gvu trojaner abgesicherter modus nicht möglich

juji82 · 26.06.2013, 18:37

Hallo,

mein Rechner ist mit dem GVU Trojaner infiziert. Habe mit Kaspersky Recovery versucht den Virus zu entfernen aber es hilft nichts. Ich komme auch im AM nicht rein weil er sich sofort ausschaltet.
Ich habe wie in der Anleitung eine OTL Datei erstellt, weis aber nicht wie ich sie hier hochladen kann/anhängen kann.
Ich würde mich freuen, wenn ich hier Hilfe bekommen würde.

Gruß

schrauber · 26.06.2013, 18:46

Hi,

welches Betriebssystem?

juji82 · 26.06.2013, 20:53

WinXP.

Hab in der Eile dummerweise von einem anderen User (http://www.trojaner-board.de/135821-...odus-geht.html) den fix button mit den dort angegeben Text benutzt. Jetzt geht der PC wieder, weis aber nicht, ob es irgendwelche Nebeneffekte haben wird. Bis jetzt sieht alles gut aus alles läuft wie vorher. Nur kann ich Avira nicht installieren, weiss aber nicht ob das damit zusammenhängt, Meldung: Sie müssen mindestens WinXP 32 oder 64 benutzen. Das hab ich doch drauf.

schrauber · 27.06.2013, 07:57

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

juji82 · 29.06.2013, 14:06

Hey danke vielmals für die Unterstützung: hier sind die Daten:

Frst.txt:
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by Intel (administrator) on 29-06-2013 15:03:55
Running from C:\Documents and Settings\Intel\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe
(Blabbers Communications LTD) C:\Program Files\BrowserCompanion\BCHelper.exe
() C:\WINDOWS\system32\PSIService.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [vspdfprsrv.exe] C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe --background [4229632 2011-01-20] ()
HKLM\...\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 [182576 2011-08-08] (Blabbers Communications LTD)
HKLM\...\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2007-03-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Command Processor:  <======= ATTENTION
MountPoints2: {82edc5d0-1778-11e0-a2f3-000e2edf9b77} - F:\AutoRun.exe
MountPoints2: {82edc5d4-1778-11e0-a2f3-b34fdad64ed6} - F:\AutoRun.exe
HKU\Administrator\...\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 [x]
HKU\Administrator\...\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart [x]
HKU\Default User\...\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 [x]
HKU\Default User\...\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
URLSearchHook: ST-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {9973DE62-B643-4114-A1CF-91AD71C4FDB1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
SearchScopes: HKCU - {9973DE62-B643-4114-A1CF-91AD71C4FDB1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
BHO: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: ST-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
Toolbar: HKLM - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
Toolbar: HKLM - ST-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
Toolbar: HKCU -BS Player Toolbar - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\prxtbBS_2.dll (Conduit Ltd.)
Toolbar: HKCU -ST-de3 Toolbar - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default
FF SearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Browser Companion Helper - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\bbrs_002@blabbers.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: BitComet ????? - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: toolbar - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2009-07-27] (Meetinghouse Data Communications)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Broadcom Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R2 CbmDev1; C:\Windows\System32\Drivers\CbmDev1.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev2; C:\Windows\System32\Drivers\CbmDev2.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev3; C:\Windows\System32\Drivers\CbmDev3.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [457216 2010-03-29] (Aladdin Knowledge Systems)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-04] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 RT61; C:\Windows\System32\DRIVERS\RT61.sys [356096 2005-10-28] (Ralink Technology Inc.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-05] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-04] (Microsoft Corporation)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-04] (Microsoft Corporation)
U3 ax1crlx1; C:\Windows\System32\Drivers\ax1crlx1.sys [0 ] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S4 hpn; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 VirtualFD; \??\C:\Documents and Settings\Intel\Desktop\2\vfd.sys [x]
S3 WDICA; No ImagePath
U1 WS2IFSL; 
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-27 02:21 - 2011-07-13 04:55 - 02237440 ___RA (OldTimer Tools) C:\OTLPE.exe
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 21:33 - 2013-06-29 11:59 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-26 17:35 - 2013-06-26 18:28 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-23 00:40 - 2013-06-23 13:38 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:19 - 2013-06-13 19:34 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-11 13:37 - 2013-06-11 16:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:24 - 2013-06-07 18:32 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 17:13 - 2013-06-07 18:10 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy

==================== One Month Modified Files and Folders ========

2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-29 15:02 - 2009-07-05 01:58 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Skype
2013-06-29 14:55 - 2009-07-04 12:24 - 00000062 __ASH C:\Documents and Settings\Intel\Local Settings\desktop.ini
2013-06-29 14:55 - 2009-07-04 12:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-29 14:55 - 2009-07-04 12:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 14:55 - 2009-07-04 12:09 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-29 14:55 - 2009-07-04 04:51 - 00000052 ____A C:\Windows\wiaservc.log
2013-06-29 14:55 - 2001-08-23 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-29 14:18 - 2012-07-19 13:06 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 11:59 - 2013-06-26 21:33 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-29 11:58 - 2009-07-04 04:51 - 00000278 ____A C:\Windows\wiadebug.log
2013-06-27 03:25 - 2009-07-04 12:24 - 00000178 ___SH C:\Documents and Settings\Intel\ntuser.ini
2013-06-27 03:25 - 2009-07-04 12:23 - 00032472 ____A C:\Windows\SchedLgU.Txt
2013-06-27 03:25 - 2009-07-04 12:04 - 01777576 ____A C:\Windows\WindowsUpdate.log
2013-06-27 03:23 - 2009-10-26 09:48 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\FreePDF_XP
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 18:28 - 2013-06-26 17:35 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-26 13:38 - 2011-02-27 14:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 13:38 - 2011-02-27 14:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-25 16:08 - 2010-03-12 00:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Formulare
2013-06-23 21:26 - 2013-01-28 22:37 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Winamp
2013-06-23 13:40 - 2009-11-13 11:44 - 00000900 __ASH C:\Windows\System32\KGyGaAvL.sys
2013-06-23 13:40 - 2009-08-02 01:53 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\Corel
2013-06-23 13:40 - 2009-08-01 23:27 - 00000000 ____D C:\Documents and Settings\Intel\My Documents\My PSP Files
2013-06-23 13:38 - 2013-06-23 00:40 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:34 - 2013-06-13 19:19 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-12 17:18 - 2012-07-19 13:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:18 - 2011-07-16 13:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 16:49 - 2013-06-11 13:37 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:32 - 2013-06-07 18:24 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 18:26 - 2009-07-05 09:01 - 00105472 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 18:20 - 2009-07-11 10:32 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\vlc
2013-06-07 18:10 - 2013-06-07 17:13 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ___RD C:\Program Files\Skype
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-06 19:08 - 2012-05-03 14:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-01 21:29 - 2013-04-09 09:16 - 00046890 ____A C:\Windows\setupapi.log
2013-05-30 19:40 - 2013-05-07 19:07 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\krispak
2013-05-30 19:24 - 2010-02-10 14:11 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\kleeland
2013-05-30 17:37 - 2013-05-23 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2007-03-21 12:08] - [2007-03-21 12:08] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78 

C:\Windows\System32\winlogon.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 

C:\Windows\System32\svchost.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 

C:\Windows\System32\services.exe
[2004-08-04 01:56] - [2009-02-06 12:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd 

C:\Windows\System32\User32.dll
[2007-03-21 12:10] - [2007-03-21 12:10] - 0577024 ____A (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036 

C:\Windows\System32\userinit.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 00:00] - [2004-08-04 00:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 


==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2013 01
Ran by Intel at 2013-06-29 15:04:30
Running from C:\Documents and Settings\Intel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Adobe XMP Panels CS4 (Version: 2.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATTC CityLine
ATTC Coordination2
Avanquest update (Version: 1.31)
BDE5
BitComet 1.29 (Version: 1.29)
Bonjour (Version: 3.0.0.10)
Broadcom NetXtreme Ethernet Controller (Version: 11.32.03)
BrowserCompanion
BS_Player Toolbar (Version: )
Bulgarian (Phonetic) (Version: 1.0.3.40)
Canon MP Navigator EX 2.0
Canon MP540 series MP Drivers
Canon MP540 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 3.02)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Compatibility Pack fur 2007 Office System (Version: 12.0.6425.1000)
Connect (Version: 1.0.0.1)
Corel Paint Shop Pro Photo X2 (Version: 12.00.0000)
DivX-Setup (Version: 2.5.0.8)
Dlubal-Anwendungen RSTAB Demo
DSL Connection Manager (Version: 2.0.0.17)
eMule
Expert PDF 7 Professional (Version: 7.0.1370.0)
ExplorerXP (remove only)
FormatFactory 2.60 (Version: 2.60)
Free PDF to Word Converter 4.2.3.183 (Version: 4.2.3.183)
FreePDF (Remove only)
FVPN Connect (Version: 1.6.0.0)
GPL Ghostscript (Version: 9.05)
HD Tune 2.55
Intel(R) Graphics Media Accelerator Driver
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
kuler (Version: 2.0)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Keyboard Layout Creator 1.4 (Version: 1.4.6000)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser und SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MyPhoneExplorer (Version: 1.8.2)
Nero 6 Ultra Edition
PDF Settings (Version: 1.0)
Photoshop Camera Raw (Version: 5.0)
Prьfungsfragen-CD Version 1.8 (Version: 1.8)
QuickTime (Version: 7.73.80.64)
RedMon - Redirection Port Monitor
Safari (Version: 5.34.57.2)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.4.11328)
Skype™ 6.3 (Version: 6.3.107)
Skyr@cer PCI 2101gmr (Version: 1.00.01)
softonic-de3 Toolbar (Version: 6.8.5.1)
Software Update for Web Folders (Version: 9.60.6715.0)
SoundMAX (Version: 5.12.01.4070)
SPIRIT 11
Suite Shared Configuration CS4 (Version: 1.0)
Sun ODF Plugin for Microsoft Office 3.2 (Version: 3.2.9483)
ToPilots FQ Software (Version: 11.1)
ToPilots FQ-Trainingssoftware 2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VISSIM 5.40-06 (Demo) 32 Bit (Version: 5.40-06 (Demo))
VLC media player 1.0.0 (Version: 1.0.0)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows XP Hotfix - KB885884 (Version: 20040924.025457)
WinRAR
XP Codec Pack
Yahoo! Detect

