Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
avast hat Rootkit gefunden

avast hat Rootkit gefunden


Log-Analyse und Auswertung: avast hat Rootkit gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 19.11.2013, 15:04   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.11.2013, 16:16   #17
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


so auch erledigt. und MBAR findet nichts !!
Rechner neu gestartet -> Avastmeldung -> MBAR findet immer noch nichts. Bin jetzt ganz überfragt

MBAR Log vor Neustart:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
onit :: ONIT-PC [administrator]

19.11.2013 15:30:29
mbar-log-2013-11-19 (15-30-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 251915
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Neustart:



MBAR Log nach Neustart:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
onit :: ONIT-PC [administrator]

19.11.2013 15:55:31
mbar-log-2013-11-19 (15-55-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 251880
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
__________________
Alt 19.11.2013, 16:17   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
__________________
Alt 19.11.2013, 16:56   #19
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


So da bin ich wieder.

Als erstes möchte ich anmerken, dass mein Avast nicht mehr automatisch startet !! Warum, keine Ahnung ??

Jedenfalls kommt die Meldung nicht mehr !! auch nicht wenn ich manuell starte.

so und hier die gewünschten Log-File´s

Adw:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.012 - Bericht erstellt am 19/11/2013 um 16:26:47
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : onit - ONIT-PC
# Gestartet von : C:\Users\onit\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\eSupport.com
Ordner Gelöscht : C:\Program Files\software4u
Ordner Gelöscht : C:\Users\onit\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\onit\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\onit\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\onit\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\SweetIMToolbarData
Datei Gelöscht : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\invalidprefs.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKCU\Software\9558cddb13fbe43
Schlüssel Gelöscht : HKLM\SOFTWARE\9558cddb13fbe43
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_clony-xxl_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_clony-xxl_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_o-o-unerase_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_o-o-unerase_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tippsystem4you_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tippsystem4you_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_undelete-plus_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_undelete-plus_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.id", "bcb453b2000000000000000d88f2db2e");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15752");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.012:01:58");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[R0].txt - [5719 octets] - [19/11/2013 16:25:09]
AdwCleaner[S0].txt - [5660 octets] - [19/11/2013 16:26:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5720 octets] ##########
--- --- ---

[/CODE]

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by onit on 19.11.2013 at 16:37:23,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] spamfighter update service 
Successfully deleted: [Service] spamfighter update service 
Successfully stopped: [Service] suite service 
Successfully deleted: [Service] suite service 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3950459187-3028487568-1057048190-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\onit\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\onit\AppData\Roaming\mozilla\firefox\profiles\lci2imyz.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.11.2013 at 16:40:28,45
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by onit (administrator) on ONIT-PC on 19-11-2013 16:46:07
Running from C:\Users\onit\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
() C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3203080 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1573384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [357384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\WLanGUI.exe [1904640 2009-04-23] (AVM Berlin)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
HKCU\...\Run: [iDevice Manager Launcher] - "C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run
HKCU\...\Run: [S60 PC Suite Tray] - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] ()
Startup: C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
ShortcutTarget: Logitech Touch Mouse Server.lnk -> C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
SearchScopes: HKCU - {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\bingsearch.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\s-amazon-byskipity-de.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Youtube Videos + - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: Просмотр HTTP заголовков - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: WOT - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Password Manager 12\spmplugin3

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-04-23] (AVM Berlin)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2009-11-06] (NVIDIA)
S2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [x]
S2 COSIDS_TB; C:\PROGRA~1\COSIDS\BIN\TbMux32.exe [x]
S2 TIS 2000 Apache Web Server; C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe [x]

==================== Drivers (Whitelisted) ====================

S4 adatadrv; C:\Windows\System32\DRIVERS\adatadrv.sys [762112 2009-07-01] (none)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-08-23] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-04-23] (AVM Berlin)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [24786 2004-06-23] (EUTRON)
S3 FTD2XX; C:\Windows\System32\Drivers\OPCOMUSB.sys [34639 2005-12-15] (FTDI Ltd.)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [440832 2009-04-23] (AVM GmbH)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 gogoTunnelDevice; C:\Windows\System32\DRIVERS\gogotun.sys [21064 2010-03-22] (gogo6 Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
S3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [37088 2008-07-11] (SafeNet, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-21] ()
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 ah95jbq1; C:\Windows\System32\Drivers\ah95jbq1.sys [0 ] (Advanced Micro Devices)
S1 aqimwooj; \??\C:\Windows\system32\drivers\aqimwooj.sys [x]
S3 catchme; \??\C:\Users\onit\AppData\Local\Temp\catchme.sys [x]
S1 dlnmjshl; \??\C:\Windows\system32\drivers\dlnmjshl.sys [x]
S1 ejmbuoso; \??\C:\Windows\system32\drivers\ejmbuoso.sys [x]
S1 fgwsrrmp; \??\C:\Windows\system32\drivers\fgwsrrmp.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S1 kfqgxkul; \??\C:\Windows\system32\drivers\kfqgxkul.sys [x]
S1 lqcoeatk; \??\C:\Windows\system32\drivers\lqcoeatk.sys [x]
S1 nwjeiqer; \??\C:\Windows\system32\drivers\nwjeiqer.sys [x]
S1 ohvjxovc; \??\C:\Windows\system32\drivers\ohvjxovc.sys [x]
S1 omkvtskd; \??\C:\Windows\system32\drivers\omkvtskd.sys [x]
S1 pmlvfwjt; \??\C:\Windows\system32\drivers\pmlvfwjt.sys [x]
S1 rlbwgdkg; \??\C:\Windows\system32\drivers\rlbwgdkg.sys [x]
S1 saafrakq; \??\C:\Windows\system32\drivers\saafrakq.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S1 ubrqlrxj; \??\C:\Windows\system32\drivers\ubrqlrxj.sys [x]
S1 udmugqcn; \??\C:\Windows\system32\drivers\udmugqcn.sys [x]
U2 V2iMount; 
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 16:43 - 2013-11-19 16:46 - 00016992 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-19 16:42 - 2013-11-19 16:43 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:40 - 2013-11-19 16:41 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:24 - 2013-11-19 16:26 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 15:30 - 2013-11-19 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-19 15:30 - 2013-11-19 15:55 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-19 15:29 - 2013-11-19 15:55 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-19 15:28 - 2013-11-19 16:08 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:46 - 00000336 _____ C:\DeQuarantine.txt
2013-11-19 14:45 - 2013-11-19 14:46 - 00000000 ___SD C:\ComboFix
2013-11-19 14:41 - 2013-11-19 14:42 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\ProgramData\1&1
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 08:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-19 08:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-19 08:48 - 2013-11-19 14:45 - 00000000 ____D C:\Qoobox
2013-11-19 08:48 - 2013-11-19 09:01 - 00000000 ____D C:\Windows\erdnt
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:24 - 2013-11-18 12:27 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-19 16:35 - 00000336 _____ C:\Windows\setupact.log
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:34 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 17:34 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 17:34 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 17:34 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 17:34 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:29 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 17:29 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 17:29 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 17:29 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 17:29 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 17:29 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 17:29 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 17:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 17:28 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 17:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 17:28 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-01 12:04 - 2013-11-01 12:04 - 00000000 _____ C:\ProgramData\lc9jvqb.fvv

==================== One Month Modified Files and Folders =======

2013-11-19 16:46 - 2013-11-19 16:43 - 00016992 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-19 16:46 - 2010-01-04 19:39 - 01957423 _____ C:\Windows\WindowsUpdate.log
2013-11-19 16:43 - 2013-11-19 16:42 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:43 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 16:43 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 16:41 - 2013-11-19 16:40 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:36 - 2010-02-21 20:13 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 16:35 - 2013-11-18 11:55 - 00000336 _____ C:\Windows\setupact.log
2013-11-19 16:35 - 2010-01-05 18:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-19 16:35 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:26 - 2013-11-19 16:24 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:24 - 2011-02-16 19:25 - 00000000 ____D C:\Users\onit\AppData\Local\CrashDumps
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 16:08 - 2013-11-19 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-19 16:08 - 2013-11-19 15:28 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-19 16:07 - 2012-08-18 13:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 15:55 - 2013-11-19 15:30 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-19 15:55 - 2013-11-19 15:29 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-19 15:55 - 2010-02-21 20:13 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 15:43 - 2010-01-04 23:30 - 00069034 _____ C:\Windows\PFRO.log
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:46 - 00000336 _____ C:\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:45 - 00000000 ___SD C:\ComboFix
2013-11-19 14:45 - 2013-11-19 08:48 - 00000000 ____D C:\Qoobox
2013-11-19 14:42 - 2013-11-19 14:41 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\ProgramData\1&1
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 09:02 - 2011-08-23 18:17 - 00000000 ____D C:\Users\onit\AppData\Local\Apps\2.0
2013-11-19 09:02 - 2011-07-07 19:21 - 00000000 ____D C:\Users\Admin
2013-11-19 09:02 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-19 09:01 - 2013-11-19 08:48 - 00000000 ____D C:\Windows\erdnt
2013-11-19 09:00 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-18 15:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-18 14:40 - 2011-01-24 21:51 - 00000000 ____D C:\Users\onit\AppData\Roaming\vlc
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:27 - 2013-11-18 12:24 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-18 11:47 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-11-18 11:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-18 11:46 - 2013-03-04 19:48 - 00000000 ____D C:\Users\onit\AppData\Roaming\uTorrent
2013-11-18 11:42 - 2010-03-25 19:50 - 00000000 ____D C:\Windows\Minidump
2013-11-18 10:47 - 2010-01-04 19:47 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:36 - 2010-01-12 17:54 - 00000000 ____D C:\Windows\WindowsMobile
2013-11-15 17:36 - 2009-07-14 03:04 - 00000572 _____ C:\Windows\win.ini
2013-11-15 17:33 - 2013-07-14 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 17:30 - 2010-01-04 20:53 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-04 19:40 - 2010-01-04 22:11 - 00135808 _____ C:\Users\onit\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 12:04 - 2013-11-01 12:04 - 00000000 _____ C:\ProgramData\lc9jvqb.fvv

