Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA TRojaner, Windows 7 , Lenovo Laptop, 64 Bit (https://www.trojaner-board.de/138243-bka-trojaner-windows-7-lenovo-laptop-64-bit.html)

J72 15.07.2013 08:53
BKA TRojaner, Windows 7 , Lenovo Laptop, 64 Bit
 
Hallo habe mir den BKA Trojaner eingefangen.
Auf meinem Lenovo Laptop windows 7 64 Bit System.

Ich habe 2 Profile drauf das Admin und das, welches ist gewöhnlich nutze zum surfen usw. In letzterem habe ich mir das eingefangen, das Admin Profil geht ganz normal zu starten.

Vieles was ich bisher gefunden habe ist nen uch mit 7 Siegeln, oder es stellen sich weitere Fragen.

Nun meine Fragen:
1. Wie werde ich das Teil los?
2. und vor allem wie werde ich auch die Bildchen los, die er draufgeschmuggelt hat?

habe eine Anleitung gefunden mit 1. OTL, 2. Adaware Malwarebytes und 3. adwcleaner
da stellt sich mir die Frage, ist es dafür egal, das ich das ganze in einem anderem Profil laufen lasse?

schrauber 15.07.2013 09:05
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


J72 15.07.2013 09:13
okay. danke erstmal. ich werde mal schnell einen Stick auftreiben und mich dann mal ans scannen machen.

wobei ich noch ein Problem habe. der laptop hat keine CD/DVD. er hat nur den knopf zum reparieren oder so. also nur eine Datei auf dem Laptop von der man dies aus erledigt mit einer extra Taste am Gerät.

schrauber 15.07.2013 09:29
Hauptsache Du bist in der Recovery, für Methode 1 über Bootmanager brauchst keine DVD.

J72 15.07.2013 09:37
okay danke

noch eine Frage: habe 2 Profile. muss ich mich mit dem heilen oder mit den imfizierten einloggen bei farbar ?

gescannt mit der datei:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by SYSTEM on 15-07-2013 11:26:27
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-16] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [CloneCDTray] - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [SearchSettings] - "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [524288 2010-10-22] (Spigot, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-04-01] (Ask)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\JanEndzeit\...\Run: [ReadyComm5] -  [x]
HKU\JanEndzeit\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2968512 2009-07-24] (SlySoft, Inc.)
HKU\JanEndzeit-online\...\Run: [Userinit] - C:\Users\JanEndzeit-online\AppData\Roaming\appconf32.exe [x]
HKU\JanEndzeit-online\...\Run: [Laqaepneu] - C:\Users\JanEndzeit-online\AppData\Roaming\Ywar\sixom.exe [x]
Startup: C:\Users\JanEndzeit-online\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-03-23] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-07-24] (SlySoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-08] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-08] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-08] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [80464 2011-04-11] (Native Instruments GmbH)
S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 BcmSqlStartupSvc;
S2 IviRegMgr;
S2 RichVideo;
S3 SQLWriter;

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys DC201246A14CB3B274DF59FAF539AB07
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 1971090CE436B01B461FAEB0DD9808A8
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 47B210F18D8A7762C508960C4E475FB0
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\drivers\WDBridge.sys 34F786535F9245E4028C57B28248C9D8
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\drivers\CHDRT64.sys 7247A4D0875F5F28919E0787E11B7B57
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDFL.sys 9387A484D31209D7FC3F795A787294DB
C:\Windows\System32\Drivers\ElbyCDIO.sys 702D5606CF2199E0EDEA6F0E0D27CD10
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbwwan.sys 334C907536E815E56CD13108A6D5FB9D
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 1642C62F1FD5E1FF44608283994A7BB8
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4B80AF36EE9F31361C1DCB2EE563719A
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 09CE164AFA8483E41808784D7FCA154E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 7DBAFE10C1B777305C80BEA42FBDA710
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 5AAB4808E8CCAE8C2ECDA5B791260616
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 9CC358DB30588251BB074E0BE2289A0C
C:\Windows\System32\Drivers\ta2avs.sys B69FE0B7DE11335ED039F421CB968EC0
C:\Windows\System32\Drivers\ta2usb.sys 96044BCE279C6A585BE588F0C631A3B5
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SMIksdrv.sys 310ABD644511CBEEE16814095759D670
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WDMirror.sys 2A444ACF7DD446505BCC801F8F6AE5FD
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 11:22 - 2013-07-15 11:22 - 00000000 ____D C:\FRST
2013-07-14 22:51 - 2013-07-14 23:23 - 00000004 _____ C:\Users\JanEndzeit-online\AppData\Roaming\cache.ini
2013-06-28 10:39 - 2013-06-28 10:39 - 00003584 _____ C:\Users\JanEndzeit-online\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-17 21:59 - 2013-06-17 21:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo

