Win32:Evo-gen [Susp]

porsche123 · 22.07.2014, 13:35

Win32:Evo-gen [Susp]

Habe bei einer Überprüfunf mit aswMBR folgendes Log erhalten:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-07-22 13:22:32
-----------------------------
13:22:32.038 OS Version: Windows 5.1.2600 Service Pack 3
13:22:32.038 Number of processors: 2 586 0x409
13:22:32.038 ComputerName: PC UserName:
13:22:32.616 Initialize success
13:22:36.929 AVAST engine defs: 14072101
13:22:40.163 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:22:40.179 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
13:22:40.273 Disk 0 MBR read successfully
13:22:40.273 Disk 0 MBR scan
13:22:40.491 Disk 0 Windows XP default MBR code
13:22:40.491 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 204805 MB offset 63
13:22:40.554 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 272132 MB offset 419441085
13:22:40.554 Disk 0 scanning sectors +976768065
13:22:40.663 Disk 0 scanning C:\WINDOWS\system32\drivers
13:22:48.241 Service scanning
13:22:59.319 Modules scanning
13:23:03.007 Disk 0 trace - called modules:
13:23:03.023 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:23:03.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1eeab8]
13:23:03.023 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a1919e8]
13:23:03.023 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a162940]
13:23:03.585 AVAST engine scan C:\WINDOWS
13:23:06.288 AVAST engine scan C:\WINDOWS\system32
13:25:06.163 AVAST engine scan C:\WINDOWS\system32\drivers
13:25:19.788 AVAST engine scan C:\Dokumente und Einstellungen\MundK
13:26:45.976 AVAST engine scan C:\Dokumente und Einstellungen\All Users
13:28:40.773 File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm\tmp\PL39x\6\p\d\SfImpAkk.dll **INFECTED** Win32:Evo-gen [Susp]
13:28:51.116 File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm\tmp\PL39x\95\p\d\SfImpAkk.dll **INFECTED** Win32:Evo-gen [Susp]
13:29:56.351 File: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm\versionsupdate\setup\program files\sfirm\sfimpakk.dll **INFECTED** Win32:Evo-gen [Susp]
13:30:18.304 Scan finished successfully
14:02:09.241 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\Sicherheit\MBR.dat"
14:02:09.256 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\Sicherheit\kaspersky.txt"
14:03:28.100 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\MBR.dat"
14:03:28.100 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\aswMBR.txt"

Habe ich in Sfirm einen Virus?

schrauber · 22.07.2014, 15:12

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

porsche123 · 23.07.2014, 07:18

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by MundK (administrator) on PC on 23-07-2014 08:13:18
Running from C:\Dokumente und Einstellungen\MundK\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Nero AG) C:\Programme\Nero\Update\NASvc.exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMTray.exe
(Acronis) C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
() C:\Programme\Microsoft Office\Office\OSA.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Spartacus-Filter) C:\Programme\Outlook Express\Spartacus.exe
(Microsoft Corporation) C:\Programme\Outlook Express\msimn.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-507921405-1123561945-1644491937-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x43010000
Startup: C:\Dokumente und Einstellungen\MundK\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk
ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\MundK\Startmenü\Programme\Autostart\Office-Start.lnk
ShortcutTarget: Office-Start.lnk -> C:\Programme\Microsoft Office\Office\OSA.EXE ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356612627250
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Mozilla\Firefox\Profiles\jokix7qa.default-1389096575000
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy Copy - C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Mozilla\Firefox\Profiles\jokix7qa.default-1389096575000\Extensions\easycopy@smokyink.com [2014-06-13]
FF Extension: WOT - C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Mozilla\Firefox\Profiles\jokix7qa.default-1389096575000\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-07]
FF Extension: NoScript - C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Mozilla\Firefox\Profiles\jokix7qa.default-1389096575000\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Mozilla\Firefox\Profiles\jokix7qa.default-1389096575000\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
FF Extension: avast! Ad Blocker - C:\Programme\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-06-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-01-13]