Files to move or delete:
====================
C:\Users\onit\AppData\Roaming\cache.ini
C:\ProgramData\lc9jvqb.fvv
C:\ProgramData\qjaxlkio.dss


Some content of TEMP:
====================
C:\Users\onit\AppData\Local\temp\catchme.dll
C:\Users\onit\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by onit at 2013-11-19 16:46:27
Running from C:\Users\onit\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (Version: 1.6)
1&1 Upload-Manager (Version: 2.0.676)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
AnyDVD (Version: 7.0.7.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1497.0)
AviSynth 2.5
AVM FRITZ!Box AddOn (IE) (Version: 1.5.5)
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0)
AVM FRITZ!WLAN
Bonjour (Version: 3.0.0.10)
CDex extraction audio
CloneDVD2 (Version: 2.9.2.8)
Cole2k Media - Nero Audio Plugin Pack
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoreAVC Professional Edition (remove only)
DHTML Editing Component (Version: 6.02.0001)
DivX-Setup (Version: 2.1.2.2)
EASEUS Partition Master 4.1.1 Home Edition
Free YouTube to MP3 Converter version 3.2
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HijackThis 2.0.2 (Version: 2.0.2)
hp officejet v series (Version: 1.00.0000)
iDevice Manager (Version: 1.9.0.1)
IE7Pro (Version: 2.3.6)
ImgBurn (Version: 2.5.0.0)
iPhone-Konfigurationsprogramm (Version: 3.6.2.300)
iTunes (Version: 11.0.5.5)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
K-Lite Mega Codec Pack 7.9.0 (Version: 7.9.0)
LightScribe System Software (Version: 1.18.24.1)
Logitech GamePanel Software 3.04.137 (Version: 3.04.137)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech Touch Mouse Server 1.0 (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Outlook-Sicherung für Persönliche Ordner (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (HKCU Version: 7.27)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.03.1151)
Nero Mega Plugin Pack (Version: 2.0)
Nero Reloaded PlugIn Pack 2.0.4 by GEAR (Version: 2.0.4)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Performance (Version: 6.5)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA System Monitor (Version: 6.5)
NVIDIA System Update (Version: 3.00)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OP-COM USB V2 Driver
OpenSSL 1.0.0c Light (32-bit)
PC Connectivity Solution (Version: 9.13.1.0)
PS3 Media Server (Version: 1.50.0)
PVSonyDll (Version: 1.00.0001)
Remote Control USB Driver (Version: 2.3.2.317)
Samsung PC Studio 7 (Version: 7.2.24.9)
SamsungConnectivityCableDriver (Version: 6.83.6.2)
SDFormatter (Version: 3.0.0)
Sniper Elite
Sophos Virus Removal Tool (Version: 2.4)
SPAMfighter (Version: 7.1.99)
SPAMfighter Client (Version: 7.1.99)
SpeedFan (remove only)
Tag-It 666
TeamViewer 8 (Version: 8.0.22298)
Turbo Lister 2 (Version: 2.00.0000)
UnderCoverXP 1.08
Uninstall 1.0.0.1
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 2.0.1 (Version: 2.0.1)
WBFS Manager 3.0 (Version: 3.0)
Winamp (nur entfernen)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR archiver
WOT für Internet Explorer (Version: 10.2.5.0)
XnView 1.97 (Version: 1.97)
YTD Video Downloader 3.9.6 (Version: 3.9.6)
Zoggi 4.1.4  (Version: 4.1.4)
Zuma's Revenge! - Abenteuer

==================== Restore Points  =========================

18-11-2013 23:00:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-11-19 09:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14553297-A560-471C-98AA-93698E8EA390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {3A51A016-4F26-46E4-AC51-7D5D8F300E44} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {5F208A1D-E7D6-4550-96EE-A64535CA7477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {6B1D1B8A-E793-4AED-9BE4-35793A313FB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {81495D78-2103-4629-8750-1F7B098CF8CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {8402C223-2FB0-4CBD-AC8B-9770DF4BA114} - System32\Tasks\{E6769B2B-CE60-4B1A-A277-79D65D884C5D} => D:\Down\Groschengrabdeluxe\ggdqueens.exe
Task: {8C869081-5264-4122-99F1-AD2007D5D715} - System32\Tasks\{C10C398F-C073-4216-B78E-852C2BF35B65} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: {AF8920E9-3BED-4C24-AEAB-54D87B85E876} - System32\Tasks\{E4D858FA-0CFC-4FBD-92C9-40E7AF58EAE7} => V:\PANTHEON\pdx-ac7p.exe
Task: {B58442BA-6DBE-4529-AB0C-75EC3A96E90E} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {CBFA67D6-4160-499E-8CB5-16902FBD8C0A} - System32\Tasks\{2C99D700-C784-4A92-B5A9-ECBE65D4018C} => D:\Down\Groschengrabdeluxe\groschengrabdeluxe128.exe
Task: {D384618B-86C0-4B41-AC95-00DA3CEAA3C0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E25E365F-0AFC-4FD8-8195-537AD8B501B4} - System32\Tasks\{8BFF3CA3-261C-4A0A-9550-B82E3E2CF757} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-01 14:58 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-11-19 00:03 - 2013-11-18 21:34 - 02237952 _____ () C:\Program Files\Alwil Software\Avast5\defs\13111801\algo.dll
2004-12-14 03:28 - 2004-12-14 03:28 - 01212416 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
2011-02-11 19:56 - 2007-08-21 13:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-12-05 16:15 - 2008-12-05 16:15 - 01581056 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtCore4.dll
2008-12-05 16:23 - 2008-12-05 16:23 - 06402048 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtGui4.dll
2008-12-05 16:15 - 2008-12-05 16:15 - 00356352 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtXml4.dll
2009-05-16 00:10 - 2009-05-16 00:10 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM.dll
2008-12-06 01:25 - 2008-12-06 01:25 - 00004608 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSL.dll
2008-12-06 01:50 - 2008-12-06 01:50 - 00713728 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\styles\NGLStyle.dll
2008-12-05 16:31 - 2008-12-05 16:31 - 00131072 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\imageformats\qjpeg4.dll
2008-12-06 01:41 - 2008-12-06 01:41 - 00619008 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll
2009-05-16 00:22 - 2009-05-16 00:22 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\onit\Downloads:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Autodata Protection Service
Description: Autodata Protection Service
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard system devices)
Service: adatadrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-29 22:08:14.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-29 22:02:09.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 2047.55 MB
Available physical RAM: 1057.16 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2887.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.16 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:58.92 GB) (Free:16.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Torrent) (Fixed) (Total:872.59 GB) (Free:337.24 GB) NTFS
Drive e: (DOWNLOAD) (Fixed) (Total:39.06 GB) (Free:7.84 GB) NTFS
Drive f: (IMAGE) (Fixed) (Total:48.83 GB) (Free:35.8 GB) NTFS
Drive g: (SICHERUNG) (Fixed) (Total:39.07 GB) (Free:7.03 GB) NTFS
Drive h: (MP3´s und Filme) (Fixed) (Total:117.19 GB) (Free:24.76 GB) NTFS
Drive i: (SPIELE) (Fixed) (Total:35.31 GB) (Free:18.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 279 GB) (Disk ID: 9F3861B7)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 001DA9A3)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=873 GB) - (Type=OF Extended)

==================== End Of Log ============================
was muss jetzt noch unternommen werden ?

