 53532144 _____ (EMCO Software ) C:\Dokumente und Einstellungen\picard\Desktop\malwaredestroyersetup.exe
2014-10-18 09:20 - 2014-10-18 09:21 - 00519488 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avastclear.com
2014-10-18 08:37 - 2014-10-18 08:51 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\v9-a-st.exe
2014-10-18 08:29 - 2014-10-18 08:29 - 30408704 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9.0.2021.exe.crdownload
2014-10-18 00:59 - 2014-10-18 00:59 - 00000050 _____ () C:\Dokumente und Einstellungen\picard\Desktop\avg-code.txt
2014-10-18 00:35 - 2014-10-18 09:14 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
2014-10-18 00:33 - 2014-10-18 00:34 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\avg
2014-10-18 00:30 - 2014-10-17 23:33 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\Kopie von avast_free_antivirus_setup_9_0_2021.exe
2014-10-18 00:02 - 2014-10-18 00:22 - 153796568 _____ (AVG Technologies) C:\Dokumente und Einstellungen\picard\Desktop\a_v_g_free_x86_all_2015_5315a8160.exe.exe
2014-10-17 23:23 - 2014-10-17 23:24 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\Wireshark
2014-10-17 23:21 - 2014-10-17 23:33 - 91906368 _____ (AVAST Software) C:\Dokumente und Einstellungen\picard\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-10-17 22:53 - 2014-10-17 22:53 - 04609376 _____ () C:\Dokumente und Einstellungen\picard\Desktop\94.142.140.90.pcapng
2014-10-17 22:30 - 2014-10-17 22:30 - 00000000 ____D () C:\Programme\WinPcap
2014-10-17 22:30 - 2014-10-17 22:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
2014-10-17 22:28 - 2014-10-17 22:30 - 00000000 ____D () C:\Programme\Wireshark
2014-10-17 22:28 - 2014-10-17 22:28 - 00001465 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk
2014-10-17 22:06 - 2014-10-17 22:06 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\USB-CANmodul Utilities
2014-10-17 22:06 - 2013-01-29 14:01 - 00069880 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl5.sys
2014-10-17 22:06 - 2013-01-29 14:01 - 00061176 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl21.sys
2014-10-17 22:06 - 2013-01-29 14:00 - 00068856 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl4.sys
2014-10-17 22:06 - 2013-01-29 14:00 - 00046328 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl3.sys
2014-10-17 22:06 - 2013-01-29 14:00 - 00026872 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanld.sys
2014-10-17 22:06 - 2013-01-29 14:00 - 00024824 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcanl2.sys
2014-10-17 22:06 - 2013-01-29 13:59 - 00035576 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\ucannet.sys
2014-10-17 22:06 - 2013-01-29 13:59 - 00034040 _____ (SYS TEC electronic GmbH) C:\WINDOWS\system32\Drivers\usbcan.sys
2014-10-17 22:06 - 2008-03-27 14:49 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01007.dll
2014-10-17 00:34 - 2014-10-17 00:35 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\dkb-oktober
2014-10-15 04:00 - 2014-10-15 04:07 - 00000314 _____ () C:\Dokumente und Einstellungen\picard\Desktop\pkr-sept.txt
2014-10-13 22:02 - 2014-10-13 22:04 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\ba
2014-10-12 00:19 - 2014-10-12 01:01 - 00001583 _____ () C:\Dokumente und Einstellungen\picard\Desktop\INTERFACE.txt
2014-10-09 01:31 - 2014-10-09 02:17 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\re
2014-10-08 04:13 - 2014-10-08 04:14 - 00004234 _____ () C:\Dokumente und Einstellungen\picard\Desktop\lamtec32-28.bmp
2014-10-08 03:39 - 2014-10-08 03:39 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\testdll-141008
2014-10-08 03:35 - 2014-10-08 03:35 - 00086962 _____ () C:\Dokumente und Einstellungen\picard\Desktop\testdll.2.zip
2014-10-08 01:34 - 2014-10-08 01:34 - 00084549 _____ () C:\Dokumente und Einstellungen\picard\Desktop\testdll.zip
2014-10-07 21:22 - 2014-10-07 21:50 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\testdll
2014-10-01 23:31 - 2014-10-01 23:31 - 00002269 _____ () C:\Dokumente und Einstellungen\picard\Eigene Dateien\new02.xcf
2014-10-01 15:57 - 2014-10-01 15:57 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual Studio 2010 Express
2014-10-01 15:55 - 2014-10-01 15:55 - 00000000 ____D () C:\WINDOWS\symbols
2014-10-01 15:55 - 2014-10-01 15:55 - 00000000 ____D () C:\Programme\Microsoft SDKs
2014-10-01 15:55 - 2014-10-01 15:55 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Merge Modules

