weißer Bildschirm nach Systemstart

Sasch_arr · 31.10.2013, 10:11

Hallo,
Ich bedanke mich im vorfeld schonmal um die hilfe.
Ich habe seit kurzem ein problem, dass mein pc (windows vista 64bit) nach dem start einfach in einem weißen bild endet. es erscheint für ein paar sec. mein desktophintergrund und dann wird der bildschirm weiß.
Ich hoffe ihr könnt mir helfen. :/

ich habe bereits mit FRST64bit eine Log Datei erstellt:

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MINWINPC on 31-10-2013 10:02:18
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2008-12-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] - E:\Programme\VirtualCloneDrive\VCDDaemon.exe [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-10] ()
HKLM-x32\...\Run: [PlusService] - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [facemoods] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [124832 2012-01-22] (Yuna Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1247504 2012-09-14] (Simply Super Software)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Underclass_Hero\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Underclass_Hero\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Underclass_Hero\...\Winlogon: [Shell] explorer.exe,C:\Users\Underclass_Hero\AppData\Roaming\skype.dat [167936 2009-04-10] () <==== ATTENTION
HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-30] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [124832 2012-01-22] (Yuna Software)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-09-04] ()
S3 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [348824 2009-09-28] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1097096 2009-07-22] (PC Tools)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [506696 2009-12-14] (TuneUp Software)
S2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [842056 2009-12-14] (TuneUp Software)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2008-04-18] (Hauppauge Computer Works, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-10-30] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [531456 2008-02-29] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-26] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S1 bncudelp; \??\C:\Windows\system32\drivers\bncudelp.sys [x]
S1 dzgrubzs; \??\C:\Windows\system32\drivers\dzgrubzs.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 lmrjlnxr; \??\C:\Windows\system32\drivers\lmrjlnxr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S1 qiqottig; \??\C:\Windows\system32\drivers\qiqottig.sys [x]
S1 rgbdxhyw; \??\C:\Windows\system32\drivers\rgbdxhyw.sys [x]
S1 ujprsheu; \??\C:\Windows\system32\drivers\ujprsheu.sys [x]
S1 uqtsvqiv; \??\C:\Windows\system32\drivers\uqtsvqiv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

Files to move or delete:
====================
C:\Users\Underclass_Hero\AppData\Roaming\skype.dat
C:\Users\Underclass_Hero\AppData\Roaming\skype.ini
C:\ProgramData\0tbpw.pad
C:\ProgramData\4910585.pad
C:\ProgramData\9tBEnPT.pad
C:\ProgramData\ms0003B3F3.dat
C:\ProgramData\slpcsrj.pad

Some content of TEMP:
====================
C:\Users\Underclass_Hero\AppData\Local\Temp\0005a775.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\0026cc92.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\wpbt0.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6142.33 MB
Available physical RAM: 5294.43 MB
Total Pagefile: 5712.5 MB
Available Pagefile: 5243.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:255.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:191.04 GB) NTFS
Drive f: (DIR-615) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: D2921899)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 968 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=967 MB) - (Type=0B)

LastRegBack: 2013-07-03 23:50

==================== End Of Log ============================

schrauber · 31.10.2013, 10:30

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Underclass_Hero\...\Winlogon: [Shell] explorer.exe,C:\Users\Underclass_Hero\AppData\Roaming\skype.dat [167936 2009-04-10] () <==== ATTENTION
C:\Users\Underclass_Hero\AppData\Roaming\skype.dat
C:\Users\Underclass_Hero\AppData\Roaming\skype.ini
C:\ProgramData\0tbpw.pad
C:\ProgramData\4910585.pad
C:\ProgramData\9tBEnPT.pad
C:\ProgramData\ms0003B3F3.dat
C:\ProgramData\slpcsrj.pad

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Sasch_arr · 31.10.2013, 14:41

hier der Log:

Zitat:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013
Ran by SYSTEM at 2013-10-31 14:38:37 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Underclass_Hero\...\Winlogon: [Shell] explorer.exe,C:\Users\Underclass_Hero\AppData\Roaming\skype.dat [167936 2009-04-10] () <==== ATTENTION
C:\Users\Underclass_Hero\AppData\Roaming\skype.dat
C:\Users\Underclass_Hero\AppData\Roaming\skype.ini
C:\ProgramData\0tbpw.pad
C:\ProgramData\4910585.pad
C:\ProgramData\9tBEnPT.pad
C:\ProgramData\ms0003B3F3.dat
C:\ProgramData\slpcsrj.pad
*****************

HKU\Underclass_Hero\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Underclass_Hero\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Underclass_Hero\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\0tbpw.pad => Moved successfully.
C:\ProgramData\4910585.pad => Moved successfully.
C:\ProgramData\9tBEnPT.pad => Moved successfully.
C:\ProgramData\ms0003B3F3.dat => Moved successfully.
C:\ProgramData\slpcsrj.pad => Moved successfully.

==== End of Fixlog ====

schrauber · 01.11.2013, 11:06

startet der Rechner normal?

Sasch_arr · 01.11.2013, 20:48

ja er startet wieder normal!! (:

ja er startet wieder normal!! (:

schrauber · 02.11.2013, 11:40

Kontrollscans im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Sasch_arr · 03.11.2013, 18:23

so es hat ein wenig gedaurt bis die suchläufe durch waren, aber hier nun die Logs:

Malwarebites:

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.03.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Underclass_Hero :: UNDERCLASS-HERO [Administrator]

03.11.2013 13:18:20
mbam-log-2013-11-03 (13-18-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 513654
Laufzeit: 4 Stunde(n), 7 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\$Recycle.Bin\S-1-5-21-2652013535-828162384-4242843444-1000\$RRWO1BW.exe (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\ms0003B3F3.dat (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\skype.dat (Trojan.Ransom) -> Löschen bei Neustart.
C:\Users\Underclass_Hero\Desktop\setup_codec_3dx.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Underclass_Hero\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Underclass_Hero\AppData\Local\Temp\WinDefender.Exe.vir (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ADW Cleaner
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 03/11/2013 um 17:40:39
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Underclass_Hero - UNDERCLASS-HERO
# Gestartet von : C:\Users\Underclass_Hero\Desktop\desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\facemoods.com
[!] Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Search Settings
[!] Ordner Gelöscht : C:\Users\Underclass_Hero\AppData\LocalLow\facemoods.com
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\Firefox\Profiles\ddi17mw2.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v13.0 (de)

[ Datei : C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\Firefox\Profiles\ddi17mw2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [11604 octets] - [03/11/2013 17:37:26]
AdwCleaner[S0].txt - [8752 octets] - [03/11/2013 17:40:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8812 octets] ##########

--- --- ---

Junkware Removal tool

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows (TM) Vista Home Premium x64
Ran by Underclass_Hero on 03.11.2013 at 17:52:34,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] msgplusservice
Successfully deleted: [Service] msgplusservice