mfg onitp

Alt 19.11.2013, 17:01   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S1 dlnmjshl; \??\C:\Windows\system32\drivers\dlnmjshl.sys [x]
S1 ejmbuoso; \??\C:\Windows\system32\drivers\ejmbuoso.sys [x]
S1 fgwsrrmp; \??\C:\Windows\system32\drivers\fgwsrrmp.sys [x]
S1 kfqgxkul; \??\C:\Windows\system32\drivers\kfqgxkul.sys [x]
S1 lqcoeatk; \??\C:\Windows\system32\drivers\lqcoeatk.sys [x]
S1 nwjeiqer; \??\C:\Windows\system32\drivers\nwjeiqer.sys [x]
S1 ohvjxovc; \??\C:\Windows\system32\drivers\ohvjxovc.sys [x]
S1 omkvtskd; \??\C:\Windows\system32\drivers\omkvtskd.sys [x]
S1 pmlvfwjt; \??\C:\Windows\system32\drivers\pmlvfwjt.sys [x]
S1 rlbwgdkg; \??\C:\Windows\system32\drivers\rlbwgdkg.sys [x]
S1 saafrakq; \??\C:\Windows\system32\drivers\saafrakq.sys [x]
S1 ubrqlrxj; \??\C:\Windows\system32\drivers\ubrqlrxj.sys [x]
S1 udmugqcn; \??\C:\Windows\system32\drivers\udmugqcn.sys [x]
C:\ProgramData\lc9jvqb.fvv
C:\Users\onit\AppData\Roaming\cache.ini
C:\ProgramData\qjaxlkio.dss

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.11.2013, 19:49   #21
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


hier der gewünschte Log:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by onit at 2013-11-19 17:19:51 Run:1
Running from C:\Users\onit\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S1 dlnmjshl; \??\C:\Windows\system32\drivers\dlnmjshl.sys [x]
S1 ejmbuoso; \??\C:\Windows\system32\drivers\ejmbuoso.sys [x]
S1 fgwsrrmp; \??\C:\Windows\system32\drivers\fgwsrrmp.sys [x]
S1 kfqgxkul; \??\C:\Windows\system32\drivers\kfqgxkul.sys [x]
S1 lqcoeatk; \??\C:\Windows\system32\drivers\lqcoeatk.sys [x]
S1 nwjeiqer; \??\C:\Windows\system32\drivers\nwjeiqer.sys [x]
S1 ohvjxovc; \??\C:\Windows\system32\drivers\ohvjxovc.sys [x]
S1 omkvtskd; \??\C:\Windows\system32\drivers\omkvtskd.sys [x]
S1 pmlvfwjt; \??\C:\Windows\system32\drivers\pmlvfwjt.sys [x]
S1 rlbwgdkg; \??\C:\Windows\system32\drivers\rlbwgdkg.sys [x]
S1 saafrakq; \??\C:\Windows\system32\drivers\saafrakq.sys [x]
S1 ubrqlrxj; \??\C:\Windows\system32\drivers\ubrqlrxj.sys [x]
S1 udmugqcn; \??\C:\Windows\system32\drivers\udmugqcn.sys [x]
C:\ProgramData\lc9jvqb.fvv
C:\Users\onit\AppData\Roaming\cache.ini
C:\ProgramData\qjaxlkio.dss
         
*****************

dlnmjshl => Service deleted successfully.
ejmbuoso => Service deleted successfully.
fgwsrrmp => Service deleted successfully.
kfqgxkul => Service deleted successfully.
lqcoeatk => Service deleted successfully.
nwjeiqer => Service deleted successfully.
ohvjxovc => Service deleted successfully.
omkvtskd => Service deleted successfully.
pmlvfwjt => Service deleted successfully.
rlbwgdkg => Service deleted successfully.
saafrakq => Service deleted successfully.
ubrqlrxj => Service deleted successfully.
udmugqcn => Service deleted successfully.
C:\ProgramData\lc9jvqb.fvv => Moved successfully.
C:\Users\onit\AppData\Roaming\cache.ini => Moved successfully.
C:\ProgramData\qjaxlkio.dss => Moved successfully.

==== End of Fixlog ====
Hallo

hätte dann auch gern, dass mein Avast wieder mit Windows startet und in meinem Outlook ist das Programm SpamFighter auch nicht mehr lauffähig. Hätte ich aber auch gern wieder.

Neuinstallation notwendig oder geht das irgendwie wieder herzustellen??

FAlls die Bereinigung meines System´s beendet ist, was ist mit den ganzen Programmen und Log-Dateien ?? Einfach löschen??

Nochmals danke für die bereits geleistete Hilfe. Sehr professionell und schnell.

!!! R E S P E K T !!! und

MfG onitp

Alt 19.11.2013, 23:55   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Frisches FRST-Log bitte.
Die genannten Programme musst du mal wohl neu installieren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2013, 08:36   #23
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


moin

Hier die neuen FRST-Log´s:

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by onit (administrator) on ONIT-PC on 20-11-2013 08:32:42
Running from C:\Users\onit\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secure Banking) C:\Program Files\Secure Banking\SecureBanking.exe
() C:\Program Files\Secure Banking\sbservice.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3203080 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1573384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [357384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\WLanGUI.exe [1904640 2009-04-23] (AVM Berlin)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
HKCU\...\Run: [iDevice Manager Launcher] - "C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run
HKCU\...\Run: [SecureBanking] - C:\Program Files\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKCU\...\Run: [S60 PC Suite Tray] - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
SearchScopes: HKCU - {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\bingsearch.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\s-amazon-byskipity-de.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Youtube Videos + - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: Просмотр HTTP заголовков - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: WOT - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Password Manager 12\spmplugin3

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-04-23] (AVM Berlin)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2009-11-06] (NVIDIA)
R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [x]
S2 COSIDS_TB; C:\PROGRA~1\COSIDS\BIN\TbMux32.exe [x]
S2 TIS 2000 Apache Web Server; C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe [x]