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 23:03 - 2013-03-03 10:25 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Temp
2014-10-27 23:02 - 2013-03-03 10:21 - 01446433 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-27 23:01 - 2013-03-07 23:25 - 00051282 _____ () C:\WINDOWS\StorShMem-512-0-evt
2014-10-27 23:01 - 2013-03-03 10:35 - 00124172 _____ () C:\WINDOWS\system32\nvapps.xml
2014-10-27 23:01 - 2013-03-03 10:17 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-27 23:01 - 2013-03-03 10:17 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-27 23:00 - 2013-03-03 10:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 22:59 - 2014-04-05 17:12 - 11480970 _____ () C:\WINDOWS\setupapi.log
2014-10-27 22:59 - 2013-03-03 10:25 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-27 22:59 - 2013-03-03 10:25 - 00000190 ___SH () C:\Dokumente und Einstellungen\picard\ntuser.ini
2014-10-27 22:59 - 2013-03-03 10:14 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-10-27 22:40 - 2013-03-03 10:14 - 01396398 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-27 09:39 - 2013-03-03 10:25 - 00000000 __SHD () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Verlauf
2014-10-27 09:39 - 2013-03-03 10:25 - 00000000 ___HD () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf
2014-10-27 09:37 - 2013-03-03 10:25 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf
2014-10-27 09:36 - 2013-03-03 10:25 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp
2014-10-27 09:36 - 2013-03-03 10:14 - 00000000 ___SD () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Verlauf
2014-10-26 22:43 - 2008-04-14 08:00 - 00011936 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-26 18:57 - 2013-03-04 09:48 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\.gimp-2.8
2014-10-26 18:48 - 2013-03-03 12:45 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-10-26 16:07 - 2013-03-03 10:14 - 00000000 ___RD () C:\Programme
2014-10-25 22:23 - 2013-03-03 11:12 - 00000360 __RSH () C:\boot.ini
2014-10-25 22:13 - 2013-03-03 10:25 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-10-25 21:00 - 2014-08-23 23:50 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\p
2014-10-25 20:07 - 2013-03-03 15:58 - 00000000 ____D () C:\_LAMTEC
2014-10-25 13:41 - 2013-03-03 10:26 - 00028608 _____ () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-10-25 09:29 - 2013-03-03 10:25 - 00000000 ___RD () C:\Dokumente und Einstellungen\picard\Startmenü\Programme
2014-10-24 10:44 - 2013-03-03 10:13 - 00135664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-23 00:01 - 2014-09-10 23:36 - 00011068 _____ () C:\WINDOWS\system32\CFG951220212
2014-10-18 12:38 - 2013-03-03 10:13 - 00249115 _____ () C:\WINDOWS\setupact.log
2014-10-18 11:10 - 2013-03-04 09:36 - 00011878 _____ () C:\WINDOWS\system32\wpa.bak
2014-10-18 11:05 - 2008-04-14 08:00 - 00000498 _____ () C:\WINDOWS\win.ini
2014-10-18 11:05 - 2008-04-14 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-18 09:44 - 2013-03-03 14:44 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\.VirtualBox
2014-10-17 22:06 - 2014-01-23 02:10 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\SYSTEC-electronic
2014-10-17 22:06 - 2014-01-21 13:37 - 00000000 ____D () C:\Programme\SYSTEC-electronic
2014-10-17 22:06 - 2013-03-03 11:28 - 00311984 _____ () C:\WINDOWS\DPINST.LOG
2014-10-17 06:34 - 2014-04-17 11:12 - 01755400 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1343024091-287218729-682003330-1003-0.dat
2014-10-17 06:34 - 2014-04-17 11:12 - 00170638 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2014-10-17 06:33 - 2013-03-15 22:12 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Anwendungsdaten\AIMP3
2014-10-17 04:33 - 2013-05-19 09:14 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Eigene Dateien\888poker
2014-10-15 23:26 - 2013-03-30 19:42 - 00000000 ____D () C:\No23Recorder
2014-10-15 02:12 - 2014-04-17 10:45 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Eigene Dateien\Visual Studio 2010
2014-10-10 00:32 - 2013-08-28 23:10 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Lokale Einstellungen\Anwendungsdaten\TGitCache
2014-10-05 11:53 - 2014-08-10 21:37 - 00000000 ____D () C:\Dokumente und Einstellungen\picard\Desktop\TVB
2014-10-01 16:36 - 2013-03-06 01:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-01 15:56 - 2014-09-17 17:12 - 00000000 ____D () C:\Programme\Microsoft Visual Studio 10.0
2014-10-01 15:55 - 2013-03-06 01:20 - 00000000 ____D () C:\Programme\MSBuild
2014-10-01 15:46 - 2013-03-06 01:22 - 00000000 ____D () C:\Programme\Microsoft.NET
2014-10-01 15:46 - 2013-03-03 10:14 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