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\messengerplusforskypeservice
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\plusservice
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\messenger plus! for skype
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\messenger plus! for skype"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{14FF75EC-F00C-47C9-B73A-8F50A5C009D5}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{2C14D585-B1A0-45D9-88BE-1A113CBC9018}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{2DA0267E-E66C-4359-95AE-D0002335900D}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{316D018F-7A12-4893-9899-6D2FB3827A48}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{36B98EB5-9C94-4A2C-8FC3-67856E3E7EBF}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{3B5C24AA-9F86-4ED9-B2FF-255DD184274B}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{3EFC59D6-B29F-4D3E-9380-0BBAB557D086}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{420DD96C-DD8F-4802-9E59-BEB8C74614DC}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{4B19720D-075D-4167-AE16-44A52C8935C8}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{4E456E03-03D5-4565-B0BF-83FA925AFF21}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{51A3710D-308A-4B73-AC47-3F0C5B8E5428}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{5D62B0E9-CDCD-4318-8815-47E78ABA32D4}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{5EF8B174-B9E7-442B-8F64-BAFF71102349}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{60716548-3B07-4E18-88E6-CC555085D6C9}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{61B57F1A-6680-41A0-8FC8-61BDAE761049}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{62A50126-2428-448F-9CA2-9AFB9ACD6380}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{63A568D4-5FA6-4658-A32F-B3096739FF46}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{65966AB2-86EA-4A25-9CC0-34320F3E5E66}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{785AE593-FE9B-4FFE-9267-FA3D012E4D90}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{7D6B14A3-D46A-4BB6-8C07-C8EA193E87F0}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{7FFDC3A5-533B-4A73-A0C4-7986493DE616}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{81A4DA99-E3DD-49F0-9617-ADD365543117}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{85F043E9-B8AE-486D-B011-4B98168DD8E4}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{86E98662-0752-4868-9140-5AB55487E03F}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{8763AFF4-7A68-4593-9FA8-D07FB9680BC2}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{8C5AAB40-4A6E-43D2-BA7F-29A3899C127F}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{9136D152-A6B9-4DDE-BAEF-DE70EA940B57}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{933EA89B-21E7-49B7-9E76-62D180A0F42B}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{93A89A65-4F1B-4C20-817D-F88E57D9D6D4}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{93D78B03-21A3-49A3-90F3-F461E58A3B3D}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{95681270-1BFB-4EF8-88EB-E0D633D4DFC9}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{963A5B18-C225-491A-A64F-AB44921D30BD}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{9BC95AD6-94B0-4403-852A-2DA8877F309D}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{9E373C5F-F480-43F4-A062-2A2E9B70E49A}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{9EE2DD9B-A60C-4E4F-A321-56EFE8A30373}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{A11E6E0C-051A-4E8D-AFD4-300AB1177D29}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{A4A4C582-3CEF-4429-95D1-8CBCE6EF38A5}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{AC00FC3B-BBAA-4C2B-ADE6-8F35DD41FAC9}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{B16C2212-A75B-4D94-B0B0-9071B55055F0}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{B844ED1D-8DBD-44C7-B3AA-56734CD29EF0}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{C20471A9-1854-42DE-9291-1AB9A566BBA6}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{C9F8CA25-5451-4144-A786-7C2D9629AE7C}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{D9B173D2-7A91-4FBA-8810-358725C5B1A9}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{DBB5A743-75DA-42B5-AFDC-B347D0ED9F84}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{E164E8E3-0F3D-4734-9E46-822685513887}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{E3FBF41E-F850-4040-9111-73B363C3D9A3}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{E4031C34-190A-4D54-938D-C22E4BF17B7B}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{EA86E4E8-59C5-4E1D-B981-74E0E24B789A}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{F08CBCA5-22C3-49DA-9DBE-DD5F76A23C63}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{F1BDD1E9-4CF1-41CE-840F-D35B64CF5D41}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{F39E75FE-4EA3-4252-83ED-26CD68DC74AC}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{F85D42B1-C715-48CA-B5EE-D691081E2E81}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{FAD6D277-7B7B-4914-A1CD-84B7AF0A7975}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{FC0BE416-1F04-4B16-A35C-2D9D1189B65A}
Successfully deleted: [Empty Folder] C:\Users\Underclass_Hero\appdata\local\{FFD74101-C4E3-4C13-9F34-C68A4DE2347D}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.11.2013 at 18:02:26,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MINWINPC on 03-11-2013 18:12:28
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2008-12-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] - E:\Programme\VirtualCloneDrive\VCDDaemon.exe [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1247504 2012-09-14] (Simply Super Software)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Underclass_Hero\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Underclass_Hero\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-30] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-09-04] ()
S3 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [348824 2009-09-28] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1097096 2009-07-22] (PC Tools)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [506696 2009-12-14] (TuneUp Software)
S2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [842056 2009-12-14] (TuneUp Software)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2008-04-18] (Hauppauge Computer Works, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-10-30] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [531456 2008-02-29] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-26] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S1 bncudelp; \??\C:\Windows\system32\drivers\bncudelp.sys [x]
S1 dzgrubzs; \??\C:\Windows\system32\drivers\dzgrubzs.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 lmrjlnxr; \??\C:\Windows\system32\drivers\lmrjlnxr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S1 qiqottig; \??\C:\Windows\system32\drivers\qiqottig.sys [x]
S1 rgbdxhyw; \??\C:\Windows\system32\drivers\rgbdxhyw.sys [x]
S1 ujprsheu; \??\C:\Windows\system32\drivers\ujprsheu.sys [x]
S1 uqtsvqiv; \??\C:\Windows\system32\drivers\uqtsvqiv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 09:09 - 2013-11-03 09:09 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-03 09:09 - 2013-11-03 09:09 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-03 09:02 - 2013-11-03 09:02 - 00008631 _____ C:\Users\Underclass_Hero\Desktop\JRT.txt
2013-11-03 08:52 - 2013-11-03 08:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 08:27 - 2013-11-03 09:04 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-03 08:26 - 2013-11-03 08:40 - 00000000 ____D C:\AdwCleaner
2013-11-03 04:13 - 2013-11-03 04:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-03 09:10 - 2009-06-23 09:49 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-03 09:10 - 2009-03-09 07:05 - 01737574 _____ C:\Windows\WindowsUpdate.log
2013-11-03 09:10 - 2006-11-02 07:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-03 09:10 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 09:10 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 09:10 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 09:09 - 2013-11-03 09:09 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-03 09:09 - 2013-11-03 09:09 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-03 09:09 - 2009-02-04 18:46 - 00618204 _____ C:\Windows\System32\perfh007.dat
2013-11-03 09:09 - 2009-02-04 18:46 - 00122636 _____ C:\Windows\System32\perfc007.dat
2013-11-03 09:09 - 2006-11-02 04:46 - 01418806 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-03 09:04 - 2013-11-03 08:27 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-03 09:02 - 2013-11-03 09:02 - 00008631 _____ C:\Users\Underclass_Hero\Desktop\JRT.txt
2013-11-03 09:00 - 2009-12-27 04:18 - 00000534 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-11-03 08:52 - 2013-11-03 08:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 08:46 - 2009-05-31 01:05 - 00000000 ___HD C:\Users\Underclass_Hero\Tracing
2013-11-03 08:44 - 2009-02-04 11:12 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-03 08:43 - 2012-05-15 14:17 - 00105390 _____ C:\aaw7boot.log
2013-11-03 08:40 - 2013-11-03 08:26 - 00000000 ____D C:\AdwCleaner
2013-11-03 08:30 - 2008-01-20 19:26 - 00823738 _____ C:\Windows\PFRO.log
2013-11-03 08:27 - 2012-05-10 12:10 - 00000000 ____D C:\ProgramData\Windows
2013-11-03 08:27 - 2010-09-13 12:23 - 00000000 ___HD C:\Users\Public\Documents\Server
2013-11-03 08:27 - 2010-09-13 12:23 - 00000000 ___HD C:\ProgramData\Documents\Server
2013-11-03 04:13 - 2013-11-03 04:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 04:08 - 2010-09-13 13:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 03:50 - 2012-05-15 12:37 - 00000408 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-11-01 07:03 - 2011-11-02 10:10 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-11-01 07:03 - 2011-11-02 10:10 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