==================== Restore Points  =========================

25-06-2013 15:49:34 System Checkpoint
26-06-2013 20:07:22 System Checkpoint

==================== Hosts content: ==========================
127.0.0.1       localhost
127.0.0.1				activate.adobe.com
127.0.0.1				practivate.adobe.com
127.0.0.1				ereg.adobe.com
127.0.0.1				activate.wip3.adobe.com
127.0.0.1				wip3.adobe.com
127.0.0.1				3dns-3.adobe.com
127.0.0.1				3dns-2.adobe.com
127.0.0.1				adobe-dns.adobe.com
127.0.0.1				adobe-dns-2.adobe.com
127.0.0.1				adobe-dns-3.adobe.com
127.0.0.1				ereg.wip3.adobe.com
127.0.0.1				activate-sea.adobe.com
127.0.0.1				wwis-dubc1-vip60.adobe.com
127.0.0.1				activate-sjc0.adobe.com
74.208.10.249 gs.apple.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme Gigabit Ethernet
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 11:59:43 AM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/27/2013 00:38:21 AM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/26/2013 10:19:02 PM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/26/2013 09:36:03 PM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/26/2013 09:33:24 PM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/26/2013 01:44:01 PM) (Source: LoadPerf) (User: )
Description: Unable to read the performance counter strings of the 01A language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45846516

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45846516

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 01:00:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45844500


System errors:
=============
Error: (06/26/2013 09:31:34 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.33 for the Network Card with network address 000E2EDF9B77 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/26/2013 06:22:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/26/2013 04:08:40 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.35 for the Network Card with network address 000E2EDF9B77 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/26/2013 03:32:08 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.34 for the Network Card with network address 000E2EDF9B77 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/26/2013 01:44:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/26/2013 01:41:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sptd
Tcpip

Error: (06/26/2013 01:41:05 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31

Error: (06/26/2013 01:41:05 PM) (Source: Service Control Manager) (User: )
Description: The Dienst "Bonjour" service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31

Error: (06/26/2013 01:41:05 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31

Error: (06/26/2013 01:41:05 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
%%31


Microsoft Office Sessions:
=========================
Error: (06/29/2013 11:59:43 AM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/27/2013 00:38:21 AM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/26/2013 10:19:02 PM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/26/2013 09:36:03 PM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/26/2013 09:33:24 PM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/26/2013 01:44:01 PM) (Source: LoadPerf)(User: )
Description: 01A

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45846516

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45846516

Error: (06/26/2013 01:00:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 01:00:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45844500


==================== Memory info =========================== 

Percentage of memory in use: 76%
Total physical RAM: 1015.43 MB
Available physical RAM: 239.83 MB
Total Pagefile: 2444.79 MB
Available Pagefile: 1823.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.36 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:18.55 GB) (Free:1.43 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Downloads) (Fixed) (Total:18.71 GB) (Free:4.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 81EBA330)
Partition 1: (Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19 GB) - (Type=OF Extended)

==================== End Of Log ============================

--- --- ---

schrauber · 29.06.2013, 14:29

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION 
HKCU\...\Command Processor:  <======= ATTENTION
HKU\Administrator\...\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 [x]
HKU\Administrator\...\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart [x]
HKU\Default User\...\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 [x]
HKU\Default User\...\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST Log bitte.

juji82 · 29.06.2013, 15:29

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-06-2013 01
Ran by Intel at 2013-06-29 15:46:10 Run:1
Running from C:\Documents and Settings\Intel\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IE7-11 => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IE7-11 => Value deleted successfully.

==== End of Fixlog ====

ADWCleaner:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 15:49:26
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Intel - BRITISH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Intel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\BrowserCompanion
File Deleted : C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\searchplugins\11-suche.xml
Folder Deleted : C:\Documents and Settings\Intel\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Conduit
Folder Deleted : C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Documents and Settings\Intel\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\BS_Player
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\softonic-de3
Folder Deleted : C:\Documents and Settings\Intel\Local Settings\Application Data\Wondershare
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\softonic-de3
Folder Deleted : C:\Program Files\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36B8DFC3-4FBD-4AB2-BF2D-4BA53BF45171}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\softonic-de3
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{17F2B719-FFC2-4C95-8C00-93CF7AE59419}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{36B8DFC3-4FBD-4AB2-BF2D-4BA53BF45171}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A8A80CC-08F7-4E7B-B76F-433E9C7964CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E8C81CD-C588-4872-A2A4-9F11BFC8BDB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2E37DA1-2D5E-422C-92FE-0CFC641DA21D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1124A946-D8B7-413C-BBE0-FEFAA9B8F248}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{388B4D41-097B-463A-A963-219B50F6D7F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39FDCB46-91CA-4B65-8A85-460DB3B12268}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4884B973-62FF-4D50-9778-28E47AEE48E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C430930A-E5F8-45C7-B23E-0C6E32F2E74B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-de3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17F2B719-FFC2-4C95-8C00-93CF7AE59419}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{36B8DFC3-4FBD-4AB2-BF2D-4BA53BF45171}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Deleted : HKLM\Software\softonic-de3
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (de)

File : C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\prefs.js

Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "12-6-2010");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Sat Jun 12 2010 14:35:01 GMT+0200");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 894);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Sat Jun 12 2010 14:24:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Sat Jun 12 2010 14:24:16 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Sat Jun 12 2010 14:24:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Sat Jun 12 2010 14:24:16 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Sat Jun 12 2010 14:24:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Sat Jun 12 2010 12:24:17 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Sat Jun 12 2010 14:24:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Sat Jun 12 2010 14:24:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Sat Jun 12 2010 14:24:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Sat Jun 12 2010 14:24:17 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Sat Jun 12 2010 14:24:12 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Sat Jun 12 2010 14:24:33 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Sat Jun 12 2010 12:24:16 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Sat Jun 12 2010 12:24:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Sat Jun 12 2010 12:24:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Sat Jun 12 2010 14:24:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Sat Jun 12 2010 14:24:12 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Sat Jun 12 2010 14:24:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Sat Jun 12 2010 14:24:26 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Sat Jun 12 2010 14:24:31 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Sat Jun 12 2010 14:24:25 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Sat Jun 12 2010 14:24:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Sat Jun 12 2010 12:24:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Sat Jun 12 2010 14:24:17 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Sat Jun 12 2010 12:24:18 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Sat Jun 12 2010 14:24:30 GMT+0200");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FirstServerDate", "11-6-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstalledDate", "Fri Jun 11 2010 16:24:07 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri Jun 11 2010 16:24:16 GMT+0200");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_2.5.8.6", "Sat Jun 12 2010 12:24:14 GMT+0200");
Deleted : user_pref("CT2431245.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.LoginCache", 4);
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Fri Jun 11 2010 16:24:12 GMT+0200");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri Jun 11 2010 16:24:16 GMT+0200");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Sat Jun 12 2010 14:36:15 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1275408427");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Jun 11 2010 16:24:07 GMT+0200");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1275408427");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2431245.Uninstall", true);
Deleted : user_pref("CT2431245.UserID", "UN71655730060330544");
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Fri Jun 11 2010 16:24:08 GMT+0200");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2431245.clientLogIsEnabled", true);
Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=IEFM1&q=[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");

*************************

AdwCleaner[S1].txt - [18288 octets] - [29/06/2013 15:49:26]

########## EOF - C:\AdwCleaner[S1].txt - [18349 octets] ##########

--- --- ---

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Intel on 29.06.2013 at 15:58:56,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Documents and Settings\Intel\Application Data\mozilla\firefox\profiles\3028qzgi.default\minidumps [11 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2013 at 16:02:01,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by Intel (administrator) on 29-06-2013 16:19:35
Running from C:\Documents and Settings\Intel\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\system32\PSIService.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [vspdfprsrv.exe] C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe --background [4229632 2011-01-20] ()
HKLM\...\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2007-03-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {82edc5d0-1778-11e0-a2f3-000e2edf9b77} - F:\AutoRun.exe
MountPoints2: {82edc5d4-1778-11e0-a2f3-b34fdad64ed6} - F:\AutoRun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKCU - {9973DE62-B643-4114-A1CF-91AD71C4FDB1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default
FF SearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: BitComet ????? - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: toolbar - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2009-07-27] (Meetinghouse Data Communications)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Broadcom Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R2 CbmDev1; C:\Windows\System32\Drivers\CbmDev1.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev2; C:\Windows\System32\Drivers\CbmDev2.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev3; C:\Windows\System32\Drivers\CbmDev3.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [457216 2010-03-29] (Aladdin Knowledge Systems)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-04] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 RT61; C:\Windows\System32\DRIVERS\RT61.sys [356096 2005-10-28] (Ralink Technology Inc.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-05] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-04] (Microsoft Corporation)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-04] (Microsoft Corporation)
U3 axakfdps; C:\Windows\System32\Drivers\axakfdps.sys [0 ] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S4 hpn; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 VirtualFD; \??\C:\Documents and Settings\Intel\Desktop\2\vfd.sys [x]
S3 WDICA; No ImagePath
U1 WS2IFSL; 
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 16:02 - 2013-06-29 16:02 - 00001049 ____A C:\Documents and Settings\Intel\Desktop\JRT.txt
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\JRT
2013-06-29 15:56 - 2013-06-29 15:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Intel\Desktop\JRT.exe
2013-06-29 15:54 - 2013-06-29 15:54 - 00018419 ____A C:\Documents and Settings\Intel\Desktop\AdwCleaner[S1].txt
2013-06-29 15:51 - 2013-06-29 15:51 - 00000420 ____A C:\Windows\regopt.log
2013-06-29 15:49 - 2013-06-29 15:50 - 00018419 ____A C:\AdwCleaner[S1].txt
2013-06-29 15:48 - 2013-06-29 15:48 - 00648201 ____A C:\Documents and Settings\Intel\Desktop\adwcleaner.exe
2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-27 02:21 - 2011-07-13 04:55 - 02237440 ___RA (OldTimer Tools) C:\OTLPE.exe
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 21:33 - 2013-06-29 15:56 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-26 17:35 - 2013-06-26 18:28 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-23 00:40 - 2013-06-23 13:38 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:19 - 2013-06-13 19:34 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-11 13:37 - 2013-06-11 16:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:24 - 2013-06-07 18:32 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 17:13 - 2013-06-07 18:10 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy

==================== One Month Modified Files and Folders ========

2013-06-29 16:18 - 2012-07-19 13:06 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 16:15 - 2009-07-05 01:58 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Skype
2013-06-29 16:02 - 2013-06-29 16:02 - 00001049 ____A C:\Documents and Settings\Intel\Desktop\JRT.txt
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\JRT
2013-06-29 15:56 - 2013-06-29 15:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Intel\Desktop\JRT.exe
2013-06-29 15:56 - 2013-06-26 21:33 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-29 15:54 - 2013-06-29 15:54 - 00018419 ____A C:\Documents and Settings\Intel\Desktop\AdwCleaner[S1].txt
2013-06-29 15:52 - 2009-07-04 04:51 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-29 15:52 - 2009-07-04 04:51 - 00000052 ____A C:\Windows\wiaservc.log
2013-06-29 15:51 - 2013-06-29 15:51 - 00000420 ____A C:\Windows\regopt.log
2013-06-29 15:51 - 2009-07-04 12:24 - 00000062 __ASH C:\Documents and Settings\Intel\Local Settings\desktop.ini
2013-06-29 15:51 - 2009-07-04 12:24 - 00000042 ___SH C:\Documents and Settings\Intel\ntuser.ini
2013-06-29 15:51 - 2009-07-04 12:23 - 00032472 ____A C:\Windows\SchedLgU.Txt
2013-06-29 15:51 - 2009-07-04 12:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-29 15:51 - 2009-07-04 12:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 15:51 - 2009-07-04 12:09 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-29 15:51 - 2009-07-04 12:04 - 01777958 ____A C:\Windows\WindowsUpdate.log
2013-06-29 15:51 - 2009-07-04 04:45 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2013-06-29 15:50 - 2013-06-29 15:49 - 00018419 ____A C:\AdwCleaner[S1].txt
2013-06-29 15:48 - 2013-06-29 15:48 - 00648201 ____A C:\Documents and Settings\Intel\Desktop\adwcleaner.exe
2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-29 14:55 - 2001-08-23 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-27 03:23 - 2009-10-26 09:48 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\FreePDF_XP
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 18:28 - 2013-06-26 17:35 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-26 13:38 - 2011-02-27 14:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 13:38 - 2011-02-27 14:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-25 16:08 - 2010-03-12 00:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Formulare
2013-06-23 21:26 - 2013-01-28 22:37 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Winamp
2013-06-23 13:40 - 2009-11-13 11:44 - 00000900 __ASH C:\Windows\System32\KGyGaAvL.sys
2013-06-23 13:40 - 2009-08-02 01:53 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\Corel
2013-06-23 13:40 - 2009-08-01 23:27 - 00000000 ____D C:\Documents and Settings\Intel\My Documents\My PSP Files
2013-06-23 13:38 - 2013-06-23 00:40 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:34 - 2013-06-13 19:19 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-12 17:18 - 2012-07-19 13:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:18 - 2011-07-16 13:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 16:49 - 2013-06-11 13:37 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:32 - 2013-06-07 18:24 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 18:26 - 2009-07-05 09:01 - 00105472 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 18:20 - 2009-07-11 10:32 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\vlc
2013-06-07 18:10 - 2013-06-07 17:13 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ___RD C:\Program Files\Skype
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-06 19:08 - 2012-05-03 14:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-01 21:29 - 2013-04-09 09:16 - 00046890 ____A C:\Windows\setupapi.log
2013-05-30 19:40 - 2013-05-07 19:07 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\krispak
2013-05-30 19:24 - 2010-02-10 14:11 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\kleeland
2013-05-30 17:37 - 2013-05-23 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2007-03-21 12:08] - [2007-03-21 12:08] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78 