__________________________________________________________

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by picard at 2014-10-27 23:03:43
Running from C:\Dokumente und Einstellungen\picard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
888poker (HKLM\...\888poker) (Version:  - )
Adaptec Storage Manager (HKLM\...\{E0082066-E6E7-4567-AE83-4DA31B3F1171}) (Version: 7.30.00.18837 - PMC-Sierra, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
AIMP3 (HKLM\...\AIMP3) (Version: v3.20.1155, 16.11.2012 - AIMP DevTeam)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
Beck CLIB libraries V2.24 / RTOS documentation [29.11.2012] (HKLM\...\Beck CLIB/RTOS documentation_is1) (Version:  - Beck IPC GmbH)
BitNami Redmine Stack (HKLM\...\BitNami Redmine Stack 2.3.2-0) (Version: 2.3.2-0 - BitNami)
bsim 1.7.0.0 (HKLM\...\{F6F4A5C9-C20E-4669-8358-7B34F94A71D5}_is1) (Version:  - LAMTEC GmbH & Co. KG)
Canon MP Navigator 3.0 (HKLM\...\MP Navigator 3.0) (Version:  - )
Canon MP160 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160) (Version:  - )
CollabNet Subversion Client 1.6.2 (HKLM\...\CollabNet Subversion Client) (Version: 1.6.2 - CollabNet)
CollabNet Subversion Server 1.6.2 (HKLM\...\CollabNet Subversion Server) (Version: 1.6.2 - CollabNet)
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.2.4.1 (HKLM\...\FileZilla Client) (Version: 3.2.4.1 - )
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
FMS/VMS/ETA Remote Software Version 1.1.0.0 franç.[Service] (HKLM\...\{REMOTESW-441F-A831-8D3F59D74B8A}_is1) (Version:  - Lamtec GmbH & Co KG)
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
FreeCommander 2009.02 (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Git version 1.7.11-preview20120710 (HKLM\...\Git_is1) (Version: 1.7.11-preview20120710 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 20.0.1132.57 - Google Inc.)
Google Update Helper (Version: 1.3.21.99 - Google Inc.) Hidden
H2 (HKCU\...\H2) (Version:  - )
HASP SRM Run-time (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.10.1.6921 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)
Hotfix für Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
HxD Hex Editor Version 1.7.6.4 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.6.4 - Maël Hörz)
Ignition (HKLM\...\Ignition 7.6.2) (Version: 7.6.2 - Inductive Automation)
Ignition Designer (HKCU\...\Ignition Designer) (Version:  - Inductive Automation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inno Setup QuickStart Pack version 5.2.2 (HKLM\...\Inno Setup 5_is1) (Version: 5.2.2 - Martijn Laan)
ISTool 5.3.0.1 (HKLM\...\{A9E12684-DD23-4D11-ACAF-6041954BCA00}_is1) (Version: 5.3.0.1 - Bjørnar Henden)
IzPack 4.3.5 (HKLM\...\IzPack 4.3.5) (Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ 6 Update 43 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216043FF}) (Version: 6.0.430 - Oracle)
Java™ SE Development Kit 6 Update 43 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
LAMTEC NEMS Config 1.8.0.0 (HKLM\...\{F7261A98-2A90-44BA-B915-419D525B9073}_is1) (Version: 1.8.0.0 - LAMTEC GmbH & Co KG)
LMD-Tools (Source) (remove only) (HKLM\...\LMD-Tools (Source)) (Version:  - LMD Innovative)
LSB Remote Software v1.12.1.1 (HKLM\...\{331845FD-9282-430F-ABAD-1CF41F2E6962}_is1) (Version:  - LAMTEC GmbH & Co. KG)