==================== One Month Modified Files and Folders =======

2013-07-15 11:22 - 2013-07-15 11:22 - 00000000 ____D C:\FRST
2013-07-15 01:12 - 2011-01-06 06:15 - 04829873 _____ C:\FaceProv.log
2013-07-15 01:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 01:12 - 2009-07-13 20:51 - 00065393 _____ C:\Windows\setupact.log
2013-07-15 01:04 - 2013-02-07 12:29 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 01:04 - 2010-09-16 18:58 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-15 00:23 - 2010-09-16 18:18 - 01118882 _____ C:\Windows\WindowsUpdate.log
2013-07-15 00:18 - 2009-07-13 20:45 - 00013424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 00:18 - 2009-07-13 20:45 - 00013424 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 00:06 - 2011-01-24 03:14 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E}
2013-07-14 23:23 - 2013-07-14 22:51 - 00000004 _____ C:\Users\JanEndzeit-online\AppData\Roaming\cache.ini
2013-07-14 23:02 - 2013-02-07 12:29 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 23:01 - 2013-04-02 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 00:54 - 2010-09-16 10:03 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-07-12 00:54 - 2010-09-16 10:03 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-07-12 00:54 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-11 23:20 - 2011-10-29 00:53 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-01 23:38 - 2013-05-07 13:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-28 10:39 - 2013-06-28 10:39 - 00003584 _____ C:\Users\JanEndzeit-online\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-17 21:59 - 2013-06-17 21:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo
2013-06-17 12:48 - 2013-05-28 00:10 - 00313856 ___SH C:\Users\JanEndzeit-online\Documents\Thumbs.db

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-31 13:19:06
Restore point made on: 2013-06-12 00:52:03
Restore point made on: 2013-06-14 10:50:47
Restore point made on: 2013-06-27 12:10:42
Restore point made on: 2013-06-30 04:21:55
Restore point made on: 2013-07-11 23:19:40
Restore point made on: 2013-07-14 08:58:11

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {default}
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
displayorder            {default}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {current}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {ed67680e-c1bc-11df-901a-88ae1dd5d927}
device                  partition=C:
path                    \windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description            Windows Memory Diagnostic
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {ed676811-c1bc-11df-901a-88ae1dd5d927}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2934.85 MB
Available physical RAM: 2372.82 MB
Total Pagefile: 2933 MB
Available Pagefile: 2366.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:132.52 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.84 GB) NTFS (Disk=0 Partition=4)
Drive f: (Meine Dateien) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5EA0E69)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-07-14 23:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

gerade schon von einem bekannten gehört, der auf anhieb 3 Sachen gesehen hat, die auffällig sind:
Code:
HKU\JanEndzeit-online\...\Run: [Userinit] - C:\Users\JanEndzeit-online\AppData\Roaming\appconf32.exe [x]
HKU\JanEndzeit-online\...\Run: [Laqaepneu] - C:\Users\JanEndzeit-online\AppData\Roaming\Ywar\sixom.exe [x]
C:\Users\JanEndzeit-online\AppData\Roaming <-- da liegen normalerweise KEINE Programme drin
wie nun weiter?

schrauber 15.07.2013 11:01
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\JanEndzeit-online\...\Run: [Userinit] - C:\Users\JanEndzeit-online\AppData\Roaming\appconf32.exe [x]
HKU\JanEndzeit-online\...\Run: [Laqaepneu] - C:\Users\JanEndzeit-online\AppData\Roaming\Ywar\sixom.exe [x]
2013-07-14 22:51 - 2013-07-14 23:23 - 00000004 _____ C:\Users\JanEndzeit-online\AppData\Roaming\cache.ini
C:\Users\JanEndzeit-online\AppData\Roaming\cache.dat
C:\Users\JanEndzeit-online\AppData\Roaming\appconf32.exe
C:\Users\JanEndzeit-online\AppData\Roaming\Ywar
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


neu booten :)

J72 15.07.2013 11:04
okay werd ich tun, sind dies die einzigen dateien? oder hat er etwas übersehen?

hier der Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013
Ran by SYSTEM at 2013-07-15 12:18:22 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\JanEndzeit-online\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit => Value deleted successfully.
HKU\JanEndzeit-online\Software\Microsoft\Windows\CurrentVersion\Run\\Laqaepneu => Value deleted successfully.
C:\Users\JanEndzeit-online\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\JanEndzeit-online\AppData\Roaming\cache.dat => Moved successfully.
"C:\Users\JanEndzeit-online\AppData\Roaming\appconf32.exe" => File/Directory not found.
C:\Users\JanEndzeit-online\AppData\Roaming\Ywar => Moved successfully.

==== End of Fixlog ====

schrauber 15.07.2013 11:38
Wer?

Rechner neu booten. Geht? wenn ja Kontrollscans im normalen Windows:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


J72 15.07.2013 13:54
ähm da hab ich noch eine frage:

booten mit dem admin oder dem infiziertem Profil?

werde erstmal mit dem admin profil machen zur sicherheit. oder soll ich erst noch mal das infizierte booten um zu sehen obs geht und wenn von da aus die scans laufen lassen?

das infizierte Profil lässt sich jetzt zumindest wieder.

schrauber 15.07.2013 14:04
vom infizierten bitte.

J72 15.07.2013 14:21
oki gestaltet sich etwas schwieriger, da ich da keine adminrechte in dem Profil habe und er nach der abfrage des Adminpasswotrtes nichts tut...

adwcleaner

Code:
# AdwCleaner v2.305 - Datei am 15/07/2013 um 15:29:31 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : JanEndzeit-online - JANENDZEIT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\JanEndzeit-online\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Users\JanEndzeit\AppData\Roaming\Mozilla\Firefox\Profiles\0ed1fgxu.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14623 octets] - [15/07/2013 15:04:18]
AdwCleaner[S2].txt - [1636 octets] - [15/07/2013 15:29:31]