==================== Drivers (Whitelisted) ====================

S4 adatadrv; C:\Windows\System32\DRIVERS\adatadrv.sys [762112 2009-07-01] (none)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-08-23] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-04-23] (AVM Berlin)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [24786 2004-06-23] (EUTRON)
S3 FTD2XX; C:\Windows\System32\Drivers\OPCOMUSB.sys [34639 2005-12-15] (FTDI Ltd.)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [440832 2009-04-23] (AVM GmbH)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 gogoTunnelDevice; C:\Windows\System32\DRIVERS\gogotun.sys [21064 2010-03-22] (gogo6 Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
S3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [37088 2008-07-11] (SafeNet, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-21] ()
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 awe1xqdh; C:\Windows\System32\Drivers\awe1xqdh.sys [0 ] (Advanced Micro Devices)
S1 aqimwooj; \??\C:\Windows\system32\drivers\aqimwooj.sys [x]
S3 catchme; \??\C:\Users\onit\AppData\Local\Temp\catchme.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount; 
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 18:57 - 2013-11-19 18:57 - 03865488 _____ (Secunia) C:\Users\onit\Desktop\PSI9015Setup.exe
2013-11-19 18:09 - 2013-11-19 18:09 - 00000000 ____D C:\Users\onit\AppData\Local\Secunia PSI
2013-11-19 17:55 - 2013-11-19 17:55 - 00001039 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-11-19 17:55 - 2013-11-19 17:55 - 00000000 ____D C:\Program Files\Secure Banking
2013-11-19 16:43 - 2013-11-20 08:32 - 00016387 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-19 16:42 - 2013-11-19 16:43 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:40 - 2013-11-19 16:41 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:24 - 2013-11-19 16:26 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 15:30 - 2013-11-19 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-19 15:30 - 2013-11-19 15:55 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-19 15:28 - 2013-11-19 16:08 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:46 - 00000336 _____ C:\DeQuarantine.txt
2013-11-19 14:45 - 2013-11-19 14:46 - 00000000 ___SD C:\ComboFix
2013-11-19 14:41 - 2013-11-19 14:42 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\ProgramData\1&1
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 08:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-19 08:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-19 08:48 - 2013-11-19 14:45 - 00000000 ____D C:\Qoobox
2013-11-19 08:48 - 2013-11-19 09:01 - 00000000 ____D C:\Windows\erdnt
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:24 - 2013-11-18 12:27 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-19 19:11 - 00000392 _____ C:\Windows\setupact.log
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:34 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 17:34 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 17:34 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 17:34 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 17:34 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:29 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 17:29 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 17:29 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 17:29 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 17:29 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 17:29 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 17:29 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 17:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 17:28 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 17:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 17:28 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-11-20 08:32 - 2013-11-19 16:43 - 00016387 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-20 08:07 - 2012-08-18 13:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 07:55 - 2010-02-21 20:13 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-20 00:55 - 2010-02-21 20:13 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 23:26 - 2010-01-04 19:39 - 01094312 _____ C:\Windows\WindowsUpdate.log
2013-11-19 19:53 - 2010-01-09 09:55 - 00000000 ____D C:\Users\onit\AppData\Local\Mozilla
2013-11-19 19:43 - 2011-02-16 19:25 - 00000000 ____D C:\Users\onit\AppData\Local\CrashDumps
2013-11-19 19:19 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 19:19 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 19:11 - 2013-11-18 11:55 - 00000392 _____ C:\Windows\setupact.log
2013-11-19 19:11 - 2012-05-04 20:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 19:11 - 2010-01-05 18:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-19 19:11 - 2010-01-04 23:30 - 00069610 _____ C:\Windows\PFRO.log
2013-11-19 19:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 19:05 - 2013-08-27 10:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 18:57 - 2013-11-19 18:57 - 03865488 _____ (Secunia) C:\Users\onit\Desktop\PSI9015Setup.exe
2013-11-19 18:20 - 2012-07-16 09:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-19 18:20 - 2011-09-21 11:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 18:09 - 2013-11-19 18:09 - 00000000 ____D C:\Users\onit\AppData\Local\Secunia PSI
2013-11-19 17:55 - 2013-11-19 17:55 - 00001039 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-11-19 17:55 - 2013-11-19 17:55 - 00000000 ____D C:\Program Files\Secure Banking
2013-11-19 17:24 - 2010-01-04 19:47 - 01645390 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-19 16:43 - 2013-11-19 16:42 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:41 - 2013-11-19 16:40 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:26 - 2013-11-19 16:24 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 16:08 - 2013-11-19 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-19 16:08 - 2013-11-19 15:28 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-19 15:55 - 2013-11-19 15:30 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:46 - 00000336 _____ C:\DeQuarantine.txt
2013-11-19 14:46 - 2013-11-19 14:45 - 00000000 ___SD C:\ComboFix
2013-11-19 14:45 - 2013-11-19 08:48 - 00000000 ____D C:\Qoobox
2013-11-19 14:42 - 2013-11-19 14:41 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-19 09:16 - 2013-11-19 09:16 - 00000000 ____D C:\ProgramData\1&1
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 09:02 - 2011-08-23 18:17 - 00000000 ____D C:\Users\onit\AppData\Local\Apps\2.0
2013-11-19 09:02 - 2011-07-07 19:21 - 00000000 ____D C:\Users\Admin
2013-11-19 09:02 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-19 09:01 - 2013-11-19 08:48 - 00000000 ____D C:\Windows\erdnt
2013-11-19 09:00 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-18 15:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-18 14:40 - 2011-01-24 21:51 - 00000000 ____D C:\Users\onit\AppData\Roaming\vlc
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:27 - 2013-11-18 12:24 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-18 11:47 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-11-18 11:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-18 11:46 - 2013-03-04 19:48 - 00000000 ____D C:\Users\onit\AppData\Roaming\uTorrent
2013-11-18 11:42 - 2010-03-25 19:50 - 00000000 ____D C:\Windows\Minidump
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:36 - 2010-01-12 17:54 - 00000000 ____D C:\Windows\WindowsMobile
2013-11-15 17:36 - 2009-07-14 03:04 - 00000572 _____ C:\Windows\win.ini
2013-11-15 17:33 - 2013-07-14 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 17:30 - 2010-01-04 20:53 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-04 19:40 - 2010-01-04 22:11 - 00135808 _____ C:\Users\onit\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\onit\AppData\Local\temp\catchme.dll
C:\Users\onit\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 00:15

==================== End Of Log ============================
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by onit at 2013-11-20 08:33:01
Running from C:\Users\onit\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (Version: 1.6)
1&1 Upload-Manager (Version: 2.0.676)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
AnyDVD (Version: 7.0.7.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1497.0)
AviSynth 2.5
AVM FRITZ!Box AddOn (IE) (Version: 1.5.5)
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0)
AVM FRITZ!WLAN
Bonjour (Version: 3.0.0.10)
CDex extraction audio
CloneDVD2 (Version: 2.9.2.8)
Cole2k Media - Nero Audio Plugin Pack
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoreAVC Professional Edition (remove only)
DHTML Editing Component (Version: 6.02.0001)
DivX-Setup (Version: 2.1.2.2)
EASEUS Partition Master 4.1.1 Home Edition
Free YouTube to MP3 Converter version 3.2
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HijackThis 2.0.2 (Version: 2.0.2)
hp officejet v series (Version: 1.00.0000)
iDevice Manager (Version: 1.9.0.1)
IE7Pro (Version: 2.3.6)
ImgBurn (Version: 2.5.5.0)
iPhone-Konfigurationsprogramm (Version: 3.6.2.300)
iTunes (Version: 11.0.5.5)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
K-Lite Mega Codec Pack 7.9.0 (Version: 7.9.0)
LightScribe System Software (Version: 1.18.24.1)
Logitech GamePanel Software 3.04.137 (Version: 3.04.137)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech Touch Mouse Server 1.0 (Version: 1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Outlook-Sicherung für Persönliche Ordner (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (HKCU Version: 7.27)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.03.1151)
Nero Mega Plugin Pack (Version: 2.0)
Nero Reloaded PlugIn Pack 2.0.4 by GEAR (Version: 2.0.4)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Performance (Version: 6.5)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA System Monitor (Version: 6.5)
NVIDIA System Update (Version: 3.00)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OP-COM USB V2 Driver
OpenSSL 1.0.0c Light (32-bit)
PC Connectivity Solution (Version: 9.13.1.0)
PS3 Media Server (Version: 1.50.0)
PVSonyDll (Version: 1.00.0001)
Remote Control USB Driver (Version: 2.3.2.317)
Samsung PC Studio 7 (Version: 7.2.24.9)
SamsungConnectivityCableDriver (Version: 6.83.6.2)
SDFormatter (Version: 3.0.0)
Secure Banking Version 1.5.2 (Version: 1.5.2)
Sniper Elite
Sophos Virus Removal Tool (Version: 2.4)
SPAMfighter (Version: 7.1.99)
SPAMfighter Client (Version: 7.1.99)
SpeedFan (remove only)
Tag-It 666
TeamViewer 8 (Version: 8.0.22298)
Turbo Lister 2 (Version: 2.00.0000)
UnderCoverXP 1.08
Uninstall 1.0.0.1
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 2.0.1 (Version: 2.0.1)
WBFS Manager 3.0 (Version: 3.0)
Winamp (nur entfernen)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR archiver
WOT für Internet Explorer (Version: 10.2.5.0)
XnView 1.97 (Version: 1.97)
YTD Video Downloader 3.9.6 (Version: 3.9.6)
Zoggi 4.1.4  (Version: 4.1.4)
Zuma's Revenge! - Abenteuer

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-11-19 09:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14553297-A560-471C-98AA-93698E8EA390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {3A51A016-4F26-46E4-AC51-7D5D8F300E44} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {5F208A1D-E7D6-4550-96EE-A64535CA7477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {6B1D1B8A-E793-4AED-9BE4-35793A313FB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19] (Adobe Systems Incorporated)
Task: {81495D78-2103-4629-8750-1F7B098CF8CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {8402C223-2FB0-4CBD-AC8B-9770DF4BA114} - System32\Tasks\{E6769B2B-CE60-4B1A-A277-79D65D884C5D} => D:\Down\Groschengrabdeluxe\ggdqueens.exe
Task: {8C869081-5264-4122-99F1-AD2007D5D715} - System32\Tasks\{C10C398F-C073-4216-B78E-852C2BF35B65} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: {AF8920E9-3BED-4C24-AEAB-54D87B85E876} - System32\Tasks\{E4D858FA-0CFC-4FBD-92C9-40E7AF58EAE7} => V:\PANTHEON\pdx-ac7p.exe
Task: {B58442BA-6DBE-4529-AB0C-75EC3A96E90E} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {CBFA67D6-4160-499E-8CB5-16902FBD8C0A} - System32\Tasks\{2C99D700-C784-4A92-B5A9-ECBE65D4018C} => D:\Down\Groschengrabdeluxe\groschengrabdeluxe128.exe
Task: {D384618B-86C0-4B41-AC95-00DA3CEAA3C0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E25E365F-0AFC-4FD8-8195-537AD8B501B4} - System32\Tasks\{8BFF3CA3-261C-4A0A-9550-B82E3E2CF757} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-12-06 01:41 - 2008-12-06 01:41 - 00619008 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll
2009-05-16 00:22 - 2009-05-16 00:22 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-01-07 20:46 - 2010-02-10 18:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-19 17:55 - 2013-06-30 17:01 - 00017920 _____ () C:\Program Files\Secure Banking\SecureBanking.dll
2013-11-19 17:55 - 2013-05-26 13:13 - 00008704 _____ () C:\Program Files\Secure Banking\funcs.dll
2010-02-05 13:14 - 2010-02-05 13:14 - 01276576 _____ () C:\Program Files\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\onit\Downloads:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Autodata Protection Service
Description: Autodata Protection Service
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard system devices)
Service: adatadrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2013 00:32:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/19/2013 07:43:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4
Ausnahmecode: 0x40000015
Fehleroffset: 0x0010333f
ID des fehlerhaften Prozesses: 0xd94
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service) (User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/19/2013 07:09:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9015, Zeitstempel: 0x5277789f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055fb6
ID des fehlerhaften Prozesses: 0x7f0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (11/19/2013 07:08:21 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9015 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e18

Startzeit: 01cee550eef7ba80

Endzeit: 16

Anwendungspfad: C:\Program Files\Secunia\PSI\psi.exe

Berichts-ID: 9141ca01-5145-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:55:10 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9015 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1438

Startzeit: 01cee550195f4348

Endzeit: 16

Anwendungspfad: C:\Program Files\Secunia\PSI\psi.exe

Berichts-ID: b9d04a49-5143-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:49:15 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9015 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8d0

Startzeit: 01cee54c5ca1c198

Endzeit: 0

Anwendungspfad: C:\Program Files\Secunia\PSI\psi.exe

Berichts-ID: e526a3c9-5142-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:40:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16736, Zeitstempel: 0x5258c4cc
Name des fehlerhaften Moduls: FBoxIESplitButton.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4b2a2d55
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5a0154d4
ID des fehlerhaften Prozesses: 0x1930
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/19/2013 06:22:37 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9015 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d90

Startzeit: 01cee54a22191d98

Endzeit: 16

Anwendungspfad: C:\Program Files\Secunia\PSI\psi.exe

Berichts-ID: 2c257e39-513f-11e3-867d-000d88f2db2e


System errors:
=============
Error: (11/20/2013 02:15:18 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/19/2013 07:43:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/19/2013 07:43:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/19/2013 07:14:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/19/2013 07:14:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/19/2013 07:12:29 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
eusk2par

Error: (11/19/2013 07:12:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TIS 2000 Apache Web Server" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/19/2013 07:12:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "COSIDS_TB" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/19/2013 07:11:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! iAVS4 Control Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/19/2013 06:22:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (11/20/2013 00:32:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Samsung\Samsung PC Studio 7\TIS_VistaPIM.dll

Error: (11/19/2013 07:43:26 PM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.110650f950f4nvtray.exe7.17.13.110650f950f4400000150010333fd9401cee552e2c000e0C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe792e0a28-514a-11e3-b8cd-000d88f2db2e

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service)(User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/19/2013 07:09:02 PM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.90155277789fntdll.dll6.1.7601.18247521ea91cc000000500055fb67f001cee550e8a050c0C:\Program Files\Secunia\PSI\PSIA.exeC:\Windows\SYSTEM32\ntdll.dllab465f60-5145-11e3-867d-000d88f2db2e

Error: (11/19/2013 07:08:21 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.90151e1801cee550eef7ba8016C:\Program Files\Secunia\PSI\psi.exe9141ca01-5145-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:55:10 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.9015143801cee550195f434816C:\Program Files\Secunia\PSI\psi.exeb9d04a49-5143-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:49:15 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.90158d001cee54c5ca1c1980C:\Program Files\Secunia\PSI\psi.exee526a3c9-5142-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:40:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.167365258c4ccFBoxIESplitButton.dll_unloaded0.0.0.04b2a2d55c00000055a0154d4193001cee54cf4422998C:\Program Files\Internet Explorer\iexplore.exeFBoxIESplitButton.dllbe8ef9a0-5141-11e3-867d-000d88f2db2e

Error: (11/19/2013 06:22:37 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.90151d9001cee54a22191d9816C:\Program Files\Secunia\PSI\psi.exe2c257e39-513f-11e3-867d-000d88f2db2e


CodeIntegrity Errors:
===================================
  Date: 2013-03-29 22:08:14.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-29 22:02:09.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 2047.55 MB
Available physical RAM: 1015.28 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2676.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.79 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:58.92 GB) (Free:16.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Torrent) (Fixed) (Total:872.59 GB) (Free:337.24 GB) NTFS
Drive e: (DOWNLOAD) (Fixed) (Total:39.06 GB) (Free:7.84 GB) NTFS
Drive f: (IMAGE) (Fixed) (Total:48.83 GB) (Free:35.8 GB) NTFS
Drive g: (SICHERUNG) (Fixed) (Total:39.07 GB) (Free:7.03 GB) NTFS
Drive h: (MP3´s und Filme) (Fixed) (Total:117.19 GB) (Free:24.76 GB) NTFS
Drive i: (SPIELE) (Fixed) (Total:35.31 GB) (Free:18.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 279 GB) (Disk ID: 9F3861B7)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 001DA9A3)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=873 GB) - (Type=OF Extended)

==================== End Of Log ============================
MfG onitp

Alt 20.11.2013, 10:11   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2013, 15:01   #25
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


So ich nochmal Malewarebytes hat Garnichts gefunden !


Eset 2 Funde


Eset-Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6bb71921bc248b46b83bd1a571e54722
# engine=15955
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-20 01:53:05
# local_time=2013-11-20 02:53:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 11199539 136586776 0 0
# scanned=212914
# found=2
# cleaned=0
# scan_time=8159
sh=3A1DA96F7A27B727A141242A16AD7503670B5B45 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OXH trojan" ac=I fn="C:\Users\onit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\61c41fd1-5a3713fc"
sh=ADE4E26DF29B942B2487DD5C64F212C9086AF432 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.CG trojan" ac=I fn="C:\Users\onit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4fc98ce9-591dc765"


geht das jetzt wieder von vorn los ?

mfg onitp

Alt 20.11.2013, 15:11   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Das sind nur Reste im Cache. Bitte TFC anwenden:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2013, 16:09   #27
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


hi

das mit dem TFC mache ich gleich.

Jetzt bekomme ich beim Neustart immer folgende Fehlermeldung



Habe schon gegoogelt aber Garnichts gefunden.

MfG onitp


So TFC auch ausgeführt.

Avast neu installiert und SpamFighter auch.

was kommt jetzt noch ??

man, man was ihr euch hier für die geplagten für Zeit nehmt... Respekt !!!!

MfG onitp
Geändert von onitp (20.11.2013 um 16:28 Uhr)

Alt 20.11.2013, 16:27   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Frisches FRST Log bitte, und auch einen Haken setzen bei additions
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2013, 16:33   #29
onitp
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Bitteschön

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by onit (administrator) on ONIT-PC on 20-11-2013 16:29:43
Running from C:\Users\onit\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Secure Banking) C:\Program Files\Secure Banking\SecureBanking.exe
() C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
() C:\Program Files\Secure Banking\sbservice.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3203080 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1573384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [357384 2009-12-10] (Logitech Inc.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\WLanGUI.exe [1904640 2009-04-23] (AVM Berlin)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-20] (AVAST Software)
HKLM\...\Run: [CommonToolkitTray] - C:\Program Files\Fighters\Tray\FightersTray.exe [1681952 2013-10-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] - C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1069600 2013-10-30] (SPAMfighter ApS)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
HKCU\...\Run: [SecureBanking] - C:\Program Files\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
HKCU\...\Run: [S60 PC Suite Tray] - C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] ()
Startup: C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbnj672j.lnk
ShortcutTarget: jbnj672j.lnk -> C:\PROGRA~2\j276jnbj.dss (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
SearchScopes: HKCU - {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {74C8CE33-29EB-489C-9B32-81F9A5352FC7} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\bingsearch.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\s-amazon-byskipity-de.xml
FF SearchPlugin: C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\staged
FF Extension: Download Youtube Videos + - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\video.downloader.plugin@ffpimp.com
FF Extension: Просмотр HTTP заголовков - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: WOT - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus - C:\Users\onit\AppData\Roaming\Mozilla\Firefox\Profiles\lci2imyz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Password Manager 12\spmplugin3

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-11-20] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-04-23] (AVM Berlin)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2009-11-06] (NVIDIA)
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-10-30] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-10-29] (SPAMfighter ApS)
R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [x]
S2 COSIDS_TB; C:\PROGRA~1\COSIDS\BIN\TbMux32.exe [x]
S2 TIS 2000 Apache Web Server; C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe [x]