LSB Spy 0.12.0.0 (HKLM\...\{C9F3F804-0947-4CFE-857D-4D0BD19F26D4}_is1) (Version:  - LAMTEC GmbH & Co. KG)
LTVisu Version 1.0.9.2 (HKLM\...\{16912A83-753A-4BC5-9A6E-22E498B254DA}_is1) (Version:  - Lamtec GmbH & Co.KG)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{1C2B3CEA-482E-4453-B3E2-C9731337828A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mozilla Firefox 18.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0.2 (x86 en-US)) (Version: 18.0.2 - Mozilla)
Mozilla Firefox 33.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.1 (x86 en-US)) (Version: 33.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetBeans IDE 7.3 (HKLM\...\nbi-nb-base-7.3.0.0.201302132200) (Version: 7.3 - NetBeans.org)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.8 - )
Null-modem emulator (com0com) (HKLM\...\com0com) (Version: 2.2.2.0 - Vyacheslav Frolov)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.1.4 (HKLM\...\OpenVPN) (Version: 2.1.4 - )
Oracle VM VirtualBox 4.3.16 (HKLM\...\{346795FE-9B53-48C0-A8E7-CC54B7EF7C1F}) (Version: 4.3.16 - Oracle Corporation)
Paradigm C++ Beck IPC Edition (HKLM\...\{7FFD5E34-9392-4B28-8420-38907C84B4E0}) (Version: 7.0 - Beck IPC Edition by Paradigm Systems Inc.)
Paradox Data Editor (HKLM\...\Paradox Data Editor_is1) (Version:  - )
ParamWriter 1.0.6.1 (HKLM\...\{1FE490B8-4306-42E3-A902-89C395178FE8}_is1) (Version:  - LAMTEC GmbH & Co.KG)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5497 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG CDMA Modem Driver Set (HKLM\...\SAMSUNG CDMA Modem) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.0.1.60510 - Samsung Electronics Co., Ltd.)
Samsung PC Studio (Version: 3.0.0.60510 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2803821-v2) (HKLM\...\KB2803821-v2_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Titan Poker (HKLM\...\Titan Poker) (Version:  - )
TortoiseGit 1.7.3.0 (32 bit) (HKLM\...\{F13E072A-D423-485E-A777-EF64BA796D6A}) (Version: 1.7.3.0 - TortoiseGit)
TortoiseSVN 1.6.16.21511 (32 bit) (HKLM\...\{0DB06704-7DB8-43FC-BE1D-8ACFEFA85C43}) (Version: 1.6.21511 - TortoiseSVN)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UI300 Simulator 3.4.0.0 (HKLM\...\{7E309445-AD8E-41C1-991C-FE9F0EBC65E2}_is1) (Version: 3.4.0.0 - Lamtec GmbH & Co. KG)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{9AA2D735-3375-42D4-9A61-3FFEF82599D6}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB-CANmodul Utility Disk V4.18 (HKLM\...\USB-CANmodul Utility Disk_is1) (Version: 4.18 - SYS TEC electronic GmbH)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows-Treiberpaket - SYS TEC electronic GmbH (USBCANLD) USB-CAN-Hardware  (01/29/2013 4.18.0.0) (HKLM\...\7E05E253EF12661BA9FC845DDE1C37874E200246) (Version: 01/29/2013 4.18.0.0 - SYS TEC electronic GmbH)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.10 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.10 - The Wireshark developer community, http://www.wireshark.org)
wxWidgets 3.0.1 (HKLM\...\wxWidgets_is1) (Version:  - wxWidgets)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.4 - X Codec Pack team)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-1343024091-287218729-682003330-1003_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Programme\Titan Poker\widgetbar\WidgetbarAPI.dll No File

