Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   IE Die Webseite kann nicht angezeigt werden (https://www.trojaner-board.de/143530-ie-webseite-angezeigt.html)

siggi30 24.10.2013 21:32
IE Die Webseite kann nicht angezeigt werden
 
VISTA home Einstellung MS autom. update
Jedesmal wenn ich IE aufrufe, kommt diese Meldung, egal welche Webseite.
Beim Aufruf von google.de habe ich in der URL-Zeile gelesen:
hxxp:///??%20google.de
also die Zeichen /??%20 eingeschoben.
---------
Nach Start firefox 24 registry installiert kam beim Versuch Einloggen auf mytischtennis.de
die URL existiert nicht mehr oder Schreibfehler
Nach Start firefox portable 24.0 die Meldung in mehrfacher Zahl
firefox sollte in einer read-only area gestartet werden
Nach VISTA-Neustart funktioniert firefox portable wieder.

schrauber 25.10.2013 06:29
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


siggi30 25.10.2013 10:21
danke für die prompte Antwort!
-----------------------------------------------------------
FRST.txt
-----------------------------------------------------------
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by a (administrator) on S-PC on 25-10-2013 11:08:47
Running from C:\Users\s\DL
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\Program Files\SoftwareUpdater\UpdaterService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Join Air\UIExec.exe
() C:\Program Files\dradio-Recorder\phonostarTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(PortableApps.com) C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.EXE
(PortableApps.com) C:\Users\s\PortableApps\KiTTYPortable\KiTTYPortable.exe
(Simon Tatham) C:\Users\s\PortableApps\KiTTYPortable\App\KiTTY\kitty_portable.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(PortableApps.com) C:\Users\s\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\s\PortableApps\FirefoxPortable\App\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\ntvdm.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [138072 2010-04-27] ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [dradio-Recorder] - C:\Program Files\dradio-Recorder\phonostarStarter.exe [113152 2012-04-03] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] ()
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [] - [x]
Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iv6 - Verknüpfung.lnk
ShortcutTarget: iv6 - Verknüpfung.lnk -> C:\Users\Gast\AutoHotkey104805\iv6.bat ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey1.lnk
ShortcutTarget: AutoHotkey1.lnk -> C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blau.lnk
ShortcutTarget: Blau.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Command Prompt.lnk
ShortcutTarget: Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gelb.lnk
ShortcutTarget: Gelb.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Grün.lnk
ShortcutTarget: Grün.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableAppsPlatform.exe - Verknüpfung.lnk
ShortcutTarget: PortableAppsPlatform.exe - Verknüpfung.lnk -> C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rot.lnk
ShortcutTarget: Rot.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=5A9F001A4B90D8F5
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {B9DFA372-9C13-41EE-A3E8-90AD5B8165D8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=10148&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=A2&apn_dtid=&apn_uid=05BF4130-7C66-4919-8CB0-4B89F8A31E13&apn_sauid=CC00A577-DD71-4F28-873E-DFB510D8A09C
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: diamondata - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files\diamondata\diamondatabho.dll (diamondata)
BHO: Flagfox - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\a\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 29 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer
FF user.js: detected! => C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @soft-xpansion/npsxpdf - C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: firefox - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\firefox@diamondata.net.xpi
FF Extension: testpilot - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\s\PortableApps\FirefoxPortable\App\Firefox\firefox.exe

========================== Services (Whitelisted) =================

S3 AfaService; C:\Windows\system32\afasrv32.exe [65536 2011-09-25] ()
S4 bepldr6PixelPlanetService; C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe [172032 2009-11-25] ()
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196912 2011-06-21] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