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [3246040 2012-12-25] (Acronis)
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-01-17] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-01-17] (Google Inc.)
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-07-11] (Oracle Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-06-14] (Mozilla Foundation)
U2 NAUpdate; C:\Programme\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [612416 2004-04-15] (Analog Devices, Inc.) [File not signed]
S3 catchme; \??\C:\DOKUME~1\MundK\LOKALE~1\Temp\catchme.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 08:13 - 2014-07-23 08:14 - 00011459 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\FRST.txt
2014-07-23 08:12 - 2014-07-23 08:13 - 00000000 ____D () C:\FRST
2014-07-23 08:12 - 2014-07-23 08:12 - 01080320 _____ (Farbar) C:\Dokumente und Einstellungen\MundK\Desktop\FRST.exe
2014-07-22 14:17 - 2014-07-22 14:17 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\3
2014-07-22 14:15 - 2014-07-22 14:15 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\2
2014-07-22 14:12 - 2014-07-22 14:12 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\1
2014-07-22 14:03 - 2014-07-22 14:03 - 00002782 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\aswMBR.txt
2014-07-22 14:03 - 2014-07-22 14:03 - 00000512 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\MBR.dat
2014-07-18 21:02 - 2014-07-18 21:02 - 00001936 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140718_210251.reg
2014-07-16 23:28 - 2014-07-16 23:28 - 00003896 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140716_232838.reg
2014-07-16 17:15 - 2014-07-16 17:15 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-07-16 17:15 - 2014-07-16 17:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-07-16 17:15 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-16 17:15 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-16 17:15 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-16 17:15 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-16 17:15 - 2014-07-11 02:36 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-07-07 08:15 - 2014-07-07 08:15 - 00001698 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140707_081522.reg
2014-07-07 08:07 - 2014-07-07 08:07 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-07 08:04 - 2014-07-07 08:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-02 17:31 - 2014-07-02 17:31 - 00000109 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\JOBBÖRSE.URL
2014-07-01 11:33 - 2014-07-01 11:33 - 00000000 ____D () C:\Programme\CDViewer
2014-07-01 11:14 - 2014-07-01 11:14 - 00000037 _____ () C:\WINDOWS\iltwain.ini
2014-06-23 11:24 - 2014-06-23 11:24 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\XMedia Recode

==================== One Month Modified Files and Folders =======

2014-07-23 08:14 - 2014-07-23 08:13 - 00011459 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\FRST.txt
2014-07-23 08:14 - 2012-12-25 14:47 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Lokale Einstellungen\Temp
2014-07-23 08:13 - 2014-07-23 08:12 - 00000000 ____D () C:\FRST
2014-07-23 08:12 - 2014-07-23 08:12 - 01080320 _____ (Farbar) C:\Dokumente und Einstellungen\MundK\Desktop\FRST.exe
2014-07-23 08:12 - 2014-04-12 14:27 - 01808577 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 08:11 - 2013-01-13 20:24 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-23 08:09 - 2012-12-25 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 08:09 - 2012-12-25 14:34 - 01200936 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-23 08:06 - 2013-10-29 12:49 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP
2014-07-23 08:05 - 2014-04-12 14:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-23 08:05 - 2014-04-12 14:28 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-23 08:05 - 2013-01-17 11:09 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 08:05 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-23 08:04 - 2012-12-25 14:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 23:04 - 2014-04-12 14:28 - 00032562 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-22 23:04 - 2012-12-25 15:47 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-07-22 23:04 - 2012-12-25 14:47 - 00000190 ___SH () C:\Dokumente und Einstellungen\MundK\ntuser.ini
2014-07-22 23:03 - 2012-12-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\MundK\Desktop\Sicherheit
2014-07-22 22:53 - 2013-01-17 11:09 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 15:31 - 2012-12-25 16:07 - 00000000 ____D () C:\MundK
2014-07-22 14:17 - 2014-07-22 14:17 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\3
2014-07-22 14:15 - 2014-07-22 14:15 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\2
2014-07-22 14:12 - 2014-07-22 14:12 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Desktop\1
2014-07-22 14:09 - 2014-04-11 19:51 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:03 - 2014-07-22 14:03 - 00002782 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\aswMBR.txt
2014-07-22 14:03 - 2014-07-22 14:03 - 00000512 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\MBR.dat
2014-07-22 13:22 - 2012-12-25 14:47 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK
2014-07-22 13:20 - 2012-12-25 14:34 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-07-22 08:04 - 2012-12-25 14:34 - 00000000 ____D () C:\Programme
2014-07-21 20:47 - 2012-12-25 16:51 - 00041472 _____ () C:\Dokumente und Einstellungen\MundK\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-21 17:55 - 2013-01-13 17:23 - 00000000 ____D () C:\Programme\JDownloader
2014-07-21 14:43 - 2012-12-31 17:11 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\vlc
2014-07-21 11:54 - 2012-12-25 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\Eigene Bilder
2014-07-21 11:52 - 2012-12-25 17:59 - 00000000 ____D () C:\Dokumente und Einstellungen\MundK\Anwendungsdaten\Canon
2014-07-19 10:21 - 2012-12-28 11:43 - 01266647 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-507921405-1123561945-1644491937-1003-0.dat
2014-07-19 10:21 - 2012-12-28 11:43 - 00163706 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2014-07-18 21:02 - 2014-07-18 21:02 - 00001936 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140718_210251.reg
2014-07-18 14:00 - 2013-01-03 13:22 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm
2014-07-18 13:51 - 2013-01-03 13:22 - 00000000 ____D () C:\Programme\SFirm
2014-07-17 13:01 - 2012-12-25 17:00 - 00015380 _____ () C:\WINDOWS\MundK.acl
2014-07-16 23:28 - 2014-07-16 23:28 - 00003896 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140716_232838.reg
2014-07-16 18:19 - 2012-12-25 20:26 - 00000000 ____D () C:\TEMP
2014-07-16 17:15 - 2014-07-16 17:15 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-07-16 17:15 - 2014-07-16 17:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-07-16 17:15 - 2014-06-14 13:45 - 00000000 ____D () C:\Programme\Java
2014-07-16 16:42 - 2012-12-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\MundK\Desktop\Scans
2014-07-11 03:02 - 2014-07-16 17:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-16 17:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-11 02:56 - 2014-07-16 17:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-11 02:55 - 2014-07-16 17:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-11 02:36 - 2014-07-16 17:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-07-09 09:09 - 2012-12-25 16:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 09:09 - 2012-12-25 16:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-09 08:18 - 2013-08-15 10:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 08:16 - 2012-12-25 15:45 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-07 16:54 - 2012-12-25 22:36 - 00002523 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Nero 12.lnk
2014-07-07 16:43 - 2014-02-01 23:48 - 00000000 ____D () C:\AdwCleaner
2014-07-07 08:15 - 2014-07-07 08:15 - 00001698 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\cc_20140707_081522.reg
2014-07-07 08:07 - 2014-07-07 08:07 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-07 08:04 - 2014-07-07 08:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-07 08:04 - 2014-04-24 08:15 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-07 08:04 - 2013-03-01 09:02 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-07 08:04 - 2013-03-01 09:02 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-07 08:04 - 2013-03-01 09:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-07-07 08:04 - 2013-01-13 20:24 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-07 08:04 - 2013-01-13 20:24 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-07 08:04 - 2013-01-13 20:24 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-07 08:04 - 2013-01-13 20:24 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-07 08:04 - 2013-01-13 20:24 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-02 21:17 - 2014-04-28 11:45 - 00000572 _____ () C:\Dokumente und Einstellungen\MundK\Eigene Dateien\spider.sav
2014-07-02 17:31 - 2014-07-02 17:31 - 00000109 _____ () C:\Dokumente und Einstellungen\MundK\Desktop\JOBBÖRSE.URL
2014-07-01 11:33 - 2014-07-01 11:33 - 00000000 ____D () C:\Programme\CDViewer
2014-07-01 11:14 - 2014-07-01 11:14 - 00000037 _____ () C:\WINDOWS\iltwain.ini
2014-07-01 10:55 - 2013-11-14 12:42 - 00007168 _____ () C:\WINDOWS\MundK.pcb
2014-06-23 11:25 - 2012-12-25 19:23 - 00000000 ___RD () C:\Dokumente und Einstellungen\MundK\Desktop\Brennprogramme
2014-06-23 11:24 - 2014-06-23 11:24 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\XMedia Recode
2014-06-23 11:24 - 2014-03-27 23:08 - 00000000 ____D () C:\Programme\XMedia Recode