==================== Restore Points  =========================

18-10-2014 22:12:27 Systemprüfpunkt
22-10-2014 22:18:49 ComboFix created restore point
24-10-2014 13:28:00 Systemprüfpunkt
25-10-2014 17:31:10 Systemprüfpunkt
27-10-2014 08:32:52 141027-restore-point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 08:00 - 2013-11-21 02:13 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2013-10-18 23:31 - 2001-07-31 08:17 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2011-08-24 21:30 - 2011-08-24 21:30 - 00065024 _____ () C:\Programme\TortoiseGit\bin\zlib132.dll
2009-04-27 22:49 - 2009-04-27 22:49 - 00093696 _____ () C:\Programme\FileZilla FTP Client\fzshellext.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00296448 _____ () C:\Programme\Notepad++\NppShell_04.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: KiesTrayAgent => C:\Programme\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-1343024091-287218729-682003330-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-1343024091-287218729-682003330-1004 - Limited - Enabled)
Gast (S-1-5-21-1343024091-287218729-682003330-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-1343024091-287218729-682003330-1000 - Limited - Disabled)
picard (S-1-5-21-1343024091-287218729-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\picard
SUPPORT_388945a0 (S-1-5-21-1343024091-287218729-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce Networking Controller
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/27/2014 10:37:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/27/2014 10:37:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.

Error: (10/27/2014 09:40:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/27/2014 09:40:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu..

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu..

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adaptec Storage Manager Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CollabNet Subversion svnserve" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/27/2014 09:36:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "postgresql-9.2 - PostgreSQL Server 9.2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 25%
Total physical RAM: 1918.36 MB
Available physical RAM: 1428.09 MB
Total Pagefile: 3811.7 MB
Available Pagefile: 3464.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.61 GB) (Free:257.17 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.6 GB) (Disk ID: 8BAD8BAD)
Partition 1: (Active) - (Size=465.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

I've got some other ideas.



Please reboot your computer and start tapping F8 repeatedly.
You should see a couple of options there, but the main three will be:

  • Safe Mode
  • Safe Mode with networking
  • Safe Mode with command prompt

Using your arrow keys enter the Safe Mode option.

Run ComboFix there.

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!


  • 0

#15
picard

picard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Naat,

 

when running ComboFix i remembered that i already tried this tool some time ago.

I can execute it, but unfortunately it freezes my XP when blue-box opens that scans for files after some short time (~1 minute)

today i was running it while @ work for the whole day - but no success.

i always have to 'coldstart' my machine then....

(and yes, i was running it in safe-mode and disabled my virtual clone drive)

 

no log-file is created (while short time of scanning)

i have a ~44 MB folder c:\combofix\ now, but no log inside as well.

 

Any more ideas ?

Regards and thaks for your efforts so far,

Jo


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP