FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by Plankton (administrator) on PLANKTON-PC on 13-01-2014 23:35:51
Running from C:\Users\Plankton\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\System32\XSrvSetup.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Megatech\MProtect\MPServ.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [KMCONFIG] - C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe [375808 2013-10-24] (Company)
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-13]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2013-08-29]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-12-26]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]
Chrome:
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
========================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [204800 2007-09-07] (UASSOFT.COM)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Megatech-Software-Protection; C:\Program Files\Megatech\MProtect\MPServ.EXE [36864 2007-12-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
==================== Drivers (Whitelisted) ====================
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 uwtcakod; \??\C:\Users\Plankton\AppData\Local\Temp\uwtcakod.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 23:35 - 2014-01-13 23:35 - 00018288 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-13 22:01 - 2014-01-13 22:01 - 01219584 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 09:56 - 2014-01-13 21:59 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 09:55 - 2014-01-13 21:59 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-13 09:55 - 2014-01-13 21:59 - 00000112 _____ C:\Windows\setupact.log
2014-01-13 09:55 - 2014-01-13 09:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-13 23:19 - 00006428 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-15 21:05 - 2013-12-15 21:08 - 00000000 ____D C:\Users\Plankton\Desktop\Schwert
==================== One Month Modified Files and Folders =======
2014-01-13 23:36 - 2014-01-13 23:35 - 00018288 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 23:28 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-13 23:19 - 2014-01-12 20:26 - 00006428 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-13 23:09 - 2013-10-10 08:17 - 00037066 _____ C:\Windows\WindowsUpdate.log
2014-01-13 22:52 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:37 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:06 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 22:06 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 22:03 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-13 22:01 - 2014-01-13 22:01 - 01219584 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 21:59 - 2014-01-13 09:56 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 21:59 - 2014-01-13 09:55 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-13 21:59 - 2014-01-13 09:55 - 00000112 _____ C:\Windows\setupact.log
2014-01-13 21:59 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 21:59 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 09:55 - 2014-01-13 09:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 23:10 - 2013-12-06 21:42 - 00125716 _____ C:\Windows\PFRO.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 22:08 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-15 21:08 - 2013-12-15 21:05 - 00000000 ____D C:\Users\Plankton\Desktop\Schwert
Some content of TEMP:
====================
C:\Users\Plankton\AppData\Local\Temp\CoFix.exe
C:\Users\Plankton\AppData\Local\Temp\ComboFix.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 16:16
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-01-2014 02
Ran by Plankton at 2014-01-13 22:03:31
Running from C:\Users\Plankton\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
7-Zip 9.28 alpha (Version: - )
Acer eBook Manager (Version: 1.00.3008 - Acer Incorporated)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AnyDVD (Version: 6.7.7.0 - SlySoft)
Application Profiles (Version: 2.0.4148.33974 - ATI Technologies, Inc.)
calibre (Version: 0.8.58 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.04 - Piriform)
CloneDVD2 (Version: 2.9.2.8 - Elaborate Bytes)
CloneSpy 2.7 (Version: - CloneSpy)
COMODO Internet Security (Version: 5.3.50343.1263 - COMODO Group Inc.)