Some content of TEMP:
====================
C:\Users\Underclass_Hero\AppData\Local\Temp\0005a775.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\0026cc92.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\Quarantine.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\SecurityScan_Release.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

2
Restore point made on: 2013-11-02 01:06:50
Restore point made on: 2013-11-03 04:28:09

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 6142.33 MB
Available physical RAM: 5275.79 MB
Total Pagefile: 5712.5 MB
Available Pagefile: 5254.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:252.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:191.04 GB) NTFS
Drive f: (DIR-615) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: D2921899)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 968 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=967 MB) - (Type=0B)


LastRegBack: 2013-11-03 09:10

==================== End Of Log ============================

--- --- ---

LG

schrauber · 04.11.2013, 10:32

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Sasch_arr · 05.11.2013, 11:17

Eset Log:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2fdd5129b4d8044cb24ad8c7dffa2735
# engine=15745
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-04 11:16:44
# local_time=2013-11-05 12:16:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 99 44502 249026694 37245 0
# compatibility_mode=5892 16776574 100 100 128325036 221130910 0 0
# compatibility_mode=7937 16777214 0 25 95684122 95684122 0 0
# scanned=299984
# found=5
# cleaned=0
# scan_time=28416
sh=00440E0F93B7926CF1754F190AF0CADEDB84F164 ft=0 fh=0000000000000000 vn="MSIL/Spy.Agent.BP trojan" ac=I fn="C:\Users\Underclass_Hero\AppData\Local\Temp\RJIPe.vbs"
sh=7DD898B1234B8C14152BD40013324197FE54AFAC ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-0422.BH trojan" ac=I fn="C:\Users\Underclass_Hero\AppData\LocalLow\Sun(75)\Java\Deployment\cache\6.0\61\49256e7d-60681a59"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="E:\Bethesda Softworks\Fallout 3\FalloutLauncher.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="E:\Games\Fallout3\fallout3d.iso"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="E:\Games\Fallout3\FalloutLauncher.exe"

Security Check Log:

Zitat:

Results of screen317's Security Check version 0.99.74
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Lavasoft Ad-Watch Live! Virenschutz
Microsoft Security Essentials
Spyware Doctor with AntiVirus
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spyware Doctor 6.1
Trojan Remover 6.8.5
Malwarebytes Anti-Malware Version 1.75.0.1300
TuneUp Utilities 2009
AVS Registry Cleaner version 2.2
Java(TM) 6 Update 15
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

uuund der FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MINWINPC on 05-11-2013 09:49:53
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2008-12-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] - E:\Programme\VirtualCloneDrive\VCDDaemon.exe [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1247504 2012-09-14] (Simply Super Software)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Underclass_Hero\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Underclass_Hero\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-30] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-09-04] ()
S3 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [348824 2009-09-28] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1097096 2009-07-22] (PC Tools)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [506696 2009-12-14] (TuneUp Software)
S2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [842056 2009-12-14] (TuneUp Software)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2008-04-18] (Hauppauge Computer Works, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [531456 2008-02-29] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-26] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S1 bncudelp; \??\C:\Windows\system32\drivers\bncudelp.sys [x]
S1 dzgrubzs; \??\C:\Windows\system32\drivers\dzgrubzs.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 lmrjlnxr; \??\C:\Windows\system32\drivers\lmrjlnxr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S1 qiqottig; \??\C:\Windows\system32\drivers\qiqottig.sys [x]
S1 rgbdxhyw; \??\C:\Windows\system32\drivers\rgbdxhyw.sys [x]
S1 ujprsheu; \??\C:\Windows\system32\drivers\ujprsheu.sys [x]
S1 uqtsvqiv; \??\C:\Windows\system32\drivers\uqtsvqiv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 02:41 - 2013-11-04 02:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 02:27 - 2013-11-04 02:32 - 00000000 ____D C:\Windows\System32\MRT
2013-11-03 09:09 - 2013-11-03 09:09 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-03 09:09 - 2013-11-03 09:09 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-03 09:02 - 2013-11-03 09:02 - 00008631 _____ C:\Users\Underclass_Hero\Desktop\JRT.txt
2013-11-03 08:52 - 2013-11-03 08:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 08:27 - 2013-11-05 00:46 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-03 08:26 - 2013-11-03 08:40 - 00000000 ____D C:\AdwCleaner
2013-11-03 04:47 - 2013-08-26 19:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-11-03 04:47 - 2013-08-26 19:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-11-03 04:47 - 2013-08-26 19:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-11-03 04:47 - 2013-08-26 19:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-11-03 04:47 - 2013-08-26 18:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-03 04:47 - 2013-08-26 18:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-03 04:47 - 2013-08-26 18:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-03 04:47 - 2013-08-26 18:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-03 04:47 - 2013-08-26 18:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-11-03 04:47 - 2013-08-26 18:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-11-03 04:47 - 2013-08-26 18:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-11-03 04:47 - 2013-08-26 18:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-11-03 04:47 - 2013-08-26 18:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-11-03 04:47 - 2013-08-26 17:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-03 04:47 - 2013-08-26 17:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-03 04:47 - 2013-08-26 17:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-03 04:47 - 2013-08-26 17:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-03 04:47 - 2013-07-31 20:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-11-03 04:47 - 2013-07-31 19:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-11-03 04:13 - 2013-11-03 04:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-05 00:47 - 2009-06-23 09:49 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-05 00:47 - 2009-03-09 07:05 - 01878956 _____ C:\Windows\WindowsUpdate.log
2013-11-05 00:47 - 2006-11-02 07:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-05 00:47 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 00:47 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 00:47 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 00:46 - 2013-11-03 08:27 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-05 00:45 - 2013-01-25 02:58 - 00045056 _____ C:\Users\Underclass_Hero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-05 00:00 - 2009-12-27 04:18 - 00000534 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-11-04 07:20 - 2009-05-31 01:05 - 00000000 ___HD C:\Users\Underclass_Hero\Tracing
2013-11-04 07:03 - 2009-02-04 18:46 - 00618204 _____ C:\Windows\System32\perfh007.dat
2013-11-04 07:03 - 2009-02-04 18:46 - 00122636 _____ C:\Windows\System32\perfc007.dat
2013-11-04 07:03 - 2006-11-02 04:46 - 01418806 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-04 06:55 - 2009-02-04 11:12 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-04 06:54 - 2012-05-15 14:17 - 00106062 _____ C:\aaw7boot.log
2013-11-04 06:54 - 2009-05-31 00:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-04 02:42 - 2013-11-04 02:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 02:42 - 2013-02-10 11:14 - 00001877 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-04 02:42 - 2013-02-10 11:14 - 00001877 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2013-11-04 02:32 - 2013-11-04 02:27 - 00000000 ____D C:\Windows\System32\MRT
2013-11-04 02:26 - 2011-10-23 03:07 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-04 02:26 - 2011-10-23 03:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-04 02:26 - 2011-10-23 03:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-03 09:09 - 2013-11-03 09:09 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-03 09:09 - 2013-11-03 09:09 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-03 09:02 - 2013-11-03 09:02 - 00008631 _____ C:\Users\Underclass_Hero\Desktop\JRT.txt
2013-11-03 08:52 - 2013-11-03 08:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 08:43 - 2009-06-08 23:07 - 00000000 ___HD C:\ProgramData\ICQ
2013-11-03 08:40 - 2013-11-03 08:26 - 00000000 ____D C:\AdwCleaner
2013-11-03 08:30 - 2008-01-20 19:26 - 00823738 _____ C:\Windows\PFRO.log
2013-11-03 08:27 - 2012-05-10 12:10 - 00000000 ____D C:\ProgramData\Windows
2013-11-03 08:27 - 2010-09-13 12:23 - 00000000 ___HD C:\Users\Public\Documents\Server
2013-11-03 08:27 - 2010-09-13 12:23 - 00000000 ___HD C:\ProgramData\Documents\Server
2013-11-03 04:13 - 2013-11-03 04:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 04:08 - 2010-09-13 13:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 04:02 - 2013-11-03 04:02 - 00000910 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 03:50 - 2012-05-15 12:37 - 00000408 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-11-01 07:03 - 2011-11-02 10:10 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-11-01 07:03 - 2011-11-02 10:10 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-10-31 10:02 - 2013-10-31 10:02 - 00000000 ____D C:\FRST