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ==========================

--- --- ---
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by MundK at 2014-07-23 08:15:10
Running from C:\Dokumente und Einstellungen\MundK\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.4.8696 - )
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertXtoDVD 4.1.18.363 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.18.363 - )
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Free DWG Viewer 7.1 (HKLM\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IsoBuster 2.3 (HKLM\...\IsoBuster_is1) (Version: 2.3 - Smart Projects)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.64 (HKLM\...\MediaInfo) (Version: 0.7.64 - MediaArea.net)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
mkv2vob (HKLM\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVToolNix 6.8.0 (32bit) (HKLM\...\MKVToolNix) (Version: 6.8.0 - Moritz Bunkus)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 12 (HKLM\...\{5019D24D-A627-4402-A393-A3AAAF13DE56}) (Version: 12.0.01600 - Nero AG)
Nero 12 Content Pack (HKLM\...\{B14F874A-79C7-4756-9826-69BAB8F60E6F}) (Version: 12.0.00100 - Nero AG)
Nero Abstract Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (Version: 12.0.20064 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
Nero Burning ROM (Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (Version: 11.0.23400 - Nero AG) Hidden
Nero Disc Menus 1 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (Version: 15.0.10011 - Nero AG) Hidden
Nero Express (Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (Version: 12.0.13000 - Nero AG) Hidden
Nero Family and Events Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (Version: 15.0.10008 - Nero AG) Hidden
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Kwik Themes Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero MediaHome (Version: 1.22.3800 - Nero AG) Hidden
Nero MediaHome Help (CHM) (Version: 15.0.00021 - Nero AG) Hidden
Nero PiP Effects 1 (Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (Version: 15.0.10008 - Nero AG) Hidden
Nero Platinum Effects 12 (Version: 15.0.10011 - Nero AG) Hidden
Nero Prerequisite Installer 2.0 (HKLM\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Nero Recode (Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Retro Film Themes (Version: 12.0.11700 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.15005 - Nero AG) Hidden
Nero Update (Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (Version: 12.0.12000 - Nero AG) Hidden
Nero Video Samples (Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (Version: 12.0.11500 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
O&O SafeErase (HKLM\...\{53480280-DE8B-445F-9676-FAE6293E06E5}) (Version: 2.0.554 - O&O Software GmbH)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
ReOrganize! (HKLM\...\ReOrganize_is1) (Version: 2.3.1 - Oliver Frietsch)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SFirm (HKLM\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4070 - Analog Devices)
Spartacus Spam-Filter für Outlook Express (HKLM\...\{BD3DB046-7B8D-46C3-BAEE-DC1DCDBFE3C1}) (Version: 1.3.1 - Spartacus-Filter)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WAV To MP3 V2 (HKLM\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Welcome App (Start-up experience) (Version: 12.0.15000 - Nero AG) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
XMedia Recode Version 3.1.9.0 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.0 - XMedia Recode)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

22-07-2014 11:21:24 Systemprüfpunkt

==================== Hosts content: ==========================

2008-04-14 14:00 - 2013-01-06 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Nero Info.job => C:\Programme\Gemeinsame Dateien\Nero\Nero Info\NeroInfo.exe

==================== Loaded Modules (whitelisted) =============

2013-01-13 20:23 - 2014-07-07 08:04 - 00301152 _____ () C:\Programme\AVAST Software\Avast\aswProperty.dll
2014-07-22 21:54 - 2014-07-22 21:54 - 02794496 _____ () C:\Programme\AVAST Software\Avast\defs\14072201\algo.dll
2013-01-22 11:40 - 2005-01-06 18:33 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll
2004-08-20 20:13 - 2004-08-20 20:13 - 00003584 _____ () C:\Programme\Outlook Express\SpartacusHelper.dll
2011-09-22 23:20 - 2011-09-22 23:20 - 11233136 _____ () C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
2013-10-28 14:36 - 2014-07-07 08:04 - 19329904 _____ () C:\Programme\AVAST Software\Avast\libcef.dll
1996-12-14 01:00 - 1996-12-14 01:00 - 00051984 _____ () C:\Programme\Microsoft Office\Office\OSA.EXE
1996-12-14 01:00 - 2012-12-25 16:03 - 03792896 _____ () C:\Programme\Microsoft Office\Office\MSO97.DLL
2014-06-14 13:35 - 2014-06-14 13:35 - 03852912 _____ () C:\Programme\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: KiesPreload => C:\Programme\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Programme\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => C:\Programme\PDF24\pdf24.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme Gigabit Ethernet
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 08:09:39 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.