########## EOF - C:\AdwCleaner[S2].txt - [1696 octets] ##########
Junkremoval

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by JanEndzeit-online on 15.07.2013 at 15:35:10,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Emptied folder: C:\Users\JanEndzeit-online\AppData\Roaming\mozilla\firefox\profiles\qr2s4oym.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2013 at 15:45:38,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frst:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by JanEndzeit-online (administrator) on 15-07-2013 15:50:37
Running from C:\Users\JanEndzeit-online\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {1ca1ba2f-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {1ca1ba50-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {302029c9-9691-11e1-995a-88ae1dd5d927} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-17] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CloneCDTray] - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\JanEndzeit\...\Run: [ReadyComm5] -  [x]
HKU\JanEndzeit\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2968512 2009-07-25] (SlySoft, Inc.)
Startup: C:\Users\JanEndzeit-online\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0CF5695D-0200-4407-A6E4-9D1D49366E0B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{2534B2D8-5E94-4562-9673-6F4BC304F6FD}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default
FF SelectedSearchEngine: Google
FF Homepage: www.fcstpauli.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: youtube2mp3 - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-03-24] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-07-24] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-08] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [80464 2011-04-11] (Native Instruments GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc;
U2 IviRegMgr;
U2 RichVideo;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 15:45 - 2013-07-15 15:45 - 00002398 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:11 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 15:10 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 15:10 - 2013-07-15 09:14 - 00662345 _____ C:\Users\JanEndzeit-online\Desktop\adwcleaner.exe
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 15:03 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 15:02 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 15:02 - 2013-07-15 09:14 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo

==================== One Month Modified Files and Folders =======

2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 15:45 - 2013-07-15 15:45 - 00002398 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-15 15:38 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 15:38 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:32 - 2013-02-07 22:29 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 15:32 - 2011-01-06 16:15 - 04927857 _____ C:\FaceProv.log
2013-07-15 15:32 - 2010-09-17 04:58 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-15 15:30 - 2010-09-17 04:18 - 01145876 _____ C:\windows\WindowsUpdate.log
2013-07-15 15:30 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 15:30 - 2009-07-14 06:51 - 00066563 _____ C:\windows\setupact.log
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:12 - 2010-09-16 20:03 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-07-15 15:12 - 2010-09-16 20:03 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-07-15 15:12 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 15:02 - 2013-04-02 22:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 15:02 - 2013-02-07 22:29 - 00001118 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 14:52 - 2013-07-15 15:10 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 14:52 - 2013-07-15 15:02 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 11:19 - 2013-07-15 15:11 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 11:19 - 2013-07-15 15:03 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 10:06 - 2011-01-24 13:14 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E}
2013-07-15 09:14 - 2013-07-15 15:10 - 00662345 _____ C:\Users\JanEndzeit-online\Desktop\adwcleaner.exe
2013-07-15 09:14 - 2013-07-15 15:02 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-07-12 09:20 - 2011-10-29 10:53 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 09:38 - 2013-05-07 23:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo
2013-06-17 22:48 - 2013-05-28 10:10 - 00313856 ___SH C:\Users\JanEndzeit-online\Documents\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 09:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


additional:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by JanEndzeit-online at 2013-07-15 15:52:01
Running from C:\Users\JanEndzeit-online\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 9.0.1 - Deutsch (x32 Version: 9.0.1)
AnyDVD (x32)
Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0)
Avira Free Antivirus (x32 Version: 13.0.0.3882)
Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0)
CloneCD (x32)
CloneDVD2 (x32)
Conexant HD Audio (Version: 4.111.0.62)
CyberLink YouCam (x32 Version: 3.0.2421a)
dows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
Energy Management (x32 Version: 5.4.0.8)
Feedback Tool (x32 Version: 1.1.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2104)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Lenovo DirectShare (x32 Version: 1.0.1.38)
Lenovo EasyCamera (x32 Version: 5.38.2.9)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo OneKey Recovery (x32 Version: 7.0.1230)
Lenovo ReadyComm 5 (x32 Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (x32 Version: 5.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0)
Microsoft Silverlight (x32 Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 21.005.15.00.705)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSVCRT (x32 Version: 14.0.1468.721)
Native Instruments Audio 2 DJ (Version: 3.0.0.625)
Native Instruments Audio 2 DJ (x32)
Native Instruments Controller Editor (Version: 1.4.2.848)
Native Instruments Controller Editor (x32)
Native Instruments Guitar Rig 4 (Version: 4.2.1.2432)
Native Instruments Guitar Rig 4 (x32)
Native Instruments Komplete 7 Players (Version: 7.0.0.002)
Native Instruments Komplete 7 Players (x32)
Native Instruments Kontakt 4 (Version: 4.2.4.5316)
Native Instruments Kontakt 4 (x32)
Native Instruments Kontakt Factory Selection (Version: 1.0.0.011)
Native Instruments Kontakt Factory Selection (x32)
Native Instruments Kore Player (Version: 2.1.2.8232)
Native Instruments Kore Player (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Factory Selection (Version: 1.0.0.000)
Native Instruments Reaktor Factory Selection (x32)
Native Instruments Service Center (Version: 2.2.5.596)
Native Instruments Service Center (x32)
Native Instruments Traktor 2 (Version: 2.1.1.11533)
Native Instruments Traktor 2 (x32)
Native Instruments Traktor Audio 2 (Version: 3.0.0.625)
Native Instruments Traktor Audio 2 (x32)
No23 Recorder (x32 Version: 2.1.0.3)
Onekey Theater (x32 Version: 2.0.1.7)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
PDFCreator (x32 Version: 1.2.0)
pdfforge Toolbar v4.1 (x32 Version: 4.1)
Power2Go (x32 Version: 5.6.0.4809d4)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116)
Skype™ 6.1 (x32 Version: 6.1.129)
Synaptics Pointing Device Driver (Version: 15.0.25.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VeriFace (x32 Version: 3.6.0.1211)
VirtualDJ Home FREE (x32 Version: 7.0.4)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Winamp (x32 Version: 5.601 )
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
xp-AntiSpy 3.97-10 (x32)