S4 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [8864 2010-07-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2006-09-05] (Samsung Electronics Co., Ltd.)
S4 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573952 2011-04-04] (Hauppauge Computer Works, Inc.)
S4 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [16000 2011-04-04] (Hauppauge Computer Works, Inc.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2008-01-19] (Microsoft Corporation)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [12288 2009-04-30] (gavotte)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-18] (SCM Microsystems Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-15] (Duplex Secure Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2006-11-22] (Samsung Electronics)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-10-24] (NCH Software)
S3 UCharger; C:\Windows\System32\Drivers\UCharger.sys [13765 2007-05-15] ()
S3 WinRing0_1_2_0; C:\Program Files\BatteryCare\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
U3 a4yxrc4b; C:\Windows\System32\Drivers\a4yxrc4b.sys [0 ] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 11:06 - 2013-10-25 11:06 - 00000000 ____D C:\FRST
2013-10-25 11:04 - 2013-10-25 11:04 - 01088113 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-10-25 02:04 - 2013-10-25 02:04 - 00000798 _____ C:\Users\s\TROJANER.2
2013-10-23 00:39 - 2013-10-23 00:39 - 00000130 _____ C:\Users\s\FFERR
2013-10-21 02:34 - 2013-10-21 02:35 - 08623952 _____ (PortableApps.com) C:\Users\s\Downloads\FreeFileSyncPortable_5.22.paf.exe
2013-10-15 18:19 - 2013-10-15 18:19 - 00000000 ____D C:\Users\s\AppData\Roaming\enchant
2013-10-15 18:15 - 2013-10-15 18:19 - 10425940 _____ C:\Users\Public\Slist-d.20131015
2013-10-15 18:13 - 2013-10-15 18:13 - 10425940 _____ C:\Users\Public\Slist.20131015
2013-10-15 18:09 - 2013-10-15 18:12 - 15836414 _____ C:\Users\Public\Clist.20131015
2013-10-11 03:32 - 2013-10-13 13:23 - 00000111 _____ C:\Users\s\Downloads\BEATLES
2013-10-11 03:27 - 2013-10-11 03:28 - 17411807 _____ C:\Users\s\Downloads\Shoujie Yang - Dr. Herbert Neubauer Stockholm WM 2012 - YouTube [360p].mp4
2013-10-10 09:36 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 09:36 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 09:36 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 09:36 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 09:36 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 09:36 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 09:36 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 09:36 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 09:36 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 09:36 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 09:36 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 09:36 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 09:36 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 09:36 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 09:36 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 09:35 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 09:23 - 2013-10-10 09:23 - 25003354 _____ C:\Users\Public\GList.20131010
2013-10-09 20:34 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 20:34 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 20:34 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 20:34 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 20:34 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 20:34 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 20:34 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 20:34 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 20:34 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 20:34 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 20:34 