==================== Drivers (Whitelisted) ====================

S4 adatadrv; C:\Windows\System32\DRIVERS\adatadrv.sys [762112 2009-07-01] (none)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-02] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-20] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2011-08-23] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-04-23] (AVM Berlin)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [24786 2004-06-23] (EUTRON)
S3 FTD2XX; C:\Windows\System32\Drivers\OPCOMUSB.sys [34639 2005-12-15] (FTDI Ltd.)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [440832 2009-04-23] (AVM GmbH)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 gogoTunnelDevice; C:\Windows\System32\DRIVERS\gogotun.sys [21064 2010-03-22] (gogo6 Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
S3 OVT511Plus; C:\Windows\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [37088 2008-07-11] (SafeNet, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-21] ()
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 ayoquq87; C:\Windows\System32\Drivers\ayoquq87.sys [0 ] (Microsoft Corporation)
S1 aqimwooj; \??\C:\Windows\system32\drivers\aqimwooj.sys [x]
S3 catchme; \??\C:\Users\onit\AppData\Local\Temp\catchme.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount; 
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Users\onit\AppData\Roaming\Fighters
2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Program Files\Fighters
2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Program Files\Common Files\Common Toolkit Suite
2013-11-20 16:17 - 2013-11-20 16:19 - 00000000 ____D C:\ProgramData\Fighters
2013-11-20 16:17 - 2013-11-20 16:17 - 02589368 _____ (SPAMfighter ApS) C:\Users\onit\Desktop\spamfighter_web.exe
2013-11-20 16:10 - 2013-11-20 16:10 - 00448512 _____ (OldTimer Tools) C:\Users\onit\Desktop\TFC.exe
2013-11-20 15:21 - 2013-11-20 15:21 - 00000000 ____D C:\Users\onit\AppData\Roaming\AVAST Software
2013-11-20 15:07 - 2013-11-20 15:07 - 00002137 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-20 15:05 - 2013-11-20 15:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-20 15:04 - 2013-11-20 15:05 - 87529432 _____ (AVAST Software) C:\Users\onit\Desktop\avast_free_antivirus_setup.exe
2013-11-20 12:11 - 2013-11-20 12:11 - 00001074 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-20 12:11 - 2013-11-20 12:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-20 12:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-20 12:08 - 2013-11-20 12:08 - 00000336 _____ C:\DeQuarantine.txt
2013-11-20 12:08 - 2013-11-20 12:08 - 00000000 ____D C:\ProgramData\1&1
2013-11-20 12:07 - 2013-11-20 12:09 - 00000000 ___SD C:\ComboFix
2013-11-20 12:03 - 2013-11-20 12:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\onit\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-20 12:03 - 2013-11-20 12:03 - 02347384 _____ (ESET) C:\Users\onit\Desktop\esetsmartinstaller_enu.exe
2013-11-20 11:41 - 2013-11-20 11:41 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-20 10:39 - 2013-11-20 10:39 - 00019586 _____ C:\Users\onit\Desktop\neue Combofix.txt
2013-11-20 10:20 - 2013-11-20 10:20 - 00000972 _____ C:\Users\onit\Desktop\nach TrojanAdwCleaner[S1].txt
2013-11-20 09:55 - 2013-11-20 09:55 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-20 08:33 - 2013-11-20 08:33 - 00023580 _____ C:\Users\onit\Desktop\Addition.txt
2013-11-19 18:09 - 2013-11-19 18:09 - 00000000 ____D C:\Users\onit\AppData\Local\Secunia PSI
2013-11-19 17:55 - 2013-11-19 17:55 - 00001039 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-11-19 17:55 - 2013-11-19 17:55 - 00000000 ____D C:\Program Files\Secure Banking
2013-11-19 16:43 - 2013-11-20 16:30 - 00017667 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-19 16:42 - 2013-11-19 16:43 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:40 - 2013-11-19 16:41 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:24 - 2013-11-20 10:17 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 15:28 - 2013-11-20 10:11 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 14:41 - 2013-11-20 12:06 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 08:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-19 08:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-19 08:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-19 08:48 - 2013-11-20 12:08 - 00000000 ____D C:\Qoobox
2013-11-19 08:48 - 2013-11-19 09:01 - 00000000 ____D C:\Windows\erdnt
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:24 - 2013-11-18 12:27 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-20 16:14 - 00000896 _____ C:\Windows\setupact.log
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:34 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 17:34 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 17:34 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 17:34 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 17:34 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 17:34 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:29 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 17:29 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 17:29 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 17:29 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 17:29 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 17:29 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 17:29 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 17:29 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 17:29 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 17:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 17:28 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 17:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 17:28 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-11-20 16:30 - 2013-11-19 16:43 - 00017667 _____ C:\Users\onit\Desktop\FRST.txt
2013-11-20 16:22 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:22 - 2009-07-14 05:34 - 00013728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Users\onit\AppData\Roaming\Fighters
2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Program Files\Fighters
2013-11-20 16:19 - 2013-11-20 16:19 - 00000000 ____D C:\Program Files\Common Files\Common Toolkit Suite
2013-11-20 16:19 - 2013-11-20 16:17 - 00000000 ____D C:\ProgramData\Fighters
2013-11-20 16:18 - 2010-01-04 19:39 - 01189347 _____ C:\Windows\WindowsUpdate.log
2013-11-20 16:17 - 2013-11-20 16:17 - 02589368 _____ (SPAMfighter ApS) C:\Users\onit\Desktop\spamfighter_web.exe
2013-11-20 16:14 - 2013-11-18 11:55 - 00000896 _____ C:\Windows\setupact.log
2013-11-20 16:14 - 2010-02-21 20:13 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-20 16:14 - 2010-01-05 18:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 16:14 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 16:10 - 2013-11-20 16:10 - 00448512 _____ (OldTimer Tools) C:\Users\onit\Desktop\TFC.exe
2013-11-20 16:07 - 2012-08-18 13:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 15:55 - 2010-02-21 20:13 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-20 15:21 - 2013-11-20 15:21 - 00000000 ____D C:\Users\onit\AppData\Roaming\AVAST Software
2013-11-20 15:20 - 2010-01-04 23:30 - 00072634 _____ C:\Windows\PFRO.log
2013-11-20 15:07 - 2013-11-20 15:07 - 00002137 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-20 15:07 - 2013-03-28 09:54 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-20 15:07 - 2013-03-28 09:54 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-20 15:07 - 2012-03-28 05:46 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-20 15:07 - 2011-04-21 12:54 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-20 15:07 - 2010-06-30 05:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-20 15:07 - 2010-05-03 18:16 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-20 15:07 - 2010-05-03 18:16 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-20 15:07 - 2010-05-03 18:16 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-20 15:07 - 2010-05-03 18:16 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-20 15:07 - 2010-05-03 18:15 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-20 15:05 - 2013-11-20 15:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-20 15:05 - 2013-11-20 15:04 - 87529432 _____ (AVAST Software) C:\Users\onit\Desktop\avast_free_antivirus_setup.exe
2013-11-20 12:11 - 2013-11-20 12:11 - 00001074 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-20 12:11 - 2013-11-20 12:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-20 12:09 - 2013-11-20 12:07 - 00000000 ___SD C:\ComboFix
2013-11-20 12:08 - 2013-11-20 12:08 - 00000336 _____ C:\DeQuarantine.txt
2013-11-20 12:08 - 2013-11-20 12:08 - 00000000 ____D C:\ProgramData\1&1
2013-11-20 12:08 - 2013-11-19 08:48 - 00000000 ____D C:\Qoobox
2013-11-20 12:06 - 2013-11-19 14:41 - 05146522 ____R (Swearware) C:\Users\onit\Desktop\ComboFix.exe
2013-11-20 12:03 - 2013-11-20 12:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\onit\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-20 12:03 - 2013-11-20 12:03 - 02347384 _____ (ESET) C:\Users\onit\Desktop\esetsmartinstaller_enu.exe
2013-11-20 11:41 - 2013-11-20 11:41 - 00000000 ____D C:\Users\onit\AppData\Roaming\1&1
2013-11-20 10:39 - 2013-11-20 10:39 - 00019586 _____ C:\Users\onit\Desktop\neue Combofix.txt
2013-11-20 10:38 - 2011-08-23 18:17 - 00000000 ____D C:\Users\onit\AppData\Local\Apps\2.0
2013-11-20 10:36 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-11-20 10:20 - 2013-11-20 10:20 - 00000972 _____ C:\Users\onit\Desktop\nach TrojanAdwCleaner[S1].txt
2013-11-20 10:17 - 2013-11-19 16:24 - 00000000 ____D C:\AdwCleaner
2013-11-20 10:12 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2013-11-20 10:11 - 2013-11-19 15:28 - 00000000 ____D C:\Users\onit\Desktop\mbar
2013-11-20 09:55 - 2013-11-20 09:55 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-20 09:45 - 2011-02-16 19:25 - 00000000 ____D C:\Users\onit\AppData\Local\CrashDumps
2013-11-20 08:33 - 2013-11-20 08:33 - 00023580 _____ C:\Users\onit\Desktop\Addition.txt
2013-11-19 19:53 - 2010-01-09 09:55 - 00000000 ____D C:\Users\onit\AppData\Local\Mozilla
2013-11-19 19:11 - 2012-05-04 20:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 19:05 - 2013-08-27 10:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 18:20 - 2011-09-21 11:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 18:09 - 2013-11-19 18:09 - 00000000 ____D C:\Users\onit\AppData\Local\Secunia PSI
2013-11-19 17:55 - 2013-11-19 17:55 - 00001039 _____ C:\Users\Public\Desktop\Secure Banking.lnk
2013-11-19 17:55 - 2013-11-19 17:55 - 00000000 ____D C:\Program Files\Secure Banking
2013-11-19 17:24 - 2010-01-04 19:47 - 01645390 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-19 16:43 - 2013-11-19 16:42 - 01090881 _____ (Farbar) C:\Users\onit\Desktop\FRST.exe
2013-11-19 16:41 - 2013-11-19 16:40 - 00001650 _____ C:\Users\onit\Desktop\JRT.txt
2013-11-19 16:33 - 2013-11-19 16:33 - 00000000 ____D C:\Windows\ERUNT
2013-11-19 16:32 - 2013-11-19 16:32 - 00005800 _____ C:\Users\onit\Desktop\AdwCleaner v3.012 - Bericht erstellt am 19112013.txt
2013-11-19 16:22 - 2013-11-19 16:22 - 01085542 _____ C:\Users\onit\Desktop\adwcleaner.exe
2013-11-19 16:22 - 2013-11-19 16:22 - 01034531 _____ (Thisisu) C:\Users\onit\Desktop\JRT.exe
2013-11-19 15:27 - 2013-11-19 15:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\onit\Desktop\mbar-1.07.0.1007.exe
2013-11-19 14:47 - 2013-11-19 14:47 - 00000336 _____ C:\Users\onit\Desktop\DeQuarantine.txt
2013-11-19 09:11 - 2013-11-19 09:11 - 00022284 _____ C:\Users\onit\Desktop\Combofix.txt
2013-11-19 09:02 - 2011-07-07 19:21 - 00000000 ____D C:\Users\Admin
2013-11-19 09:02 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-19 09:01 - 2013-11-19 08:48 - 00000000 ____D C:\Windows\erdnt
2013-11-18 15:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-18 14:40 - 2011-01-24 21:51 - 00000000 ____D C:\Users\onit\AppData\Roaming\vlc
2013-11-18 13:11 - 2013-11-18 13:11 - 00000000 ____D C:\FRST
2013-11-18 12:29 - 2013-11-18 12:29 - 00065214 _____ C:\Users\onit\Desktop\osam.html
2013-11-18 12:27 - 2013-11-18 12:24 - 00000000 ____D C:\Users\onit\Desktop\osam_autorun_manager_5_0_portable
2013-11-18 11:55 - 2013-11-18 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-11-18 11:47 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-11-18 11:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-18 11:46 - 2013-03-04 19:48 - 00000000 ____D C:\Users\onit\AppData\Roaming\uTorrent
2013-11-18 11:42 - 2010-03-25 19:50 - 00000000 ____D C:\Windows\Minidump
2013-11-17 09:11 - 2013-11-17 09:11 - 00003189 _____ C:\Users\onit\Desktop\Sophos Virus Removal Tool.lnk
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\ProgramData\Sophos
2013-11-17 09:11 - 2013-11-17 09:11 - 00000000 ____D C:\Program Files\Sophos
2013-11-15 17:36 - 2010-01-12 17:54 - 00000000 ____D C:\Windows\WindowsMobile
2013-11-15 17:36 - 2009-07-14 03:04 - 00000572 _____ C:\Windows\win.ini
2013-11-15 17:33 - 2013-07-14 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 17:30 - 2010-01-04 20:53 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-04 19:40 - 2010-01-04 22:11 - 00135808 _____ C:\Users\onit\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 00:15