System errors:
=============
Error: (07/22/2014 04:29:40 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:17:00 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:12:55 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:11:38 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:09:12 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:06:24 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:04:41 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 03:03:50 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 02:59:55 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2

Error: (07/22/2014 02:59:05 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort2


Microsoft Office Sessions:
=========================
Error: (07/23/2014 08:09:39 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 3063.43 MB
Available physical RAM: 2356.16 MB
Total Pagefile: 4952.44 MB
Available Pagefile: 4383.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200.01 GB) (Free:184.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Lokaler Datenträger) (Fixed) (Total:265.75 GB) (Free:250.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D17A1A62)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=266 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 23.07.2014, 15:46

Lass die angemeckerten Dateien bitte bei www.virustotal.com scannen.

porsche123 · 23.07.2014, 19:22

Hallo Schrauber,
erst einmal vielen Dank für deine Hilfe!!!!

Da ich mit meinem Computer Online-Banking mache, habe ich doch etwas
"Schiss" bekommen.

Ich mache regelmässig eine Kopie meines Systems mit Acronis.
Die letzte lag nur 14 Tage zurück - habesie einfach wieder aufgespielt und siehe da:
nach erneutem Test mit aswMBR war der Virus nicht mehr da.

Habe das Log noch einmal beigefügt, hoffe jetzt ist wieder alles in Ordnung.
Soll ich noch einen anderen Test durchführen?

Viele Grüsse Porsche

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-07-23 13:35:59
-----------------------------
13:35:59.921 OS Version: Windows 5.1.2600 Service Pack 3
13:35:59.921 Number of processors: 2 586 0x409
13:35:59.921 ComputerName: PC UserName:
13:36:00.890 Initialize success
13:36:04.546 AVAST engine defs: 14072201
13:36:09.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:36:09.578 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
13:36:09.687 Disk 0 MBR read successfully
13:36:09.687 Disk 0 MBR scan
13:36:09.687 Disk 0 Windows XP default MBR code
13:36:09.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 204805 MB offset 63
13:36:09.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 272132 MB offset 419441085
13:36:09.703 Disk 0 scanning sectors +976768065
13:36:09.796 Disk 0 scanning C:\WINDOWS\system32\drivers
13:36:17.812 Service scanning
13:36:26.921 Modules scanning
13:36:32.578 Disk 0 trace - called modules:
13:36:32.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:36:32.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a20d548]
13:36:32.609 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a1809e8]
13:36:32.609 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a162940]
13:36:33.593 AVAST engine scan C:\
14:51:19.359 Scan finished successfully
15:20:09.468 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\MBR.dat"
15:20:09.468 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-23 15:30:35
-----------------------------
15:30:35.906 OS Version: Windows 5.1.2600 Service Pack 3
15:30:35.906 Number of processors: 2 586 0x409
15:30:35.906 ComputerName: PC UserName:
15:30:38.375 Initialize success
15:30:38.375 VM: initialized successfully
15:30:38.421 VM: Intel CPU virtualization not supported
15:30:42.187 AVAST engine defs: 14072201
15:30:48.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:30:48.203 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
15:30:48.406 Disk 0 MBR read successfully
15:30:48.406 Disk 0 MBR scan
15:30:51.359 Disk 0 Windows XP default MBR code
15:30:51.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 204805 MB offset 63
15:30:51.406 Disk 0 Boot: NTFS code=1
15:30:51.718 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 272132 MB offset 419441085
15:30:51.796 Disk 0 scanning sectors +976768065
15:30:52.328 Disk 0 scanning C:\WINDOWS\system32\drivers
15:31:10.109 Service scanning
15:31:20.015 Modules scanning
15:31:23.406 Disk 0 trace - called modules:
15:31:23.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:31:23.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1ebab8]
15:31:23.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a19a9e8]
15:31:23.421 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a1b0940]
15:31:24.078 AVAST engine scan C:\
16:41:51.750 Scan finished successfully
19:56:05.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\MBR.dat"
19:56:06.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MundK\Desktop\aswMBR.txt"

schrauber · 24.07.2014, 17:22

ich denke zwar es war ne Fehlerkennung, aber ok

23.07.2014, 15:46	#4
schrauber /// the machine /// TB-Ausbilder	Win32:Evo-gen [Susp] Lass die angemeckerten Dateien bitte bei www.virustotal.com scannen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

24.07.2014, 17:22	#6
schrauber /// the machine /// TB-Ausbilder	Win32:Evo-gen [Susp] ich denke zwar es war ne Fehlerkennung, aber ok __________________ --> Win32:Evo-gen [Susp]

Win32:Evo-gen [Susp]

Log-Analyse und Auswertung: Win32:Evo-gen [Susp]