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 20:34 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 20:34 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 20:34 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 20:33 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 20:33 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 20:33 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 20:33 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 20:33 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 20:33 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 20:33 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 20:33 - 2011-05-05 15:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:22 - 2013-10-09 17:22 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-09 03:45 - 2013-10-09 03:45 - 00005967 _____ C:\Users\s\1UND1.2
2013-10-09 02:22 - 2013-10-09 02:22 - 34264915 _____ C:\Users\Public\Clist-d.20131009
2013-10-09 02:21 - 2013-10-09 02:21 - 34264915 _____ C:\Users\Public\Clist.20131009
2013-10-08 17:38 - 2013-10-08 17:38 - 00000379 _____ C:\Users\s\MSE
2013-10-06 17:18 - 2013-10-06 17:18 - 00000000 ____D C:\Users\s\Documents\Freemake
2013-10-06 16:54 - 2013-10-06 17:19 - 46427540 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [480p].flv
2013-10-06 16:52 - 2013-10-06 17:16 - 45982107 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [360p].flv
2013-10-06 15:45 - 2013-10-08 18:07 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 15:44 - 2013-10-06 15:56 - 00000000 ____D C:\Users\a\Documents\Freemake
2013-10-06 15:44 - 2013-10-06 15:55 - 00000000 ____D C:\ProgramData\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00001073 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\OpenCandy
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Program Files\Freemake
2013-10-06 14:09 - 2013-08-14 03:29 - 00000464 _____ C:\Users\s\PARAGON
2013-09-29 18:57 - 2013-09-29 18:57 - 00000000 ____D C:\Program Files\diamondata
2013-09-29 18:56 - 2013-09-29 18:56 - 00001662 _____ C:\Users\Public\Desktop\GoforFiles.lnk
2013-09-29 18:56 - 2013-09-29 18:56 - 00000000 ____D C:\Users\a\AppData\Roaming\GoforFiles
2013-09-29 18:56 - 2013-09-29 18:56 - 00000000 ____D C:\Program Files\GoforFiles
2013-09-29 18:13 - 2013-09-29 18:13 - 00000000 ____D C:\usres
2013-09-29 18:11 - 2013-09-29 19:29 - 00000000 ____D C:\Users\s\Downloads\The+Beatles+-+Munich+Concert+1966-by+buenrock-part1
2013-09-28 07:23 - 2013-09-28 07:23 - 00003261 _____ C:\Users\s\Downloads\linkhandler.php
2013-09-27 04:47 - 2013-09-27 04:47 - 00000913 _____ C:\Users\Public\hex8.1
2013-09-27 04:22 - 2013-10-06 18:14 - 00000000 ____D C:\Users\s\AppData\Roaming\vlc
2013-09-27 04:20 - 2013-09-27 04:20 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-26 22:44 - 2013-09-26 22:44 - 01660733 _____ C:\Users\s\Downloads\Beispiele-AutoIt-Hilfe-Deutsch-3.3.8.1-Stand-28_12_12.zip
2013-09-25 18:13 - 2013-09-25 18:13 - 00000000 ___DL C:\Users\s\DL
2013-09-25 17:44 - 2013-09-25 17:48 - 00000303 _____ C:\Users\s\mm.bat
2013-09-25 17:39 - 2013-09-25 17:39 - 12839824 _____ C:\Users\s\Downloads\MediathekView_3.3.0.zip
2013-09-25 16:45 - 2013-09-25 16:45 - 00000848 _____ C:\Users\Public\Desktop\ StreamTransport.lnk
2013-09-25 16:45 - 2013-09-25 16:45 - 00000000 ____D C:\Program Files\StreamTransport
2013-09-25 16:45 - 2009-10-27 19:31 - 03982240 _____ (Adobe Systems, Inc.) C:\Windows\system32\Flash10d.ocx
2013-09-25 16:28 - 2013-09-25 16:28 - 00320856 _____ C:\Users\s\Downloads\Portable_Stream_Transport_v1_02_1700_2_174.exe
2013-09-25 16:21 - 2013-09-25 16:22 - 03571554 _____ (                                                            ) C:\Users\s\Downloads\streamtransport_setup.exe
2013-09-25 16:16 - 2013-09-25 16:16 - 01345792 _____ C:\Users\s\Downloads\StreamTransport-Setup.exe