Some content of TEMP:
====================
C:\Users\Underclass_Hero\AppData\Local\Temp\Quarantine.exe
C:\Users\Underclass_Hero\AppData\Local\Temp\SecurityScan_Release.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-11-02 01:06:50
Restore point made on: 2013-11-03 04:28:09
Restore point made on: 2013-11-04 02:24:22
Restore point made on: 2013-11-04 07:07:25

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 6142.33 MB
Available physical RAM: 5275.74 MB
Total Pagefile: 5712.5 MB
Available Pagefile: 5252.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:412.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:384.15 GB) NTFS
Drive f: (DIR-615) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: D2921899)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 968 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=967 MB) - (Type=0B)


LastRegBack: 2013-11-04 19:04

==================== End Of Log ============================

--- --- ---

soweit läuft der PC wieder super. Vielen Dank!!!!!! (:

LG

schrauber · 05.11.2013, 15:33

Java, Flash, Adobe und Firefox updaten. IE updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

FRST bitte auf dem Desktop speichern und im normalen Modus von dort scannen.

Sasch_arr · 08.11.2013, 15:47

hier nochmal die aktuellen FRST Logs

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Underclass_Hero (administrator) on UNDERCLASS-HERO on 08-11-2013 15:20:39
Running from C:\Users\Underclass_Hero\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxcecoms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
MountPoints2: {cea55ee1-0cba-11de-9824-806e6f6e6963} - F:\DWizard.exe
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-11] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-11-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=de_de&c=92&bd=pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {CA8FE908-E845-4081-937D-C045FEC0FC98} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {3A9B94CF-952A-4DBA-8998-4F8378961DDD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
SearchScopes: HKCU - {EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\Firefox\Profiles\ddi17mw2.default
FF Homepage: hxxp://google.de/
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA - C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Underclass_Hero\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Underclass_Hero\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Underclass_Hero\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Extension: toolbar_AVIRA-V7 - C:\Users\Underclass_Hero\AppData\Roaming\Mozilla\Firefox\Profiles\ddi17mw2.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF Extension: No Name - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Underclass_Hero\Program Files (x86)\DNA
FF Extension: No Name - C:\Users\Underclass_Hero\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Underclass_Hero\AppData\Roaming\5023