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by onit at 2013-11-20 16:30:22
Running from C:\Users\onit\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (Version: 1.6)
1&1 Upload-Manager (Version: 2.0.676)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
AnyDVD (Version: 7.0.7.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 9.0.2008)
AviSynth 2.5
AVM FRITZ!Box AddOn (IE) (Version: 1.5.5)
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0)
AVM FRITZ!WLAN
Bonjour (Version: 3.0.0.10)
CDex extraction audio
CloneDVD2 (Version: 2.9.2.8)
Cole2k Media - Nero Audio Plugin Pack
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoreAVC Professional Edition (remove only)
DHTML Editing Component (Version: 6.02.0001)
DivX-Setup (Version: 2.1.2.2)
EASEUS Partition Master 4.1.1 Home Edition
Free YouTube to MP3 Converter version 3.2
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HijackThis 2.0.2 (Version: 2.0.2)
hp officejet v series (Version: 1.00.0000)
IE7Pro (Version: 2.3.6)
ImgBurn (Version: 2.5.5.0)
iPhone-Konfigurationsprogramm (Version: 3.6.2.300)
iTunes (Version: 11.0.5.5)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
K-Lite Mega Codec Pack 7.9.0 (Version: 7.9.0)
LightScribe System Software (Version: 1.18.24.1)
Logitech GamePanel Software 3.04.137 (Version: 3.04.137)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech Touch Mouse Server 1.0 (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Outlook-Sicherung für Persönliche Ordner (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (HKCU Version: 7.27)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.03.1151)
Nero Mega Plugin Pack (Version: 2.0)
Nero Reloaded PlugIn Pack 2.0.4 by GEAR (Version: 2.0.4)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Performance (Version: 6.5)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA System Monitor (Version: 6.5)
NVIDIA System Update (Version: 3.00)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OP-COM USB V2 Driver
OpenSSL 1.0.0c Light (32-bit)
PC Connectivity Solution (Version: 9.13.1.0)
PS3 Media Server (Version: 1.50.0)
PVSonyDll (Version: 1.00.0001)
Remote Control USB Driver (Version: 2.3.2.317)
Samsung PC Studio 7 (Version: 7.2.24.9)
SamsungConnectivityCableDriver (Version: 6.83.6.2)
SDFormatter (Version: 3.0.0)
Secure Banking Version 1.5.2 (Version: 1.5.2)
Sniper Elite
Sophos Virus Removal Tool (Version: 2.4)
SPAMfighter (Version: 7.6.82)
SpeedFan (remove only)
Tag-It 666
TeamViewer 8 (Version: 8.0.22298)
Turbo Lister 2 (Version: 2.00.0000)
UnderCoverXP 1.08
Uninstall 1.0.0.1
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 2.0.1 (Version: 2.0.1)
WBFS Manager 3.0 (Version: 3.0)
Winamp (nur entfernen)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR archiver
WOT für Internet Explorer (Version: 10.2.5.0)
XnView 1.97 (Version: 1.97)
YTD Video Downloader 3.9.6 (Version: 3.9.6)
Zoggi 4.1.4  (Version: 4.1.4)
Zuma's Revenge! - Abenteuer

==================== Restore Points  =========================

20-11-2013 15:18:08 Installed SPAMfighter.