==================== One Month Modified Files and Folders =======

2013-10-25 11:08 - 2010-07-11 09:34 - 00000000 ____D C:\Users\Gast
2013-10-25 11:08 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-25 11:06 - 2013-10-25 11:06 - 00000000 ____D C:\FRST
2013-10-25 11:04 - 2013-10-25 11:04 - 01088113 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-10-25 11:02 - 2010-06-21 15:34 - 01420394 _____ C:\Windows\WindowsUpdate.log
2013-10-25 10:58 - 2010-07-04 21:05 - 00000000 ____D C:\Users\s\AppData\Roaming\Mozilla
2013-10-25 10:58 - 2006-11-02 12:33 - 01503362 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-25 10:52 - 2010-07-13 16:29 - 17670428 _____ C:\Users\s\DesktopStCenter.txt
2013-10-25 10:51 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 10:51 - 2006-11-02 14:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 10:51 - 2006-11-02 14:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 02:04 - 2013-10-25 02:04 - 00000798 _____ C:\Users\s\TROJANER.2
2013-10-25 02:04 - 2010-07-13 16:32 - 00000000 ____D C:\Users\s\AppData\Roaming\FRITZ!
2013-10-25 02:04 - 2009-03-03 19:58 - 00000000 ____D C:\Users\s
2013-10-25 02:04 - 2006-11-02 14:58 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-24 22:05 - 2013-04-26 11:13 - 00023666 _____ C:\Windows\PFRO.log
2013-10-24 14:51 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-23 00:39 - 2013-10-23 00:39 - 00000130 _____ C:\Users\s\FFERR
2013-10-21 02:41 - 2010-06-02 17:38 - 00000000 ____D C:\Users\s\progs
2013-10-21 02:35 - 2013-10-21 02:34 - 08623952 _____ (PortableApps.com) C:\Users\s\Downloads\FreeFileSyncPortable_5.22.paf.exe
2013-10-21 01:30 - 2010-07-02 03:18 - 00000000 ____D C:\Users\s\AppData\Roaming\Foxit Software
2013-10-20 00:42 - 2011-03-11 20:00 - 00000000 ____D C:\Users\a\AppData\Roaming\Foxit Software
2013-10-18 04:03 - 2013-02-26 19:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-17 13:03 - 2013-08-12 15:27 - 00030596 _____ C:\Users\s\Downloads\wg.log
2013-10-16 19:47 - 2013-01-31 04:24 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-16 19:47 - 2013-01-31 02:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 19:22 - 2012-04-06 16:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 18:19 - 2013-10-15 18:19 - 00000000 ____D C:\Users\s\AppData\Roaming\enchant
2013-10-15 18:19 - 2013-10-15 18:15 - 10425940 _____ C:\Users\Public\Slist-d.20131015
2013-10-15 18:15 - 2006-11-02 13:18 - 00000000 ____D C:\Users\Public
2013-10-15 18:13 - 2013-10-15 18:13 - 10425940 _____ C:\Users\Public\Slist.20131015
2013-10-15 18:12 - 2013-10-15 18:09 - 15836414 _____ C:\Users\Public\Clist.20131015
2013-10-14 18:28 - 2009-03-03 23:05 - 00000000 ____D C:\Users\s\BAT
2013-10-14 13:15 - 2010-09-01 20:59 - 00000000 ____D C:\Users\s\WIN
2013-10-14 11:39 - 2012-04-06 16:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-14 11:39 - 2011-05-14 12:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 13:23 - 2013-10-11 03:32 - 00000111 _____ C:\Users\s\Downloads\BEATLES
2013-10-11 03:28 - 2013-10-11 03:27 - 17411807 _____ C:\Users\s\Downloads\Shoujie Yang - Dr. Herbert Neubauer Stockholm WM 2012 - YouTube [360p].mp4
2013-10-10 15:39 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 15:25 - 2012-10-30 23:07 - 00464744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:52 - 2013-08-14 03:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 09:52 - 2013-02-01 20:34 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-10-10 09:40 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-10 09:23 - 2013-10-10 09:23 - 25003354 _____ C:\Users\Public\GList.20131010
2013-10-10 02:06 - 2012-02-12 22:33 - 00000000 ____D C:\Users\Public\dradiorecorder
2013-10-09 17:22 - 2013-10-09 17:22 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-09 03:45 - 2013-10-09 03:45 - 00005967 _____ C:\Users\s\1UND1.2
2013-10-09 02:22 - 2013-10-09 02:22 - 34264915 _____ C:\Users\Public\Clist-d.20131009
2013-10-09 02:21 - 2013-10-09 02:21 - 34264915 _____ C:\Users\Public\Clist.20131009
2013-10-08 18:58 - 2011-09-16 19:42 - 00000000 ____D C:\Users\a\AppData\Roaming\Nitro PDF
2013-10-08 18:38 - 2011-10-25 02:07 - 00000000 ____D C:\Users\a\AppData\Roaming\HpUpdate