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-11-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-11-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-11-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 lxce_device; C:\Windows\system32\lxcecoms.exe [566704 2007-03-08] ( )
R2 lxce_device; C:\Windows\SysWow64\lxcecoms.exe [537520 2007-03-08] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-09-04] ()
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-11-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-11-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-05] (Avira Operations GmbH & Co. KG)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2008-04-19] (Hauppauge Computer Works, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [531456 2008-02-29] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-26] ()
U3 ac42sfnd; No ImagePath
S1 bncudelp; \??\C:\Windows\system32\drivers\bncudelp.sys [x]
S1 dzgrubzs; \??\C:\Windows\system32\drivers\dzgrubzs.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 lmrjlnxr; \??\C:\Windows\system32\drivers\lmrjlnxr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S1 qiqottig; \??\C:\Windows\system32\drivers\qiqottig.sys [x]
S1 rgbdxhyw; \??\C:\Windows\system32\drivers\rgbdxhyw.sys [x]
S1 ujprsheu; \??\C:\Windows\system32\drivers\ujprsheu.sys [x]
S1 uqtsvqiv; \??\C:\Windows\system32\drivers\uqtsvqiv.sys [x]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-08 15:20 - 2013-10-31 09:54 - 01956614 _____ (Farbar) C:\Users\Underclass_Hero\Desktop\FRST64.exe
2013-11-08 15:19 - 2013-11-08 15:19 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\AskPartnerNetwork
2013-11-08 14:49 - 2013-11-08 14:49 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{0F1C9337-92DC-44F1-9A49-97DFE735986A}
2013-11-07 14:39 - 2013-11-07 14:40 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{7B447E91-580D-43F3-9207-41843FC6F2CE}
2013-11-06 17:14 - 2013-11-06 17:14 - 00000851 _____ C:\Users\Underclass_Hero\.recently-used.xbel
2013-11-06 17:13 - 2013-11-06 17:14 - 00000000 ____D C:\Users\Underclass_Hero\.gimp-2.6
2013-11-06 17:13 - 2013-11-06 17:13 - 00000000 ____D C:\Users\Underclass_Hero\Documents\gegl-0.0
2013-11-06 14:25 - 2013-11-06 14:26 - 00004485 _____ C:\Windows\system32\LexFiles.ulf
2013-11-06 14:25 - 2013-11-06 14:25 - 00000000 ____D C:\Program Files\Lexmark 4300 Series
2013-11-06 14:25 - 2007-03-08 05:21 - 00566704 _____ ( ) C:\Windows\system32\lxcecoms.exe
2013-11-06 14:25 - 2007-03-08 05:21 - 00236464 _____ ( ) C:\Windows\system32\lxcecfg.exe
2013-11-06 14:25 - 2007-03-08 05:21 - 00233392 _____ ( ) C:\Windows\system32\lxceih.exe
2013-11-06 14:25 - 2007-03-08 05:11 - 00002270 _____ C:\Windows\system32\lxce.loc
2013-11-06 14:25 - 2007-03-05 14:53 - 00090112 _____ (Lexmark International, Inc.) C:\Windows\system32\lxceinsr.dll
2013-11-06 14:25 - 2007-03-05 14:53 - 00022016 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcecur.dll
2013-11-06 14:25 - 2007-03-05 14:52 - 00115712 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcejswr.dll
2013-11-06 14:25 - 2007-03-05 14:49 - 00216576 _____ (Lexmark International, Inc.) C:\Windows\system32\lxceins.dll
2013-11-06 14:25 - 2007-03-05 14:49 - 00183808 _____ (Lexmark International, Inc.) C:\Windows\system32\lxceinsb.dll
2013-11-06 14:25 - 2007-03-05 14:49 - 00095744 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcecu.dll
2013-11-06 14:25 - 2007-03-05 14:49 - 00067584 _____ (Lexmark International, Inc.) C:\Windows\system32\lxcecub.dll
2013-11-06 14:25 - 2007-03-05 14:48 - 00628224 _____ (Lexmark International, Inc.) C:\Windows\system32\lxceutil.dll
2013-11-06 14:25 - 2007-02-28 02:06 - 00059392 _____ (Lexmark International) C:\Windows\system32\lxcecfg.dll
2013-11-06 14:25 - 2007-01-30 11:54 - 00410112 _____ ( ) C:\Windows\system32\lxcepmui.dll
2013-11-06 14:25 - 2007-01-30 11:51 - 01418240 _____ ( ) C:\Windows\system32\lxceserv.dll
2013-11-06 14:25 - 2007-01-30 11:42 - 00249856 _____ ( ) C:\Windows\system32\lxcecomm.dll
2013-11-06 14:25 - 2007-01-30 11:38 - 00488448 _____ ( ) C:\Windows\system32\lxcelmpm.dll
2013-11-06 14:25 - 2007-01-30 11:36 - 00194048 _____ C:\Windows\system32\lxceinst.dll
2013-11-06 14:25 - 2007-01-30 11:35 - 00226816 _____ ( ) C:\Windows\system32\lxceiesc.dll
2013-11-06 14:25 - 2007-01-30 11:33 - 00010752 _____ ( ) C:\Windows\system32\lxcepplc.dll
2013-11-06 14:25 - 2007-01-30 11:31 - 00696320 _____ ( ) C:\Windows\system32\lxcecomc.dll
2013-11-06 14:25 - 2007-01-30 11:30 - 00035328 _____ ( ) C:\Windows\system32\lxceprox.dll
2013-11-06 14:25 - 2007-01-30 11:20 - 00238592 _____ ( ) C:\Windows\system32\lxceinpa.dll
2013-11-06 14:25 - 2007-01-30 11:19 - 01099776 _____ ( ) C:\Windows\system32\lxceusb1.dll
2013-11-06 14:25 - 2007-01-30 11:12 - 00305664 _____ ( ) C:\Windows\system32\lxcehcp.dll
2013-11-06 14:25 - 2007-01-30 11:10 - 00660480 _____ ( ) C:\Windows\system32\lxcehbn3.dll
2013-11-06 14:25 - 2006-10-03 23:21 - 00330030 _____ C:\Windows\system32\lxcehelp.chm
2013-11-06 14:25 - 2005-12-12 06:15 - 00983091 _____ (Microsoft Corporation) C:\Windows\system32\lxcegf.dll
2013-11-06 14:13 - 2013-11-06 14:25 - 00000000 ____D C:\Program Files (x86)\Lexmark 4300 Series
2013-11-06 14:12 - 2013-11-06 14:19 - 00003513 _____ C:\Windows\SysWOW64\LexFiles.ulf
2013-11-06 14:12 - 2013-11-06 14:19 - 00000200 _____ C:\lxce.log
2013-11-06 14:12 - 2013-11-06 14:12 - 00000000 ____D C:\Program Files (x86) (x86)
2013-11-06 14:12 - 2007-03-08 05:21 - 00537520 _____ ( ) C:\Windows\SysWOW64\lxcecoms.exe
2013-11-06 14:12 - 2007-03-08 05:21 - 00385968 _____ ( ) C:\Windows\SysWOW64\lxceih.exe
2013-11-06 14:12 - 2007-03-08 05:21 - 00381872 _____ ( ) C:\Windows\SysWOW64\lxcecfg.exe
2013-11-06 14:12 - 2007-03-08 05:21 - 00181168 _____ ( ) C:\Windows\SysWOW64\lxceppls.exe
2013-11-06 14:12 - 2007-03-08 05:11 - 00002270 _____ C:\Windows\SysWOW64\lxce.loc
2013-11-06 14:12 - 2007-03-05 14:51 - 00131072 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcejswr.dll
2013-11-06 14:12 - 2007-03-05 14:51 - 00106496 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxceinsr.dll
2013-11-06 14:12 - 2007-03-05 14:51 - 00036864 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcecur.dll
2013-11-06 14:12 - 2007-03-05 14:47 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxceinsb.dll
2013-11-06 14:12 - 2007-03-05 14:47 - 00155648 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxceins.dll
2013-11-06 14:12 - 2007-03-05 14:47 - 00086016 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcecub.dll
2013-11-06 14:12 - 2007-03-05 14:47 - 00073728 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcecu.dll
2013-11-06 14:12 - 2007-03-05 14:46 - 00446464 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxceutil.dll
2013-11-06 14:12 - 2007-02-28 02:05 - 00069632 _____ (Lexmark International) C:\Windows\SysWOW64\lxcecfg.dll
2013-11-06 14:12 - 2007-02-07 03:18 - 00385024 _____ () C:\Windows\SysWOW64\lxcecomx.dll
2013-11-06 14:12 - 2007-01-30 10:47 - 00643072 _____ ( ) C:\Windows\SysWOW64\lxcepmui.dll
2013-11-06 14:12 - 2007-01-30 10:46 - 01224704 _____ ( ) C:\Windows\SysWOW64\lxceserv.dll
2013-11-06 14:12 - 2007-01-30 10:38 - 00421888 _____ ( ) C:\Windows\SysWOW64\lxcecomm.dll
2013-11-06 14:12 - 2007-01-30 10:36 - 00585728 _____ ( ) C:\Windows\SysWOW64\lxcelmpm.dll
2013-11-06 14:12 - 2007-01-30 10:35 - 00397312 _____ ( ) C:\Windows\SysWOW64\lxceiesc.dll
2013-11-06 14:12 - 2007-01-30 10:35 - 00274432 _____ C:\Windows\SysWOW64\lxceinst.dll
2013-11-06 14:12 - 2007-01-30 10:32 - 00094208 _____ ( ) C:\Windows\SysWOW64\lxcepplc.dll
2013-11-06 14:12 - 2007-01-30 10:31 - 00684032 _____ ( ) C:\Windows\SysWOW64\lxcecomc.dll
2013-11-06 14:12 - 2007-01-30 10:30 - 00163840 _____ ( ) C:\Windows\SysWOW64\lxceprox.dll
2013-11-06 14:12 - 2007-01-30 10:22 - 00413696 _____ ( ) C:\Windows\SysWOW64\lxceinpa.dll
2013-11-06 14:12 - 2007-01-30 10:21 - 00995328 _____ ( ) C:\Windows\SysWOW64\lxceusb1.dll
2013-11-06 14:12 - 2007-01-30 10:17 - 00696320 _____ ( ) C:\Windows\SysWOW64\lxcehbn3.dll
2013-11-06 14:12 - 2006-10-03 23:21 - 00330030 _____ C:\Windows\SysWOW64\lxcehelp.chm
2013-11-06 14:12 - 2005-12-12 06:15 - 00983091 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lxcegf.dll
2013-11-06 14:01 - 2013-11-06 14:01 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{95EB1A1E-758D-46C6-9ECE-97664351574C}
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Avira
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-05 14:04 - 2013-11-05 14:04 - 00000000 ____D C:\ProgramData\APN
2013-11-05 13:59 - 2013-11-05 13:59 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-05 13:58 - 2013-11-05 12:56 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-05 13:58 - 2013-11-05 12:56 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-05 13:58 - 2013-11-05 12:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-05 13:57 - 2013-11-05 13:59 - 00000000 ____D C:\ProgramData\Avira
2013-11-05 13:57 - 2013-11-05 13:57 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-05 13:40 - 2013-11-05 13:40 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{2765C229-3E91-4A38-86DD-A1713711FB01}
2013-11-05 12:13 - 2013-11-05 12:13 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-05 12:13 - 2013-11-05 12:13 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-05 11:55 - 2013-11-05 11:55 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\PackageAware
2013-11-05 11:19 - 2013-11-05 11:19 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\Apple
2013-11-05 09:57 - 2013-11-05 09:57 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{50CED13F-BCBD-4F1A-B812-3EFAE3FB7F69}