==================== Restore Points  =========================

31-05-2013 21:18:47 Geplanter Prüfpunkt
12-06-2013 08:51:40 Windows Update
27-06-2013 20:10:10 Geplanter Prüfpunkt
12-07-2013 07:19:04 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D4B6EBE-E380-4065-ACAB-E6B6CF8B4D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {22153521-E8EF-4594-8D50-76A7D8C5132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {6DB8C336-C5D8-4C62-8E3B-6BB235382EEB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {BF1BE08E-0648-4FD7-8E1D-2819C0940882} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {C125241C-D123-4388-81DB-FC62B3248BE4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C1949DF8-5A8E-4241-8582-7291150E95DD} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {DF2AF4AF-840A-40F5-896C-75850FCE9525} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {F1DCD5DF-ABFA-4064-847A-D76EF6D37CAF} - System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E} => C:\windows\system32\msfeedssync.exe [2011-10-28] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 2934.85 MB
Available physical RAM: 1833.69 MB
Total Pagefile: 5867.84 MB
Available Pagefile: 4622.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:132.26 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.84 GB) NTFS (Disk=0 Partition=4)
Drive e: () (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5EA0E69)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)

==================== End Of Log ============================
wie find ich raus ob das niooch bilder abgelegt hat udn wie entferne ich die wenn? will den scheiß nicht haben

schrauber 15.07.2013 18:51
Was für Bilder meinst Du?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

J72 15.07.2013 19:13
habe gelesen, das der Trojaner heutzutage diverse Bilder auf dem Rechner ablegen würde, welche nicht legal sind. Die würde ich gerne entfernen, sofern dies passiert ist, da ich mut dem scheiß nichts zu tun haben will.
wobei ich nicht weiß, ob die schon mit der ganzen aktion die wir hier machen entfernt werden.

Edit: ach ja und externe oder so waren nicht in gebrauch in kombination mit dem Rechner in den letzten 2 Monaten. nur der Stick, den ich derzeit zum LogFiles übertragen nutze

schrauber 15.07.2013 19:31
Dann nimm nur den Stick. Ich hab keine Bilder gesehen, achte beim nächsten Log aber nochmal drauf :)

J72 16.07.2013 06:48
so hier die Logs:

eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aed920b2a6055f479f431e028c73d1dc
# engine=14406
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-15 06:40:12
# local_time=2013-07-15 08:40:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 20298 8493113 7275 0
# compatibility_mode=5893 16776573 100 94 14554 125543462 0 0
# scanned=39
# found=0
# cleaned=0
# scan_time=285
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aed920b2a6055f479f431e028c73d1dc
# engine=14406
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-15 08:54:47
# local_time=2013-07-15 10:54:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 28373 8501188 15350 0
# compatibility_mode=5893 16776573 100 94 22629 125551537 0 0
# scanned=168082
# found=5
# cleaned=0
# scan_time=8021
sh=14CA01B62A54E0C8A8C42A66861D96EB97834F80 ft=0 fh=0000000000000000 vn="Win32/Spy.SpyEye.CFG.A trojan" ac=I fn="C:\4gEJsVyiA73\628E79CD8815D99"
sh=7558111D8BCAEEE665AB06306A0B9365C4A8BD48 ft=1 fh=44008cfed96448c6 vn="Win32/LockScreen.AVP trojan" ac=I fn="C:\FRST\Quarantine\cache.dat"
sh=7558111D8BCAEEE665AB06306A0B9365C4A8BD48 ft=1 fh=44008cfed96448c6 vn="Win32/LockScreen.AVP trojan" ac=I fn="C:\Users\JanEndzeit-online\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WR1WPSAJ\cont[1].mp3"
sh=7558111D8BCAEEE665AB06306A0B9365C4A8BD48 ft=1 fh=44008cfed96448c6 vn="Win32/LockScreen.AVP trojan" ac=I fn="C:\Users\JanEndzeit-online\AppData\Local\Temp\wpbt0.dll"
sh=A7405BD6F736009A5E724FF990D48578D928ED77 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OXH trojan" ac=I fn="C:\Users\JanEndzeit-online\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\9a7e921-6f81e4c9"
Checkup:

Code:
Results of screen317's Security Check version 0.99.69 
 Windows 7  x64 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 xp-AntiSpy 3.97-10   
 Java(TM) 6 Update 29 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 12.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Mobile Partner OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
und FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by JanEndzeit-online (administrator) on 15-07-2013 23:21:29
Running from E:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {1ca1ba2f-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {1ca1ba50-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {302029c9-9691-11e1-995a-88ae1dd5d927} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-17] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CloneCDTray] - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\JanEndzeit\...\Run: [ReadyComm5] -  [x]
HKU\JanEndzeit\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2968512 2009-07-25] (SlySoft, Inc.)
Startup: C:\Users\JanEndzeit-online\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0CF5695D-0200-4407-A6E4-9D1D49366E0B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{2534B2D8-5E94-4562-9673-6F4BC304F6FD}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default
FF SelectedSearchEngine: Google
FF Homepage: www.fcstpauli.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: youtube2mp3 - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-03-24] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-07-24] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-08] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [80464 2011-04-11] (Native Instruments GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc;
U2 IviRegMgr;
U2 RichVideo;
U3 SQLWriter;