2013-10-08 18:38 - 2011-05-31 03:36 - 00000000 ____D C:\Users\a\AppData\Roaming\enchant
2013-10-08 18:38 - 2010-07-01 17:39 - 00000000 ____D C:\Users\s\AppData\Roaming\HpUpdate
2013-10-08 18:38 - 2010-06-10 00:19 - 00000000 ____D C:\Windows\pss
2013-10-08 18:38 - 2009-04-26 20:46 - 00000000 ____D C:\Users\s\AppData\Roaming\Roxio
2013-10-08 18:37 - 2013-07-03 18:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-08 18:37 - 2012-10-10 16:08 - 00000000 ____D C:\Program Files\Kernel Outlook PST Viewer
2013-10-08 18:37 - 2012-02-06 00:40 - 00000000 ____D C:\Program Files\Copernic Desktop Search - Home
2013-10-08 18:37 - 2011-10-22 21:53 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 18:37 - 2010-07-05 13:14 - 00000000 ____D C:\Program Files\SlickEdit
2013-10-08 18:37 - 2010-07-02 02:47 - 00000000 ____D C:\Program Files\ABBYY FineReader 5.0 Pro
2013-10-08 18:37 - 2010-06-27 15:45 - 00000000 ____D C:\ProgramData\launcher
2013-10-08 18:37 - 2010-06-27 15:45 - 00000000 ____D C:\ProgramData\explauncher
2013-10-08 18:07 - 2013-10-06 15:45 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-08 18:07 - 2012-10-30 22:14 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-10-08 17:38 - 2013-10-08 17:38 - 00000379 _____ C:\Users\s\MSE
2013-10-07 19:34 - 2012-10-30 22:14 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-06 20:09 - 2010-06-10 22:54 - 00002246 _____ C:\Users\s\XCOPYall.BAT
2013-10-06 18:14 - 2013-09-27 04:22 - 00000000 ____D C:\Users\s\AppData\Roaming\vlc
2013-10-06 17:19 - 2013-10-06 16:54 - 46427540 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [480p].flv
2013-10-06 17:18 - 2013-10-06 17:18 - 00000000 ____D C:\Users\s\Documents\Freemake
2013-10-06 17:16 - 2013-10-06 16:52 - 45982107 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [360p].flv
2013-10-06 15:56 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\Documents\Freemake
2013-10-06 15:55 - 2013-10-06 15:44 - 00000000 ____D C:\ProgramData\Freemake
2013-10-06 15:54 - 2012-10-30 22:20 - 00000000 ____D C:\Users\s\AppData\Roaming\TuneUp Software
2013-10-06 15:50 - 2007-06-30 07:40 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-06 15:46 - 2012-10-30 22:14 - 00000000 ____D C:\Users\a\AppData\Roaming\TuneUp Software
2013-10-06 15:44 - 2013-10-06 15:44 - 00001073 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\OpenCandy
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Program Files\Freemake
2013-09-29 19:29 - 2013-09-29 18:11 - 00000000 ____D C:\Users\s\Downloads\The+Beatles+-+Munich+Concert+1966-by+buenrock-part1
2013-09-29 18:57 - 2013-09-29 18:57 - 00000000 ____D C:\Program Files\diamondata
2013-09-29 18:56 - 2013-09-29 18:56 - 00001662 _____ C:\Users\Public\Desktop\GoforFiles.lnk
2013-09-29 18:56 - 2013-09-29 18:56 - 00000000 ____D C:\Users\a\AppData\Roaming\GoforFiles
2013-09-29 18:56 - 2013-09-29 18:56 - 00000000 ____D C:\Program Files\GoforFiles
2013-09-29 18:13 - 2013-09-29 18:13 - 00000000 ____D C:\usres
2013-09-28 07:23 - 2013-09-28 07:23 - 00003261 _____ C:\Users\s\Downloads\linkhandler.php
2013-09-27 04:47 - 2013-09-27 04:47 - 00000913 _____ C:\Users\Public\hex8.1
2013-09-27 04:20 - 2013-09-27 04:20 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-26 22:44 - 2013-09-26 22:44 - 01660733 _____ C:\Users\s\Downloads\Beispiele-AutoIt-Hilfe-Deutsch-3.3.8.1-Stand-28_12_12.zip
2013-09-25 18:13 - 2013-09-25 18:13 - 00000000 ___DL C:\Users\s\DL
2013-09-25 17:48 - 2013-09-25 17:44 - 00000303 _____ C:\Users\s\mm.bat
2013-09-25 17:39 - 2013-09-25 17:39 - 12839824 _____ C:\Users\s\Downloads\MediathekView_3.3.0.zip
2013-09-25 16:45 - 2013-09-25 16:45 - 00000848 _____ C:\Users\Public\Desktop\ StreamTransport.lnk
2013-09-25 16:45 - 2013-09-25 16:45 - 00000000 ____D C:\Program Files\StreamTransport
2013-09-25 16:28 - 2013-09-25 16:28 - 00320856 _____ C:\Users\s\Downloads\Portable_Stream_Transport_v1_02_1700_2_174.exe
2013-09-25 16:22 - 2013-09-25 16:21 - 03571554 _____ (                                                            ) C:\Users\s\Downloads\streamtransport_setup.exe
2013-09-25 16:16 - 2013-09-25 16:16 - 01345792 _____ C:\Users\s\Downloads\StreamTransport-Setup.exe