ConvertXtoDVD 4.1.7.343 (Version: 4.1.7.343 - )
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
Eraser (Version: 5.7 - Heidi Computers Ltd)
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
FileParade Bundle (Version: 1.0.0.0 - FileParade Bundle)
Free Download Manager 3.9.2 (Version: - FreeDownloadManager.ORG)
FreeCommander 2009.02b (Version: 2009.02 - Marek Jasinski)
Gigabyte Raid Configurer (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Iomega Encryption 3.1.0 (Version: 3.1.0 - Iomega)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 31 (Version: 6.0.310 - Oracle)
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
LG PC Suite (Version: 5.3.06.20130913 - LG Electronics)
LG United Mobile Drivers (Version: 3.10.1.0 - LG Electronics)
LightScribe System Software (Version: 1.18.24.1 - LightScribe)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (German) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.6458.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mouse Driver (Version: 5.07.11 - UASSOFT)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nero 7 Premium (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (Version: 7.1.180.46 - Nokia)
Nokia PC Suite (Version: 7.1.180.46 - Nokia) Hidden
Nokia Suite (Version: 3.8.30.0 - Nokia)
Nokia Suite (Version: 3.8.30.0 - Nokia) Hidden
NVIDIA PhysX (Version: 9.10.0513 - NVIDIA Corporation)
O&O DiskRecovery (Version: 7.0.6476 - O&O Software GmbH)
ON_OFF Charge B10.0427.1 (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (Version: 12.0.109.0 - Nokia)
PixiePack Codec Pack (Version: 1.1.1200.0 - None)
PowerPacket Ethernet Adapter (Version: - )
Railworks 3 Train Simulator 2012 Deluxe (Version: - )
Real Alternative 2.0.2 (Version: 2.0.2 - )
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RemoteComms driver (Version: 1.30.0002 - PLX Technology)
R-Wipe&Clean 9.5 (Version: - R-tools Technology Inc.)
Sniper Ghost Warrior 2 (Version: 1.03 -)
Steganos Privacy Suite 11 (Version: 11.1.5 - Steganos GmbH)
SurfMusik 3.1a (Version: 3.1a -)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
T-Online 6.0 (Version: - )
TrueCrypt (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.00 beta 5 (32-bit) (Version: 4.00.5 - win.rar GmbH)
XMedia Recode 3.0.7.0 (Version: 3.0.7.0 - Sebastian Dörfler)
XnView 1.97.8 (Version: 1.97.8 - Gougelet Pierre-e)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:04 - 2014-01-12 22:15 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1275B821-930A-46EA-80BE-1443801C3AF0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1CA5EC50-28CC-4FD8-A916-EB3BC5CE6BE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {34648485-54AF-4FD2-9CEF-7956CD9459C7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {42E0DCF4-D306-4279-9539-4DF82845AC29} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {5CA3A2EA-1A29-47F1-9435-1CAE4EF62868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: {8E56AAA0-130C-4298-80A1-850EAC640D4B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C85FD613-659B-4F43-BA58-54A9B28184E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E382EEF5-B0F2-4DD7-B9EF-DB435024EB68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Could not list Devices. Check WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2801} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
System errors:
=============
Error: (01/13/2014 09:59:10 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/13/2014 09:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/13/2014 09:59:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/13/2014 10:38:01 AM) (Source: Service Control Manager) (User: )
Description: Dienst "JMB36X" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 09:56:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2014 09:56:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/13/2014 09:55:55 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/13/2014 09:55:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/13/2014 09:55:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4400
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
The catalog is corrupt
Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)
2801
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 3325.55 MB
Available physical RAM: 2105.7 MB
Total Pagefile: 6649.4 MB
Available Pagefile: 5098.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.63 MB
==================== Drives ================================
Drive c: (CeeeSystem) (Fixed) (Total:198.36 GB) (Free:33.99 GB) NTFS
Drive d: (SpielSystem) (Fixed) (Total:91.67 GB) (Free:3.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:100.71 GB) (Free:55.45 GB) NTFS
Drive g: (Ext 1 SpieleQuelle) (Fixed) (Total:518.36 GB) (Free:140.81 GB) NTFS
Drive h: (Daten) (Fixed) (Total:198.36 GB) (Free:102.17 GB) NTFS
Drive i: (Ext 2 Filme) (Fixed) (Total:292.97 GB) (Free:123.63 GB) NTFS
Drive l: (Ext 4) (Fixed) (Total:292.97 GB) (Free:292.87 GB) NTFS
Drive q: (Spiele Quell) (Fixed) (Total:198.36 GB) (Free:56.22 GB) NTFS
Drive w: (Safe) (Fixed) (Total:144.05 GB) (Free:143.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C33F8195)
Partition 1: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== End Of Log ============================
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:42 on 13/01/2014 (Plankton)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.13.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Plankton :: PLANKTON-PC [Administrator]
Schutz: Aktiviert
13.01.2014 23:24:09
MBAM-log-2014-01-13 (23-29-33).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209140
Laufzeit: 5 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