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys DC201246A14CB3B274DF59FAF539AB07
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 1971090CE436B01B461FAEB0DD9808A8
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 47B210F18D8A7762C508960C4E475FB0
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\drivers\WDBridge.sys 34F786535F9245E4028C57B28248C9D8
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\drivers\CHDRT64.sys 7247A4D0875F5F28919E0787E11B7B57
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDFL.sys 9387A484D31209D7FC3F795A787294DB
C:\Windows\System32\Drivers\ElbyCDIO.sys 702D5606CF2199E0EDEA6F0E0D27CD10
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbwwan.sys 334C907536E815E56CD13108A6D5FB9D
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 1642C62F1FD5E1FF44608283994A7BB8
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4B80AF36EE9F31361C1DCB2EE563719A
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 09CE164AFA8483E41808784D7FCA154E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 7DBAFE10C1B777305C80BEA42FBDA710
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 5AAB4808E8CCAE8C2ECDA5B791260616
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 9CC358DB30588251BB074E0BE2289A0C
C:\Windows\System32\Drivers\ta2avs.sys B69FE0B7DE11335ED039F421CB968EC0
C:\Windows\System32\Drivers\ta2usb.sys 96044BCE279C6A585BE588F0C631A3B5
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SMIksdrv.sys 310ABD644511CBEEE16814095759D670
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WDMirror.sys 2A444ACF7DD446505BCC801F8F6AE5FD
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 15:52 - 2013-07-15 15:54 - 00018249 _____ C:\Users\JanEndzeit-online\Desktop\FRST.txt
2013-07-15 15:52 - 2013-07-15 15:52 - 00009954 _____ C:\Users\JanEndzeit-online\Desktop\Addition.txt
2013-07-15 15:45 - 2013-07-15 15:45 - 00002398 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:11 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 15:10 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 15:10 - 2013-07-15 09:14 - 00662345 _____ C:\Users\JanEndzeit-online\Desktop\adwcleaner.exe
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 15:03 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 15:02 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 15:02 - 2013-07-15 09:14 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo

==================== One Month Modified Files and Folders =======

2013-07-15 23:08 - 2013-02-07 22:29 - 00001118 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 23:01 - 2013-04-02 22:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 22:58 - 2010-09-17 04:18 - 01187250 _____ C:\windows\WindowsUpdate.log
2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 21:08 - 2013-02-07 22:29 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 21:03 - 2013-02-07 22:29 - 00004114 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 21:03 - 2013-02-07 22:29 - 00003862 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 20:27 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 20:27 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 20:24 - 2011-01-06 16:15 - 04951916 _____ C:\FaceProv.log
2013-07-15 20:19 - 2010-09-17 04:58 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-15 20:18 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 20:18 - 2009-07-14 06:51 - 00066675 _____ C:\windows\setupact.log
2013-07-15 15:54 - 2013-07-15 15:52 - 00018249 _____ C:\Users\JanEndzeit-online\Desktop\FRST.txt
2013-07-15 15:52 - 2013-07-15 15:52 - 00009954 _____ C:\Users\JanEndzeit-online\Desktop\Addition.txt
2013-07-15 15:45 - 2013-07-15 15:45 - 00002398 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:12 - 2010-09-16 20:03 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-07-15 15:12 - 2010-09-16 20:03 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-07-15 15:12 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 14:52 - 2013-07-15 15:10 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 14:52 - 2013-07-15 15:02 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 11:19 - 2013-07-15 15:11 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 11:19 - 2013-07-15 15:03 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 10:06 - 2011-01-24 13:14 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E}
2013-07-15 09:14 - 2013-07-15 15:10 - 00662345 _____ C:\Users\JanEndzeit-online\Desktop\adwcleaner.exe
2013-07-15 09:14 - 2013-07-15 15:02 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-07-12 09:20 - 2011-10-29 10:53 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 09:38 - 2013-05-07 23:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo
2013-06-17 22:48 - 2013-05-28 10:10 - 00313856 ___SH C:\Users\JanEndzeit-online\Documents\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {current}
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
displayorder            {current}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {ed676810-c1bc-11df-901a-88ae1dd5d927}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {ed676810-c1bc-11df-901a-88ae1dd5d927}
device                  ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {ed67680e-c1bc-11df-901a-88ae1dd5d927}
device                  partition=C:
path                    \windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description            Windows Memory Diagnostic
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {ed676811-c1bc-11df-901a-88ae1dd5d927}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\boot.sdi