Files to move or delete:
====================
C:\Users\s\AppData\Roaming\CamData.ini
C:\Users\s\AppData\Roaming\CamLayout.ini
C:\Users\s\AppData\Roaming\CamShapes.ini
C:\Users\Gast\PINGUINS.BAT
C:\Users\Public\EXETimer.exe
C:\Users\Public\HDDSCAN5.bat
C:\Users\Public\HDDSCANX.bat
C:\Users\Public\isound7.exe
C:\Users\Public\LO.BAT
C:\Users\Public\phonostar.exe
C:\Users\Public\phonostarStarter.exe
C:\Users\Public\PINGUINS.BAT
C:\Users\s\#.bat
C:\Users\s\#0.bat
C:\Users\s\DIRALL.BAT
C:\Users\s\DIRsTemp.BAT
C:\Users\s\DOS0.BAT
C:\Users\s\E-OOHist.BAT
C:\Users\s\env.bat
C:\Users\s\IV6.BAT
C:\Users\s\IV7.BAT
C:\Users\s\mm.bat
C:\Users\s\msahci.reg
C:\Users\s\pro.bat
C:\Users\s\Start.exe
C:\Users\s\sub-.bat
C:\Users\s\sub.bat
C:\Users\s\sub0.bat
C:\Users\s\T.BAT
C:\Users\s\TST.BAT
C:\Users\s\XCOPYall.BAT