C:\Windows\System32\winlogon.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 

C:\Windows\System32\svchost.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 

C:\Windows\System32\services.exe
[2004-08-04 01:56] - [2009-02-06 12:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd 

C:\Windows\System32\User32.dll
[2007-03-21 12:10] - [2007-03-21 12:10] - 0577024 ____A (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036 

C:\Windows\System32\userinit.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 00:00] - [2004-08-04 00:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 


==================== End Of Log ============================

--- --- ---

--- --- ---

Das ist leider etwas unsauber kopiert worden, weis auch nicht wieso. Ich hoffe das ist so verständlich. Danke noch einmal für die tolle Unterstützung. Freue mich schon auf weitere Instruktionen.

Gruß
Juji

schrauber · 29.06.2013, 19:06

Supi

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?

juji82 · 29.06.2013, 20:44

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=30a4702c8974ee4f835059077779db7f
# engine=14206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-29 07:35:41
# local_time=2013-06-29 09:35:41 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=125082
# found=0
# cleaned=0
# scan_time=4472

Checkup:

Results of screen317's Security Check version 0.99.68
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

FRST:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 01
Ran by Intel (administrator) on 29-06-2013 21:41:26
Running from C:\Documents and Settings\Intel\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\WINDOWS\system32\PSIService.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [vspdfprsrv.exe] C:\Program Files\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe --background [4229632 2011-01-20] ()
HKLM\...\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2007-03-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {82edc5d0-1778-11e0-a2f3-000e2edf9b77} - F:\AutoRun.exe
MountPoints2: {82edc5d4-1778-11e0-a2f3-b34fdad64ed6} - F:\AutoRun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKCU - {9973DE62-B643-4114-A1CF-91AD71C4FDB1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default
FF SearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: BitComet ????? - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: toolbar - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Documents and Settings\Intel\Application Data\Mozilla\Firefox\Profiles\3028qzgi.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2009-07-27] (Meetinghouse Data Communications)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Broadcom Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R2 CbmDev1; C:\Windows\System32\Drivers\CbmDev1.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev2; C:\Windows\System32\Drivers\CbmDev2.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
R2 CbmDev3; C:\Windows\System32\Drivers\CbmDev3.sys [12704 1998-01-16] (MARX Datentechnik GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [457216 2010-03-29] (Aladdin Knowledge Systems)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-04] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R3 RT61; C:\Windows\System32\DRIVERS\RT61.sys [356096 2005-10-28] (Ralink Technology Inc.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-04] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-07-05] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-04] (Microsoft Corporation)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-04] (Microsoft Corporation)
U3 ac43ypkv; C:\Windows\System32\Drivers\ac43ypkv.sys [0 ] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S4 hpn; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 VirtualFD; \??\C:\Documents and Settings\Intel\Desktop\2\vfd.sys [x]
S3 WDICA; No ImagePath
U1 WS2IFSL; 
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 21:39 - 2013-06-29 21:39 - 00890988 ____A C:\Documents and Settings\Intel\Desktop\SecurityCheck.exe
2013-06-29 19:53 - 2013-06-29 20:09 - 331805736 ____A (Microsoft Corporation) C:\Documents and Settings\Intel\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-06-29 19:50 - 2013-06-29 20:16 - 00015479 ____A C:\Windows\svcpack.log
2013-06-29 19:47 - 2013-06-29 19:47 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-29 19:47 - 2013-06-29 19:47 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-29 19:47 - 2013-06-29 19:47 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-29 18:16 - 2012-09-02 17:03 - 247709880 ____A C:\Documents and Settings\Intel\Desktop\BitDefender Internet Security 2013_x86.exe
2013-06-29 16:02 - 2013-06-29 16:02 - 00001049 ____A C:\Documents and Settings\Intel\Desktop\JRT.txt
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\JRT
2013-06-29 15:56 - 2013-06-29 15:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Intel\Desktop\JRT.exe
2013-06-29 15:54 - 2013-06-29 15:54 - 00018419 ____A C:\Documents and Settings\Intel\Desktop\AdwCleaner[S1].txt
2013-06-29 15:51 - 2013-06-29 15:51 - 00000420 ____A C:\Windows\regopt.log
2013-06-29 15:49 - 2013-06-29 15:50 - 00018419 ____A C:\AdwCleaner[S1].txt
2013-06-29 15:48 - 2013-06-29 15:48 - 00648201 ____A C:\Documents and Settings\Intel\Desktop\adwcleaner.exe
2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-27 02:21 - 2011-07-13 04:55 - 02237440 ___RA (OldTimer Tools) C:\OTLPE.exe
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 21:33 - 2013-06-29 17:44 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-23 00:40 - 2013-06-23 13:38 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:19 - 2013-06-13 19:34 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-11 13:37 - 2013-06-11 16:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:24 - 2013-06-07 18:32 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 17:13 - 2013-06-07 18:10 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy

==================== One Month Modified Files and Folders ========

2013-06-29 21:40 - 2009-07-05 01:58 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Skype
2013-06-29 21:39 - 2013-06-29 21:39 - 00890988 ____A C:\Documents and Settings\Intel\Desktop\SecurityCheck.exe
2013-06-29 21:38 - 2009-07-04 12:04 - 01780081 ____A C:\Windows\WindowsUpdate.log
2013-06-29 21:18 - 2012-07-19 13:06 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 20:16 - 2013-06-29 19:50 - 00015479 ____A C:\Windows\svcpack.log
2013-06-29 20:16 - 2009-12-04 21:57 - 00000000 ____D C:\Windows\System32\CatRoot_bak
2013-06-29 20:15 - 2013-04-09 09:16 - 00065741 ____A C:\Windows\setupapi.log
2013-06-29 20:09 - 2013-06-29 19:53 - 331805736 ____A (Microsoft Corporation) C:\Documents and Settings\Intel\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-06-29 20:05 - 2013-01-28 22:37 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\Winamp
2013-06-29 19:47 - 2013-06-29 19:47 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-29 19:47 - 2013-06-29 19:47 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-29 19:47 - 2013-06-29 19:47 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-29 19:47 - 2013-06-29 19:47 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-29 19:47 - 2012-12-05 19:00 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-29 19:47 - 2010-07-05 00:08 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-29 19:46 - 2009-07-13 09:45 - 00000000 ____D C:\Program Files\Java
2013-06-29 18:53 - 2009-10-26 09:48 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\FreePDF_XP
2013-06-29 17:59 - 2009-07-04 04:51 - 00000280 ____A C:\Windows\wiadebug.log
2013-06-29 17:44 - 2013-06-26 21:33 - 00006462 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-06-29 17:40 - 2009-07-04 12:24 - 00000062 __ASH C:\Documents and Settings\Intel\Local Settings\desktop.ini
2013-06-29 17:40 - 2009-07-04 12:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 17:40 - 2009-07-04 04:51 - 00000052 ____A C:\Windows\wiaservc.log
2013-06-29 17:39 - 2009-07-04 12:24 - 00000178 ___SH C:\Documents and Settings\Intel\ntuser.ini
2013-06-29 17:39 - 2009-07-04 12:23 - 00032472 ____A C:\Windows\SchedLgU.Txt
2013-06-29 17:39 - 2009-07-04 12:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-29 17:39 - 2009-07-04 12:09 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-29 16:02 - 2013-06-29 16:02 - 00001049 ____A C:\Documents and Settings\Intel\Desktop\JRT.txt
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-06-29 15:58 - 2013-06-29 15:58 - 00000000 ____D C:\JRT
2013-06-29 15:56 - 2013-06-29 15:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Intel\Desktop\JRT.exe
2013-06-29 15:54 - 2013-06-29 15:54 - 00018419 ____A C:\Documents and Settings\Intel\Desktop\AdwCleaner[S1].txt
2013-06-29 15:51 - 2013-06-29 15:51 - 00000420 ____A C:\Windows\regopt.log
2013-06-29 15:51 - 2009-07-04 04:45 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG
2013-06-29 15:50 - 2013-06-29 15:49 - 00018419 ____A C:\AdwCleaner[S1].txt
2013-06-29 15:48 - 2013-06-29 15:48 - 00648201 ____A C:\Documents and Settings\Intel\Desktop\adwcleaner.exe
2013-06-29 15:03 - 2013-06-29 15:03 - 00000000 ____D C:\FRST
2013-06-29 15:02 - 2013-06-29 15:02 - 01372095 ____A (Farbar) C:\Documents and Settings\Intel\Desktop\FRST.exe
2013-06-29 14:55 - 2001-08-23 14:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-27 02:20 - 2013-06-27 02:20 - 00000000 ____D C:\_OTL
2013-06-26 13:38 - 2011-02-27 14:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 13:38 - 2011-02-27 14:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 13:10 - 2013-06-26 13:10 - 00163066 ____A C:\Documents and Settings\Intel\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163039 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\2433f433