LastRegBack: 2013-07-15 09:09

==================== End Of Log ============================
--- --- ---

--- --- ---


und addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by JanEndzeit-online at 2013-07-15 23:22:22
Running from E:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 9.0.1 - Deutsch (x32 Version: 9.0.1)
AnyDVD (x32)
Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0)
Avira Free Antivirus (x32 Version: 13.0.0.3882)
Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0)
CloneCD (x32)
CloneDVD2 (x32)
Conexant HD Audio (Version: 4.111.0.62)
CyberLink YouCam (x32 Version: 3.0.2421a)
dows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
Energy Management (x32 Version: 5.4.0.8)
Feedback Tool (x32 Version: 1.1.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.153)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2104)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Lenovo DirectShare (x32 Version: 1.0.1.38)
Lenovo EasyCamera (x32 Version: 5.38.2.9)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo OneKey Recovery (x32 Version: 7.0.1230)
Lenovo ReadyComm 5 (x32 Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (x32 Version: 5.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0)
Microsoft Silverlight (x32 Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 21.005.15.00.705)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSVCRT (x32 Version: 14.0.1468.721)
Native Instruments Audio 2 DJ (Version: 3.0.0.625)
Native Instruments Audio 2 DJ (x32)
Native Instruments Controller Editor (Version: 1.4.2.848)
Native Instruments Controller Editor (x32)
Native Instruments Guitar Rig 4 (Version: 4.2.1.2432)
Native Instruments Guitar Rig 4 (x32)
Native Instruments Komplete 7 Players (Version: 7.0.0.002)
Native Instruments Komplete 7 Players (x32)
Native Instruments Kontakt 4 (Version: 4.2.4.5316)
Native Instruments Kontakt 4 (x32)
Native Instruments Kontakt Factory Selection (Version: 1.0.0.011)
Native Instruments Kontakt Factory Selection (x32)
Native Instruments Kore Player (Version: 2.1.2.8232)
Native Instruments Kore Player (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Factory Selection (Version: 1.0.0.000)
Native Instruments Reaktor Factory Selection (x32)
Native Instruments Service Center (Version: 2.2.5.596)
Native Instruments Service Center (x32)
Native Instruments Traktor 2 (Version: 2.1.1.11533)
Native Instruments Traktor 2 (x32)
Native Instruments Traktor Audio 2 (Version: 3.0.0.625)
Native Instruments Traktor Audio 2 (x32)
No23 Recorder (x32 Version: 2.1.0.3)
Onekey Theater (x32 Version: 2.0.1.7)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
PDFCreator (x32 Version: 1.2.0)
pdfforge Toolbar v4.1 (x32 Version: 4.1)
Power2Go (x32 Version: 5.6.0.4809d4)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116)
Skype™ 6.1 (x32 Version: 6.1.129)
Synaptics Pointing Device Driver (Version: 15.0.25.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VeriFace (x32 Version: 3.6.0.1211)
VirtualDJ Home FREE (x32 Version: 7.0.4)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Winamp (x32 Version: 5.601 )
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
xp-AntiSpy 3.97-10 (x32)

==================== Restore Points  =========================

31-05-2013 21:18:47 Geplanter Prüfpunkt
12-06-2013 08:51:40 Windows Update
27-06-2013 20:10:10 Geplanter Prüfpunkt
12-07-2013 07:19:04 Windows Update
15-07-2013 14:37:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D4B6EBE-E380-4065-ACAB-E6B6CF8B4D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {22153521-E8EF-4594-8D50-76A7D8C5132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {288C4769-F0DA-49FD-AE21-AD1A83969EB1} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6DB8C336-C5D8-4C62-8E3B-6BB235382EEB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {BF1BE08E-0648-4FD7-8E1D-2819C0940882} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {C125241C-D123-4388-81DB-FC62B3248BE4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C1949DF8-5A8E-4241-8582-7291150E95DD} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {DF2AF4AF-840A-40F5-896C-75850FCE9525} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {E8496DEF-8D02-428F-892B-55D322F62AF8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F1DCD5DF-ABFA-4064-847A-D76EF6D37CAF} - System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E} => C:\windows\system32\msfeedssync.exe [2011-10-28] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 10:57:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/15/2013 08:40:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/15/2013 08:40:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/15/2013 08:32:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/15/2013 08:32:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/15/2013 08:21:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.


System errors:
=============
Error: (07/15/2013 08:22:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/15/2013 08:18:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/15/2013 08:18:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (07/15/2013 04:29:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/15/2013 04:26:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/15/2013 04:26:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (07/15/2013 10:57:43 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/15/2013 08:40:36 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestE:\sicherheit\esetsmartinstaller_enu.exe

Error: (07/15/2013 08:40:32 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestE:\sicherheit\esetsmartinstaller_enu.exe

Error: (07/15/2013 08:32:17 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestE:\sicherheit\esetsmartinstaller_enu.exe

Error: (07/15/2013 08:32:09 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestE:\sicherheit\esetsmartinstaller_enu.exe

Error: (07/15/2013 08:21:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestE:\sicherheit\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2934.85 MB
Available physical RAM: 1720.17 MB
Total Pagefile: 5867.84 MB
Available Pagefile: 4427.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:136.85 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.84 GB) NTFS (Disk=0 Partition=4)
Drive e: () (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5EA0E69)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)

==================== End Of Log ============================
ich hab noch mal gescannt mit maleware antibytes und da auch noch was gefunden gehabt:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
JanEndzeit-online :: JANENDZEIT-PC [Administrator]

Schutz: Aktiviert

16.07.2013 02:23:22
mbam-log-2013-07-16 (02-23-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230750
Laufzeit: 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Daraufhin hab ich nochmal den Frst drüber geschickt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by JanEndzeit-online (administrator) on 16-07-2013 02:18:38
Running from C:\Users\JanEndzeit-online\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {1ca1ba2f-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {1ca1ba50-7583-11e1-a2c2-88ae1dd5d927} - E:\AutoRun.exe
MountPoints2: {302029c9-9691-11e1-995a-88ae1dd5d927} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-17] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CloneCDTray] - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [WLStart] - "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [786760 2009-07-26] (Microsoft Corporation)
HKU\JanEndzeit\...\Run: [ReadyComm5] -  [x]
HKU\JanEndzeit\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2968512 2009-07-25] (SlySoft, Inc.)
Startup: C:\Users\JanEndzeit-online\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{0CF5695D-0200-4407-A6E4-9D1D49366E0B}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{2534B2D8-5E94-4562-9673-6F4BC304F6FD}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default
FF SelectedSearchEngine: Google
FF Homepage: www.fcstpauli.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: youtube2mp3 - C:\Users\JanEndzeit-online\AppData\Roaming\Mozilla\Firefox\Profiles\qr2s4oym.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-03-24] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-07-24] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-08] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [80464 2011-04-11] (Native Instruments GmbH)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc;
U2 IviRegMgr;
U2 RichVideo;
U3 SQLWriter;