2013-11-04 11:41 - 2013-11-04 11:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 11:27 - 2013-11-04 11:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-03 17:52 - 2013-11-03 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 17:27 - 2013-11-05 09:46 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-03 17:26 - 2013-11-03 17:40 - 00000000 ____D C:\AdwCleaner
2013-11-03 13:47 - 2013-08-27 04:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-03 13:47 - 2013-08-27 04:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-03 13:47 - 2013-08-27 04:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-03 13:47 - 2013-08-27 04:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-03 13:47 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-03 13:47 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-03 13:47 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-03 13:47 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-03 13:47 - 2013-08-27 03:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-03 13:47 - 2013-08-27 03:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-03 13:47 - 2013-08-27 03:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-03 13:47 - 2013-08-27 03:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-03 13:47 - 2013-08-27 03:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-03 13:47 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-03 13:47 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-03 13:47 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-03 13:47 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-03 13:47 - 2013-08-01 05:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-03 13:47 - 2013-08-01 04:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-03 13:13 - 2013-11-03 13:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 13:02 - 2013-11-03 13:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-31 19:02 - 2013-10-31 19:02 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-11-08 15:19 - 2013-11-08 15:19 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\AskPartnerNetwork
2013-11-08 15:19 - 2009-03-09 16:05 - 02079234 _____ C:\Windows\WindowsUpdate.log
2013-11-08 14:51 - 2009-02-05 03:46 - 00618204 _____ C:\Windows\system32\perfh007.dat
2013-11-08 14:51 - 2009-02-05 03:46 - 00122636 _____ C:\Windows\system32\perfc007.dat
2013-11-08 14:51 - 2006-11-02 13:46 - 01418806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-08 14:49 - 2013-11-08 14:49 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{0F1C9337-92DC-44F1-9A49-97DFE735986A}
2013-11-08 14:48 - 2009-05-31 10:05 - 00000000 ___HD C:\Users\Underclass_Hero\Tracing
2013-11-08 14:44 - 2009-02-04 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-08 14:44 - 2008-01-21 04:26 - 00836276 _____ C:\Windows\PFRO.log
2013-11-08 14:44 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 14:44 - 2006-11-02 16:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 14:44 - 2006-11-02 16:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 14:43 - 2009-06-23 18:49 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-08 14:43 - 2006-11-02 16:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-08 12:03 - 2011-07-04 23:30 - 00000000 ____D C:\Program Files\iPod
2013-11-08 12:03 - 2011-07-04 23:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-08 12:02 - 2012-05-15 23:30 - 00022502 _____ C:\Windows\setupact.log
2013-11-07 14:48 - 2009-02-04 20:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-07 14:48 - 2009-02-04 19:58 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-07 14:47 - 2009-02-04 20:17 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-07 14:40 - 2013-11-07 14:39 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{7B447E91-580D-43F3-9207-41843FC6F2CE}
2013-11-06 17:14 - 2013-11-06 17:14 - 00000851 _____ C:\Users\Underclass_Hero\.recently-used.xbel
2013-11-06 17:14 - 2013-11-06 17:13 - 00000000 ____D C:\Users\Underclass_Hero\.gimp-2.6
2013-11-06 17:14 - 2009-05-29 17:12 - 00000000 ____D C:\Users\Underclass_Hero
2013-11-06 17:13 - 2013-11-06 17:13 - 00000000 ____D C:\Users\Underclass_Hero\Documents\gegl-0.0
2013-11-06 14:26 - 2013-11-06 14:25 - 00004485 _____ C:\Windows\system32\LexFiles.ulf
2013-11-06 14:25 - 2013-11-06 14:25 - 00000000 ____D C:\Program Files\Lexmark 4300 Series
2013-11-06 14:25 - 2013-11-06 14:13 - 00000000 ____D C:\Program Files (x86)\Lexmark 4300 Series
2013-11-06 14:19 - 2013-11-06 14:12 - 00003513 _____ C:\Windows\SysWOW64\LexFiles.ulf
2013-11-06 14:19 - 2013-11-06 14:12 - 00000200 _____ C:\lxce.log
2013-11-06 14:12 - 2013-11-06 14:12 - 00000000 ____D C:\Program Files (x86) (x86)
2013-11-06 14:01 - 2013-11-06 14:01 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{95EB1A1E-758D-46C6-9ECE-97664351574C}
2013-11-05 15:22 - 2011-06-25 15:26 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Originals
2013-11-05 15:22 - 2011-05-29 22:18 - 00000000 ___RD C:\Users\Underclass_Hero\Desktop\Programme
2013-11-05 15:22 - 2011-05-29 22:13 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Bilder
2013-11-05 15:21 - 2013-01-25 12:01 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\vlc
2013-11-05 15:21 - 2012-09-27 19:35 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Nino
2013-11-05 15:20 - 2011-11-05 17:01 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Halloween
2013-11-05 15:18 - 2012-01-31 00:57 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Pictures 2012
2013-11-05 14:27 - 2009-02-04 20:30 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-11-05 14:21 - 2009-05-29 17:18 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\Hewlett-Packard
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Avira
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-05 14:05 - 2013-11-05 14:05 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-05 14:04 - 2013-11-05 14:04 - 00000000 ____D C:\ProgramData\APN
2013-11-05 13:59 - 2013-11-05 13:59 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-05 13:59 - 2013-11-05 13:57 - 00000000 ____D C:\ProgramData\Avira
2013-11-05 13:57 - 2013-11-05 13:57 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-05 13:40 - 2013-11-05 13:40 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{2765C229-3E91-4A38-86DD-A1713711FB01}
2013-11-05 12:56 - 2013-11-05 13:58 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-05 12:56 - 2013-11-05 13:58 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-05 12:56 - 2013-11-05 13:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-05 12:32 - 2009-09-01 21:37 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\Games
2013-11-05 12:30 - 2013-01-25 11:58 - 00045568 _____ C:\Users\Underclass_Hero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-05 12:21 - 2009-06-04 14:34 - 00000000 ___HD C:\ProgramData\Electronic Arts
2013-11-05 12:16 - 2009-08-18 14:58 - 00000000 ____D C:\Program Files (x86)\Videograbber 5.0
2013-11-05 12:13 - 2013-11-05 12:13 - 00001117 _____ C:\Program Files (x86)\active-update.xml
2013-11-05 12:13 - 2013-11-05 12:13 - 00000057 _____ C:\Program Files (x86)\updates.xml
2013-11-05 12:12 - 2009-06-01 11:43 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\Google
2013-11-05 12:12 - 2009-06-01 11:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 12:12 - 2009-02-04 19:50 - 00000000 ____D C:\Program Files (x86)\Python
2013-11-05 11:57 - 2009-06-16 14:22 - 00000000 ____D C:\Program Files (x86)\Medion GoPal Assistant
2013-11-05 11:55 - 2013-11-05 11:55 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\PackageAware
2013-11-05 11:52 - 2009-09-15 14:35 - 00000000 ___HD C:\ProgramData\Codemasters
2013-11-05 11:45 - 2009-02-04 20:16 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2013-11-05 11:19 - 2013-11-05 11:19 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\Apple
2013-11-05 10:09 - 2011-10-30 17:34 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-05 09:57 - 2013-11-05 09:57 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Local\{50CED13F-BCBD-4F1A-B812-3EFAE3FB7F69}
2013-11-05 09:51 - 2012-05-15 23:17 - 00106286 _____ C:\aaw7boot.log
2013-11-05 09:46 - 2013-11-03 17:27 - 00000000 ____D C:\Users\Underclass_Hero\Desktop\PC Reperatur
2013-11-04 15:54 - 2009-05-31 09:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-04 11:42 - 2013-11-04 11:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 11:42 - 2013-02-10 20:14 - 00001877 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-04 11:32 - 2013-11-04 11:27 - 00000000 ____D C:\Windows\system32\MRT
2013-11-04 11:26 - 2011-10-23 12:07 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-04 11:26 - 2011-10-23 12:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-04 11:26 - 2011-10-23 12:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-03 17:52 - 2013-11-03 17:52 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 17:43 - 2009-06-09 08:07 - 00000000 ___HD C:\ProgramData\ICQ
2013-11-03 17:40 - 2013-11-03 17:26 - 00000000 ____D C:\AdwCleaner
2013-11-03 17:27 - 2012-05-10 21:10 - 00000000 ____D C:\ProgramData\Windows
2013-11-03 17:27 - 2010-09-13 21:23 - 00000000 ___HD C:\Users\Public\Documents\Server
2013-11-03 13:13 - 2013-11-03 13:13 - 00000000 ____D C:\Users\Underclass_Hero\AppData\Roaming\Malwarebytes
2013-11-03 13:08 - 2010-09-13 22:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 13:02 - 2013-11-03 13:02 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-03 12:50 - 2012-05-15 21:37 - 00000408 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-11-01 16:03 - 2011-11-02 19:10 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-11-01 16:03 - 2011-11-02 19:10 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-10-31 19:02 - 2013-10-31 19:02 - 00000000 ____D C:\FRST
2013-10-31 09:54 - 2013-11-08 15:20 - 01956614 _____ (Farbar) C:\Users\Underclass_Hero\Desktop\FRST64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-08 14:57