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-11-20 10:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14553297-A560-471C-98AA-93698E8EA390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {3A51A016-4F26-46E4-AC51-7D5D8F300E44} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {5F208A1D-E7D6-4550-96EE-A64535CA7477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21] (Google Inc.)
Task: {6B1D1B8A-E793-4AED-9BE4-35793A313FB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19] (Adobe Systems Incorporated)
Task: {8402C223-2FB0-4CBD-AC8B-9770DF4BA114} - System32\Tasks\{E6769B2B-CE60-4B1A-A277-79D65D884C5D} => D:\Down\Groschengrabdeluxe\ggdqueens.exe
Task: {8C869081-5264-4122-99F1-AD2007D5D715} - System32\Tasks\{C10C398F-C073-4216-B78E-852C2BF35B65} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: {9F6F41D0-B5CF-42C6-A39D-E94F18D57CAC} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-11-20] (AVAST Software)
Task: {AF8920E9-3BED-4C24-AEAB-54D87B85E876} - System32\Tasks\{E4D858FA-0CFC-4FBD-92C9-40E7AF58EAE7} => V:\PANTHEON\pdx-ac7p.exe
Task: {B58442BA-6DBE-4529-AB0C-75EC3A96E90E} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {CBFA67D6-4160-499E-8CB5-16902FBD8C0A} - System32\Tasks\{2C99D700-C784-4A92-B5A9-ECBE65D4018C} => D:\Down\Groschengrabdeluxe\groschengrabdeluxe128.exe
Task: {D384618B-86C0-4B41-AC95-00DA3CEAA3C0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E25E365F-0AFC-4FD8-8195-537AD8B501B4} - System32\Tasks\{8BFF3CA3-261C-4A0A-9550-B82E3E2CF757} => D:\Down\Groschengrabdeluxe\ggdmega2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-12-06 01:41 - 2008-12-06 01:41 - 00619008 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll
2009-05-16 00:22 - 2009-05-16 00:22 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-01-07 20:46 - 2010-02-10 18:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-20 15:07 - 2013-11-20 15:07 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2008-12-05 16:15 - 2008-12-05 16:15 - 01581056 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtCore4.dll
2008-12-05 16:23 - 2008-12-05 16:23 - 06402048 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtGui4.dll
2008-12-05 16:15 - 2008-12-05 16:15 - 00356352 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\QtXml4.dll
2009-05-16 00:10 - 2009-05-16 00:10 - 00716800 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSCM.dll
2008-12-06 01:25 - 2008-12-06 01:25 - 00004608 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\PCSL.dll
2008-12-06 01:50 - 2008-12-06 01:50 - 00713728 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\styles\NGLStyle.dll
2008-12-05 16:31 - 2008-12-05 16:31 - 00131072 _____ () C:\Program Files\Samsung\Samsung PC Studio 7\imageformats\qjpeg4.dll
2013-11-19 17:55 - 2013-06-30 17:01 - 00017920 _____ () C:\Program Files\Secure Banking\SecureBanking.dll
2013-11-19 17:55 - 2013-05-26 13:13 - 00008704 _____ () C:\Program Files\Secure Banking\funcs.dll
2013-10-30 15:31 - 2013-10-30 15:31 - 00541216 _____ () C:\Program Files\Fighters\SPAMfighter\sfsg.dll
2013-10-30 15:31 - 2013-10-30 15:31 - 00966688 _____ () C:\Program Files\Fighters\SPAMfighter\sfse.dll
2010-02-05 13:14 - 2010-02-05 13:14 - 01276576 _____ () C:\Program Files\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\onit\Downloads:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Autodata Protection Service
Description: Autodata Protection Service
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard system devices)
Service: adatadrv
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2013 03:06:25 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9b1c2bf8-6d8f-4cbf-83e1-cdbcce01ff44}

Error: (11/20/2013 02:32:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004a01
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (11/20/2013 10:10:34 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e12900f9-ce94-4515-8026-ef6dcea4bb9f}

Error: (11/20/2013 09:45:32 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16736, Zeitstempel: 0x5258c4cc
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f94515
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a2519
ID des fehlerhaften Prozesses: 0x1df8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/20/2013 09:21:41 AM) (Source: ESENT) (User: )
Description: taskhost (4004) Versuch, Datei "C:\Users\onit\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (11/20/2013 00:32:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/19/2013 07:43:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4
Ausnahmecode: 0x40000015
Fehleroffset: 0x0010333f
ID des fehlerhaften Prozesses: 0xd94
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service) (User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/19/2013 07:09:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9015, Zeitstempel: 0x5277789f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055fb6
ID des fehlerhaften Prozesses: 0x7f0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3


System errors:
=============
Error: (11/20/2013 04:17:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/20/2013 04:17:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/20/2013 04:15:31 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
eusk2par

Error: (11/20/2013 04:15:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TIS 2000 Apache Web Server" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/20/2013 04:14:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "COSIDS_TB" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/20/2013 04:14:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! iAVS4 Control Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/20/2013 04:10:53 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/20/2013 04:06:27 PM) (Source: DCOM) (User: onit-PC)
Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}onit-PConitS-1-5-21-3950459187-3028487568-1057048190-1001LocalHost (unter Verwendung von LRPC)

Error: (11/20/2013 03:23:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/20/2013 03:23:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (11/20/2013 03:06:25 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9b1c2bf8-6d8f-4cbf-83e1-cdbcce01ff44}

Error: (11/20/2013 02:32:11 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c000000500004a017b001cee5dd01b61b80C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll28294e28-51e8-11e3-a796-000d88f2db2e

Error: (11/20/2013 10:10:34 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e12900f9-ce94-4515-8026-ef6dcea4bb9f}

Error: (11/20/2013 09:45:32 AM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.167365258c4ccnvwgf2um.dll9.18.13.110650f94515c0000005001a25191df801cee5ccdbf051a0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvwgf2um.dll1d52a120-51c0-11e3-a049-000d88f2db2e

Error: (11/20/2013 09:21:41 AM) (Source: ESENT)(User: )
Description: taskhost4004C:\Users\onit\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/20/2013 00:32:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Samsung\Samsung PC Studio 7\TIS_VistaPIM.dll

Error: (11/19/2013 07:43:26 PM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.13.110650f950f4nvtray.exe7.17.13.110650f950f4400000150010333fd9401cee552e2c000e0C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe792e0a28-514a-11e3-b8cd-000d88f2db2e

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service)(User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (11/19/2013 07:12:20 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/19/2013 07:09:02 PM) (Source: Application Error)(User: )
Description: PSIA.exe3.0.0.90155277789fntdll.dll6.1.7601.18247521ea91cc000000500055fb67f001cee550e8a050c0C:\Program Files\Secunia\PSI\PSIA.exeC:\Windows\SYSTEM32\ntdll.dllab465f60-5145-11e3-867d-000d88f2db2e


CodeIntegrity Errors:
===================================
  Date: 2013-03-29 22:08:14.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-29 22:02:09.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\Program Files\BufferZone\RlHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 2047.55 MB
Available physical RAM: 844.86 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2616.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.63 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:58.92 GB) (Free:16.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Torrent) (Fixed) (Total:872.59 GB) (Free:337.24 GB) NTFS
Drive e: (DOWNLOAD) (Fixed) (Total:39.06 GB) (Free:7.84 GB) NTFS
Drive f: (IMAGE) (Fixed) (Total:48.83 GB) (Free:35.8 GB) NTFS
Drive g: (SICHERUNG) (Fixed) (Total:39.07 GB) (Free:7.03 GB) NTFS
Drive h: (MP3´s und Filme) (Fixed) (Total:117.19 GB) (Free:24.76 GB) NTFS
Drive i: (SPIELE) (Fixed) (Total:35.31 GB) (Free:18.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 279 GB) (Disk ID: 9F3861B7)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 001DA9A3)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=873 GB) - (Type=OF Extended)

==================== End Of Log ============================
ThX onitp

Alt 20.11.2013, 16:41   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avast hat Rootkit gefunden - Standard

avast hat Rootkit gefunden


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S1 aqimwooj; \??\C:\Windows\system32\drivers\aqimwooj.sys [x]
Startup: C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbnj672j.lnk
ShortcutTarget: jbnj672j.lnk -> C:\PROGRA~2\j276jnbj.dss (No File)
C:\Windows\system32\drivers\aqimwooj.sys
C:\Users\onit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbnj672j.lnk

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu avast hat Rootkit gefunden
.dll, acrobat update, adobe, antivirus, autorun, avast, bho, bonjour, browser, device driver, flash player, flashplayercplapp.cpl, generic, helper, internet, internet explorer, logfile, mozilla, nvidia, performance, plug-in, preferences, registry, registry key, rootkit, security, software, stick, symantec, system, usp10.dll, windows


« Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online | Win7 - TR/Crypt.XPACK.Gen7 »


Ähnliche Themen: avast hat Rootkit gefunden


  1. Windows7, Fehlermeldung von Avast: Rootkit gefunden
    Log-Analyse und Auswertung - 08.02.2015 (25)
  2. Win32:rootkit-gen [RtK] durch Avast gefunden.
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  3. Avast findet Win32:Rootkit-gen
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  4. Avast Rootkit
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (11)
  5. Win32:Rootkit-gen [Rtk] von Avast! gemeldet - Was tun?
    Log-Analyse und Auswertung - 31.12.2014 (3)
  6. Avast: Rootkit: hidden file (Schweregrad: Hoch), Malewarebytes: Keine Bedrohung gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (5)
  7. Avast meldet Rootkit bei neuem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (9)
  8. Avast-Fund: Rootkit IconMan_R ?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2014 (14)
  9. Win32-rootkit-gen von Avast erkannt
    Log-Analyse und Auswertung - 25.04.2014 (11)
  10. Hilfe: Avast hat Rootkit hidden files in WinSxS Ordner gefunden
    Log-Analyse und Auswertung - 17.01.2014 (5)
  11. Win32:rootkit-gen [Rtk] von avast! gefunden - Wie werde ich den wieder los?
    Log-Analyse und Auswertung - 19.11.2013 (9)
  12. Rootkit "FlashUpdateService" von Avast! gefunden, zweiter Fund mit ähnlichem Namen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (9)
  13. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  14. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  15. Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (36)
  16. avast! findet Rootkit - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (1)
  17. avast! meldet Bedrohung: Win32:rootkit-gen [Rtk]
    Log-Analyse und Auswertung - 03.12.2010 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema avast hat Rootkit gefunden - Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop. Starte bitte die mbar.exe . Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit - avast hat Rootkit gefunden...
Archiv
Du betrachtest: avast hat Rootkit gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131