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys DC201246A14CB3B274DF59FAF539AB07
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 1971090CE436B01B461FAEB0DD9808A8
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 47B210F18D8A7762C508960C4E475FB0
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\drivers\WDBridge.sys 34F786535F9245E4028C57B28248C9D8
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\drivers\CHDRT64.sys 7247A4D0875F5F28919E0787E11B7B57
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDFL.sys 9387A484D31209D7FC3F795A787294DB
C:\Windows\System32\Drivers\ElbyCDIO.sys 702D5606CF2199E0EDEA6F0E0D27CD10
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbwwan.sys 334C907536E815E56CD13108A6D5FB9D
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 1642C62F1FD5E1FF44608283994A7BB8
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4B80AF36EE9F31361C1DCB2EE563719A
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 09CE164AFA8483E41808784D7FCA154E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 7DBAFE10C1B777305C80BEA42FBDA710
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 5AAB4808E8CCAE8C2ECDA5B791260616
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 9CC358DB30588251BB074E0BE2289A0C
C:\Windows\System32\Drivers\ta2avs.sys B69FE0B7DE11335ED039F421CB968EC0
C:\Windows\System32\Drivers\ta2usb.sys 96044BCE279C6A585BE588F0C631A3B5
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SMIksdrv.sys 310ABD644511CBEEE16814095759D670
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WDMirror.sys 2A444ACF7DD446505BCC801F8F6AE5FD
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 02:17 - 2013-07-16 02:17 - 00000637 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-16 02:02 - 2013-07-16 02:03 - 00001167 _____ C:\AdwCleaner[S4].txt
2013-07-16 01:47 - 2013-07-16 01:47 - 00001113 _____ C:\AdwCleaner[S3].txt
2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 15:52 - 2013-07-15 15:52 - 00009954 _____ C:\Users\JanEndzeit-online\Desktop\Addition.txt
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:11 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 15:10 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 15:03 - 2013-07-15 11:19 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 15:02 - 2013-07-15 14:52 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 15:02 - 2013-07-15 09:14 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo

==================== One Month Modified Files and Folders =======

2013-07-16 02:17 - 2013-07-16 02:17 - 00000637 _____ C:\Users\JanEndzeit-online\Desktop\JRT.txt
2013-07-16 02:11 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 02:11 - 2009-07-14 06:45 - 00013424 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 02:08 - 2013-02-07 22:29 - 00001118 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-16 02:04 - 2013-02-07 22:29 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 02:04 - 2011-01-06 16:15 - 05012918 _____ C:\FaceProv.log
2013-07-16 02:04 - 2010-09-17 04:58 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-16 02:03 - 2013-07-16 02:02 - 00001167 _____ C:\AdwCleaner[S4].txt
2013-07-16 02:03 - 2010-09-17 04:18 - 01211427 _____ C:\windows\WindowsUpdate.log
2013-07-16 02:03 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-16 02:03 - 2009-07-14 06:51 - 00066899 _____ C:\windows\setupact.log
2013-07-16 02:01 - 2013-04-02 22:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 01:47 - 2013-07-16 01:47 - 00001113 _____ C:\AdwCleaner[S3].txt
2013-07-16 01:19 - 2013-05-28 10:10 - 00333312 ___SH C:\Users\JanEndzeit-online\Documents\Thumbs.db
2013-07-16 00:54 - 2010-09-17 04:56 - 00624068 _____ C:\windows\PFRO.log
2013-07-15 21:22 - 2013-07-15 21:22 - 00000000 ____D C:\FRST
2013-07-15 21:03 - 2013-02-07 22:29 - 00004114 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 21:03 - 2013-02-07 22:29 - 00003862 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 15:52 - 2013-07-15 15:52 - 00009954 _____ C:\Users\JanEndzeit-online\Desktop\Addition.txt
2013-07-15 15:35 - 2013-07-15 15:35 - 00000000 ____D C:\windows\ERUNT
2013-07-15 15:29 - 2013-07-15 15:29 - 00001765 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:12 - 2010-09-16 20:03 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-07-15 15:12 - 2010-09-16 20:03 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-07-15 15:12 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 15:07 - 2013-07-15 15:07 - 00014623 _____ C:\Users\JanEndzeit\Desktop\AdwCleaner[S1].txt
2013-07-15 15:04 - 2013-07-15 15:04 - 00014623 _____ C:\AdwCleaner[S1].txt
2013-07-15 14:52 - 2013-07-15 15:10 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit-online\Desktop\JRT.exe
2013-07-15 14:52 - 2013-07-15 15:02 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\JanEndzeit\Desktop\JRT.exe
2013-07-15 11:19 - 2013-07-15 15:11 - 01777839 _____ (Farbar) C:\Users\JanEndzeit-online\Desktop\FRST64.exe
2013-07-15 11:19 - 2013-07-15 15:03 - 01777839 _____ (Farbar) C:\Users\JanEndzeit\Desktop\FRST64.exe
2013-07-15 10:06 - 2011-01-24 13:14 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E}
2013-07-15 09:14 - 2013-07-15 15:02 - 00662345 _____ C:\Users\JanEndzeit\Desktop\adwcleaner.exe
2013-07-12 09:20 - 2011-10-29 10:53 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 09:38 - 2013-05-07 23:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-06-28 20:39 - 2013-06-28 20:39 - 00003584 _____ C:\Users\JANEND~2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-18 07:59 - 2013-06-18 07:59 - 00000000 ____D C:\Users\JanEndzeit-online\AppData\Roaming\Ashampoo