==================== End Of Log ============================

--- --- ---

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by Underclass_Hero at 2013-11-08 15:21:46
Running from C:\Users\Underclass_Hero\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 10 Plugin (x32 Version: 10.3.183.7)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader 9.2 - Deutsch (x32 Version: 9.2.0)
AP Tuner 3.08 (x32)
Audacity 1.2.6 (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1898)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Reiseabenteuer (x32 Version: 2.17.2)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DivX-Setup (x32 Version: 2.3.1.2)
DNA (HKCU Version: 2.2.4 (16502))
DVDx 2 (x32 Version: 2.20)
Free Audio CD Burner version 1.2 (x32)
GIMP 2.6.7 (x32)
Google Talk Plugin (x32 Version: 3.10.2.10212)
Hardware Diagnose Tools (Version: 5.1.5048.14)
Hauppauge WinTV Scheduler (x32)
Hercules Deluxe Webcam Drivers (x32 Version: 1.00.0000)
Hercules DualPix HD Webcam (x32 Version: 2.8.0.0)
HP Active Support Library (x32 Version: 3.1.10.1)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2875)
HP Odometer (x32 Version: 2.10.0000)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0)
HP Support Information (x32 Version: 10.1.0001)
HP Total Care Advisor (x32 Version: 2.4.6171.2860)
HP Total Care Setup (x32 Version: 1.1.2413.2876)
HP Update (x32 Version: 4.000.013.003)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7)
Intel® Matrix Storage Manager
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 15 (x32 Version: 6.0.150)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.1103)
Lexmark 4300 Series
Lexmark 4300 Series (x32)
LightScribe System Software 1.14.32.1 (x32 Version: 1.14.32.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger Plus! 5 (x32 Version: 5.11.0.760)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE (x32 Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.687.0)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 13.0 (x86 de) (x32 Version: 13.0)
Mozilla Maintenance Service (x32 Version: 13.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.35.7918)
My HP Games (x32 Version: 1.0.0.62)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 275.33 (Version: 275.33)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OpenAL (x32)
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2)
PC VGA Camer@ Plus (x32 Version: 1.0.0.12)
PC VGA Camer@ Plus (x32 Version: 1.0.0.23)
PhotoScape (x32)
Power2Go (x32 Version: 6.0.2325)
PowerDirector (x32 Version: 7.0.2417)
PVSonyDll (Version: 1.00.0001)
Python 2.6 pywin32-212 (x32 Version: 2.12)
Python 2.6.1 (x32 Version: 2.6.1150)
QuickTime (x32 Version: 7.70.80.34)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5740)
Segoe UI (x32 Version: 15.4.2271.0615)
Skype™ 5.10 (x32 Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VLC media player 1.0.0 (x32 Version: 1.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WinRAR (x32)

==================== Restore Points =========================

05-11-2013 09:04:01 Removed Ad-Aware
05-11-2013 10:13:12 Removed Apple Mobile Device Support
05-11-2013 10:17:40 Removed Apple Application Support
05-11-2013 10:19:00 Removed Apple Software Update
05-11-2013 10:21:02 Removed Bonjour
05-11-2013 10:43:30 Entfernt Battlefield 2(TM)
05-11-2013 10:44:35 Konfiguriert PowerStarter
05-11-2013 10:46:24 Removed Facebook Video Calling 1.2.0.287
05-11-2013 10:46:51 Removed FIFA 11
05-11-2013 10:52:30 Entfernt GRID
05-11-2013 10:57:29 Removed Mirror's Edge™
05-11-2013 11:03:22 Removed Need for Speed™ SHIFT
05-11-2013 11:11:43 Removed Pro Evolution Soccer 2009.
05-11-2013 11:17:18 Entfernt Virtua Tennis 3
05-11-2013 11:17:58 TuneUp Utilities 2009 wird entfernt
05-11-2013 11:20:04 Removed Pro Evolution Soccer 2010.
05-11-2013 11:22:07 Entfernt Fallout 3
05-11-2013 11:23:02 Entfernt Call of Duty(R) 4 - Modern Warfare(TM)
05-11-2013 13:16:34 Konfiguriert MediaSmart DVD
05-11-2013 13:20:38 Konfiguriert HP
05-11-2013 13:26:18 Removed HP MediaSmart SmartMenu
06-11-2013 13:09:38 Windows Update
06-11-2013 13:25:55 Gerätetreiber-Paketinstallation: Lexmark Bildverarbeitungsgeräte
07-11-2013 13:44:57 Windows Update
08-11-2013 10:58:56 Removed iTunes