2013-06-26 13:10 - 2013-06-26 13:10 - 00163031 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-25 16:08 - 2010-03-12 00:49 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Formulare
2013-06-23 13:40 - 2009-11-13 11:44 - 00000900 __ASH C:\Windows\System32\KGyGaAvL.sys
2013-06-23 13:40 - 2009-08-02 01:53 - 00000000 ____D C:\Documents and Settings\Intel\Local Settings\Application Data\Corel
2013-06-23 13:40 - 2009-08-01 23:27 - 00000000 ____D C:\Documents and Settings\Intel\My Documents\My PSP Files
2013-06-23 13:38 - 2013-06-23 00:40 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\i kotki
2013-06-22 17:13 - 2013-06-22 17:13 - 00318000 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_Klausuraufgaben_13_07_12.xlsx
2013-06-22 16:52 - 2013-06-22 16:52 - 00334544 ____A C:\Documents and Settings\Intel\Desktop\Stahl1_15_02_13_Aufgaben.xlsm
2013-06-13 19:34 - 2013-06-13 19:19 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\ice princess
2013-06-12 17:18 - 2013-06-12 17:18 - 17617288 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-12 17:18 - 2012-07-19 13:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:18 - 2011-07-16 13:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 16:49 - 2013-06-11 13:37 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\I-Wurf_Copy
2013-06-07 18:32 - 2013-06-07 18:24 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\New Folder (2)
2013-06-07 18:26 - 2009-07-05 09:01 - 00105472 ____A C:\Documents and Settings\Intel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-07 18:20 - 2009-07-11 10:32 - 00000000 ____D C:\Documents and Settings\Intel\Application Data\vlc
2013-06-07 18:10 - 2013-06-07 17:13 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\Italy
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ___RD C:\Program Files\Skype
2013-06-06 19:11 - 2009-07-05 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-06 19:08 - 2012-05-03 14:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-30 19:40 - 2013-05-07 19:07 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\krispak
2013-05-30 19:24 - 2010-02-10 14:11 - 00000000 ____D C:\Documents and Settings\Intel\Desktop\kleeland
2013-05-30 17:37 - 2013-05-23 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2007-03-21 12:08] - [2007-03-21 12:08] - 1033216 ____A (Microsoft Corporation) 42d32722b805d7df42d30487a0bcbd78 

C:\Windows\System32\winlogon.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 

C:\Windows\System32\svchost.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 

C:\Windows\System32\services.exe
[2004-08-04 01:56] - [2009-02-06 12:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd 

C:\Windows\System32\User32.dll
[2007-03-21 12:10] - [2007-03-21 12:10] - 0577024 ____A (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036 

C:\Windows\System32\userinit.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 00:00] - [2004-08-04 00:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 


==================== End Of Log ============================

--- --- ---

schrauber · 29.06.2013, 21:42

Firefox bitte updaten.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Noch Probleme?

26.06.2013, 18:46	#2
schrauber /// the machine /// TB-Ausbilder	gvu trojaner abgesicherter modus nicht möglich Hi, welches Betriebssystem? __________________ __________________

gvu trojaner abgesicherter modus nicht möglich

Log-Analyse und Auswertung: gvu trojaner abgesicherter modus nicht möglich