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {current}
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
displayorder            {current}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {ed676810-c1bc-11df-901a-88ae1dd5d927}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {ed67680e-c1bc-11df-901a-88ae1dd5d927}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {ed676810-c1bc-11df-901a-88ae1dd5d927}
device                  ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\Winre.wim,{ed676811-c1bc-11df-901a-88ae1dd5d927}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {ed67680e-c1bc-11df-901a-88ae1dd5d927}
device                  partition=C:
path                    \windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description            Windows Memory Diagnostic
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {ed676811-c1bc-11df-901a-88ae1dd5d927}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ed676810-c1bc-11df-901a-88ae1dd5d927\boot.sdi



LastRegBack: 2013-07-15 09:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by JanEndzeit-online at 2013-07-16 02:19:41
Running from C:\Users\JanEndzeit-online\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 9.0.1 - Deutsch (x32 Version: 9.0.1)
AnyDVD (x32)
Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0)
Avira Free Antivirus (x32 Version: 13.0.0.3882)
Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0)
CloneCD (x32)
CloneDVD2 (x32)
Conexant HD Audio (Version: 4.111.0.62)
CyberLink YouCam (x32 Version: 3.0.2421a)
dows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
Energy Management (x32 Version: 5.4.0.8)
Feedback Tool (x32 Version: 1.1.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)
Google Earth Plug-in (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.153)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2104)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Lenovo DirectShare (x32 Version: 1.0.1.38)
Lenovo EasyCamera (x32 Version: 5.38.2.9)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo OneKey Recovery (x32 Version: 7.0.1230)
Lenovo ReadyComm 5 (x32 Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (x32 Version: 5.0.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0)
Microsoft Silverlight (x32 Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 21.005.15.00.705)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSVCRT (x32 Version: 14.0.1468.721)
Native Instruments Audio 2 DJ (Version: 3.0.0.625)
Native Instruments Audio 2 DJ (x32)
Native Instruments Controller Editor (Version: 1.4.2.848)
Native Instruments Controller Editor (x32)
Native Instruments Guitar Rig 4 (Version: 4.2.1.2432)
Native Instruments Guitar Rig 4 (x32)
Native Instruments Komplete 7 Players (Version: 7.0.0.002)
Native Instruments Komplete 7 Players (x32)
Native Instruments Kontakt 4 (Version: 4.2.4.5316)
Native Instruments Kontakt 4 (x32)
Native Instruments Kontakt Factory Selection (Version: 1.0.0.011)
Native Instruments Kontakt Factory Selection (x32)
Native Instruments Kore Player (Version: 2.1.2.8232)
Native Instruments Kore Player (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Factory Selection (Version: 1.0.0.000)
Native Instruments Reaktor Factory Selection (x32)
Native Instruments Service Center (Version: 2.2.5.596)
Native Instruments Service Center (x32)
Native Instruments Traktor 2 (Version: 2.1.1.11533)
Native Instruments Traktor 2 (x32)
Native Instruments Traktor Audio 2 (Version: 3.0.0.625)
Native Instruments Traktor Audio 2 (x32)
No23 Recorder (x32 Version: 2.1.0.3)
Onekey Theater (x32 Version: 2.0.1.7)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
PDFCreator (x32 Version: 1.2.0)
pdfforge Toolbar v4.1 (x32 Version: 4.1)
Power2Go (x32 Version: 5.6.0.4809d4)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0009)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116)
Skype™ 6.1 (x32 Version: 6.1.129)
Synaptics Pointing Device Driver (Version: 15.0.25.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VeriFace (x32 Version: 3.6.0.1211)
VirtualDJ Home FREE (x32 Version: 7.0.4)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Winamp (x32 Version: 5.601 )
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
xp-AntiSpy 3.97-10 (x32)

==================== Restore Points  =========================

31-05-2013 21:18:47 Geplanter Prüfpunkt
12-06-2013 08:51:40 Windows Update
27-06-2013 20:10:10 Geplanter Prüfpunkt
12-07-2013 07:19:04 Windows Update
15-07-2013 14:37:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D4B6EBE-E380-4065-ACAB-E6B6CF8B4D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {22153521-E8EF-4594-8D50-76A7D8C5132B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {358D0EC0-891F-4896-80D8-0D02E8708761} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6DB8C336-C5D8-4C62-8E3B-6BB235382EEB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {BF1BE08E-0648-4FD7-8E1D-2819C0940882} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {C125241C-D123-4388-81DB-FC62B3248BE4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C1949DF8-5A8E-4241-8582-7291150E95DD} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {D7A33F74-7905-4517-8381-7C095D9DE686} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {DF2AF4AF-840A-40F5-896C-75850FCE9525} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {F1DCD5DF-ABFA-4064-847A-D76EF6D37CAF} - System32\Tasks\User_Feed_Synchronization-{44EA1D36-CE4A-4718-95E8-59700E9D463E} => C:\windows\system32\msfeedssync.exe [2011-10-28] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 2934.85 MB
Available physical RAM: 1835.7 MB
Total Pagefile: 5867.84 MB
Available Pagefile: 4633.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:136.99 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.84 GB) NTFS (Disk=0 Partition=4)
Drive e: () (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5EA0E69)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)

==================== End Of Log ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131