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {35E2F1C7-0B08-4758-8123-A74AABAD4AF8} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05] (PC-Doctor, Inc.)
Task: {5C097E08-AB9B-400E-8C3F-59C671864661} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-07-25] (Sun Microsystems, Inc.)
Task: {6641B5EF-8EB3-4A40-A2E7-0347B3455DE0} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {7B7A78EE-A8B9-4013-A33B-CD483EC73F53} - System32\Tasks\{FE257B71-212E-40D0-A2F0-54EC5F3A0F42} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D4A932F1-D829-4792-8F8A-7A3C070F9417} - System32\Tasks\HP Health Check Scheduler => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {DED8CB5F-A0A4-4893-873C-3094DFE640CB} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-11-05 13:58 - 2013-11-05 12:56 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-01-11 00:25 - 2011-01-11 00:25 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-04-13 22:26 - 2012-06-01 16:37 - 02042848 _____ () C:\Program Files (x86)\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp

FC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: A5KC9YZZ IDE Controller
Description: A5KC9YZZ IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: ac42sfnd
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Hauppauge WinTV-HVR 67xx Capture Device
Description: Hauppauge WinTV-HVR 67xx Capture Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Hauppauge Computer Works!
Service: Ph3xIB64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: D-Link Router
Description: D-Link Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2013 01:11:25 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TFC.exe, Version 3.1.9.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x0012834f,
Prozess-ID 0x1264, Anwendungsstartzeit TFC.exe0.

Error: (11/07/2013 02:47:57 PM) (Source: MsiInstaller) (User: Underclass-Hero)
Description: Produkt: MediaSmart TV -- Fehler 1905. Fehler beim Entfernen von Modul c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Music\CLMediaPlayer.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support.

Error: (11/07/2013 02:40:30 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x654, Anwendungsstartzeit TVAgent.exe0.

Error: (11/06/2013 02:01:48 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel 0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x454, Anwendungsstartzeit TVAgent.exe0.

Error: (11/05/2013 03:19:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (11/05/2013 02:14:16 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c30
Anfangszeit: 01ceda2421f434d9
Zeitpunkt der Beendigung: 0

Error: (11/05/2013 00:14:23 PM) (Source: pctsSvc.exe) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <E:\CONFIG.MSI\6791A7.RBF> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <E:\CONFIG.MSI\6791A6.RBF> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <E:\CONFIG.MSI\6791A5.RBF> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

System errors:
=============
Error: (11/08/2013 02:54:30 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 1.161.1624.0

Aktualisierungsquelle: %NT-AUTORITÄT59

Aktualisierungsphase: 4.3.0219.00

Quellpfad: 4.3.0219.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (11/08/2013 02:44:20 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (11/08/2013 00:40:24 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Stereoscopic 3D Driver Service1

Error: (11/08/2013 11:52:51 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (11/07/2013 02:49:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.161.1624.0){F98275CF-AEDF-47E8-BC96-516783D21650}201

Error: (11/07/2013 02:49:10 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 1.161.1624.0

Aktualisierungsquelle: %NT-AUTORITÄT59

Aktualisierungsphase: 4.3.0219.00

Quellpfad: 4.3.0219.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (11/07/2013 02:49:10 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Modulversion:

Vorherige Modulversion: 2.0.8001.0

Modultyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Fehlercode: %NT-AUTORITÄT601

Fehlerbeschreibung: %NT-AUTORITÄT602

Error: (11/07/2013 02:49:10 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 11.159.0.0

Aktualisierungsquelle: %NT-AUTORITÄT15

Aktualisierungsphase: 4.3.0219.00

Quellpfad: 4.3.0219.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (11/07/2013 02:34:00 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (11/07/2013 02:33:59 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.11.2013 um 18:32:40 unerwartet heruntergefahren.

Microsoft Office Sessions:
=========================
Error: (11/08/2013 01:11:25 PM) (Source: Application Error)(User: )
Description: TFC.exe3.1.9.02a425e19ole32.dll6.0.6002.182774c28d53ec00000050012834f126401cedc7745e0b28f

Error: (11/07/2013 02:47:57 PM) (Source: MsiInstaller)(User: Underclass-Hero)
Description: Produkt: MediaSmart TV -- Fehler 1905. Fehler beim Entfernen von Modul c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Music\CLMediaPlayer.dll aus der Registrierung. HRESULT -2147220472. Bitte wenden Sie sich an Ihren Support.(NULL)(NULL)(NULL)(NULL)

Error: (11/07/2013 02:40:30 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.1231495b4616MFC71.DLL7.10.3077.03e77fdfdc00000050002a3a365401cedbbea8322793

Error: (11/06/2013 02:01:48 PM) (Source: Application Error)(User: )
Description: TVAgent.exe2.1.1.1231495b4616MFC71.DLL7.10.3077.03e77fdfdc00000050002a3a345401cedaeffe53d770

Error: (11/05/2013 03:19:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Underclass_Hero\Desktop\desktop\esetsmartinstaller_enu.exe

Error: (11/05/2013 02:14:16 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005c3001ceda2421f434d90

Error: (11/05/2013 00:14:23 PM) (Source: pctsSvc.exe)(User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
E:\CONFIG.MSI\6791A7.RBF

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
E:\CONFIG.MSI\6791A6.RBF

Error: (11/05/2013 11:55:01 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog

Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
E:\CONFIG.MSI\6791A5.RBF

CodeIntegrity Errors:
===================================
Date: 2013-11-04 11:26:19.376
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:19.267
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:19.157
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:19.064
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:17.535
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:17.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:17.332
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:17.207
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:08.113
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-11-04 11:26:07.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 6142.33 MB
Available physical RAM: 4206.59 MB
Total Pagefile: 12497.6 MB
Available Pagefile: 10308.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:364.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:581.12 GB) NTFS
Drive f: (DIR-615) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: D2921899)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 09.11.2013, 13:19

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S1 bncudelp; \??\C:\Windows\system32\drivers\bncudelp.sys [x]
S1 dzgrubzs; \??\C:\Windows\system32\drivers\dzgrubzs.sys [x]
S1 lmrjlnxr; \??\C:\Windows\system32\drivers\lmrjlnxr.sys [x]
S1 qiqottig; \??\C:\Windows\system32\drivers\qiqottig.sys [x]
S1 rgbdxhyw; \??\C:\Windows\system32\drivers\rgbdxhyw.sys [x]
S1 ujprsheu; \??\C:\Windows\system32\drivers\ujprsheu.sys [x]
S1 uqtsvqiv; \??\C:\Windows\system32\drivers\uqtsvqiv.sys [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

01.11.2013, 11:06	#4
schrauber /// the machine /// TB-Ausbilder	weißer Bildschirm nach Systemstart startet der Rechner normal? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

weißer Bildschirm nach Systemstart

Log-Analyse und Auswertung: weißer Bildschirm nach Systemstart