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-25 10:58

==================== End Of Log ============================
--- --- ---

------------------------------------------------------------------------
Addition.txt
------------------------------------------------------------------------FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2013 01
Ran by a at 2013-10-25 11:10:21
Running from C:\Users\s\DL
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7sDoc-lite 1.3.0
ABBYY FineReader 5.0 Pro (Version: 5.0)
ABBYY FineReader 5.0 Sprint (Version: 5.0.0.3347)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2263.40821)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Agere Systems HDA Modem
ASIO4ALL (Version: 2.10)
ATI Uninstaller
Audiograbber 1.83 SE  (Version: 1.83 SE)
AutoHotkey 1.1.10.01 (Version: 1.1.10.01)
AutoIt v3.3.8.1
AVG 2013 (Version: 13.0.2637)
AVM FRITZ!DSL (Version: 2.04.03)
BatteryCare 0.9.10.0 (Version: 0.9.10.0)
Broadcom 802.11-WLAN-Adapter (Version: 4.170.77.3)
Browser Mouse
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CamStudio
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Dutch (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Finnish (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization French (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization German (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Greek (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Hungarian (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Italian (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Japanese (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Korean (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Norwegian (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Polish (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Portuguese (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Russian (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Spanish (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Swedish (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Thai (Version: 2007.0202.1934.34870)
Catalyst Control Center Localization Turkish (Version: 2007.0202.1934.34870)
CCC Help Chinese Standard (Version: 2007.0202.1933.34870)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2007.0202.1933.34870)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2007.0202.1933.34870)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2007.0202.1933.34870)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2007.0202.1933.34870)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2007.0202.1933.34870)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2007.0202.1933.34870)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2007.0202.1933.34870)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2007.0202.1933.34870)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2007.0202.1933.34870)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2007.0202.1933.34870)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2007.0202.1933.34870)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2007.0202.1933.34870)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2007.0202.1933.34870)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2007.0202.1933.34870)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2007.0202.1933.34870)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2007.0202.1933.34870)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2007.0202.1933.34870)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2007.0202.1933.34870)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2007.0202.1933.34870)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2007.0202.1933.34870)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2007.0202.1933.34870)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-Branding (Version: 1.00.0000)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
Cda Product Service - shared component
CHIPDRIVE Smartcard Commander
Chipkartenleser
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
ClipMagic 3.2.3 (Version: 4.1)
Convert Doc
DAEMON Tools Lite (Version: 4.46.1.0327)
diamondata 1.0.0 (Version: 1.0.0)
dradio-Recorder Version 3.02.6
DriveImage XML (Private Edition) (Version: 2.44.000)
DSL-Turbo
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
ESU for Microsoft Vista (Version: 1.0.10.1)
EVEREST Home Edition v2.20 (Version: 2.20)
Feedback Tool (Version: 1.2.0)
Free Studio version 5.0.9
FreeHDL 0.0.8 binary package for Win32
Freemake Video Converter Version 4.0.4 (Version: 4.0.4)
GNU Octave 3.6.4 (Version: 3.6.4)
GoforFiles (HKCU Version: 1.9.1)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GPL Ghostscript (Version: 9.07)
GSview 5.0 (Version: 5.0)
HD Tune 2.55
Hewlett-Packard Active Check (Version: 1.1.7.0)
Hewlett-Packard Asset Agent (Version: 2.0.58.0)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP BIOS Configuration for ProtectTools (Version: 3.00 C1)
HP Deskjet 2510 series - Grundlegende Software für das Gerät (Version: 28.0.1313.0)
HP Deskjet 2510 series Hilfe (Version: 27.0.0)
HP Deskjet 2510 series Setup Guide (Version: 27.0.0)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 1.0.0)
HP Notebook Accessories Product Tour (Version: 13.0.0)
HP Photo Creations (Version: 1.0.0.7702)
HP Product Detection (Version: 10.7.4.0)
HP ProtectTools Security Manager (Version: 3.00 A10)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Update (Version: 5.003.003.001)
HP User Guides 0064 (Version: 1.03.0000)
HP Wireless Assistant (Version: 3.50.10.1)
Icarus Verilog 0.9.6 (Version: 0.9.6)
iMacros Version 7.5.1.1734 (Version: 7.5.1.1734)
InterVideo Register Manager (Version: 1.0.4.0)
Join Air (Version: 1.0.0.2)
Kernel Outlook PST Viewer ver 11.05.01
LightScribe System Software  1.10.16.1 (Version: 1.10.16.1)
Linguatec Voice Reader Studio (Version: 1.00.0000)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft Tool Web Package:Diruse.exe (Version: 1.0.0.1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Performance Toolkit (Version: 4.6.0)
MinGW32 C/C++ 0.0.2 binary package for Win32
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
MSCU for Microsoft Vista (Version: 1.0.1.3)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia keyboard utility
MyDefrag v4.3.1 (Version: 4.0.0.0)
Neat Image v7.3.0 Demo Standalone
Nero 8 Essentials (Version: 8.10.135)
neroxml (Version: 1.0.0)
NET Installation Assistance for VB6 App (Runtime Only) (Version: 1.0.0)
Nitro Reader 3 (Version: 3.5.2.10)
No23 Recorder (Version: 2.1.0.3)
No23Live (Version: 1.0.4.20)
OLYMPUS Master 2 (Version: 1.0.5)
Orbit Downloader
PdfGrabber 6.0 (Version: 6.0.0.0)
ProgDVB (Version: 6.9x)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.1.3.100)
Quite Universal Circuit Simulator 0.0.17 binary package for Win32
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Basic v9 (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Roxio MyDVD Basic v9 (Version: 9.0.116)
SCR3xxx Smart Card Reader (Version: 8.30)
Search Assistant MocaFlix 1.66
Security Task Manager 1.8d (Version: 1.8d)
Skins (Version: 2010.0210.2339.42455)
SlickEdit 11.0.0
soft Xpansion Perfect PDF 7 Reader (Version: 7.0.9.6)
SoftwareUpdater
Some PDF to Word Converter 2.0
Sonic Activation Module (Version: 1.0)
SoundTap Audiostream-Rekorder
Streamripper (Remove only)
StreamTransport version: 1.0.2.2171
SumatraPDF (Version: 2.2)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
USIM Editor 1.0.25.0
VCRedistSetup (Version: 1.0.0)
Vista Default Settings (Version: 1.0.5.1)
VistaBootPRO 3.3 (Version: 3.3.0)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.1.0 (Version: 2.1.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
WinFuture xp-Iso-Builder 3.0.7
Zattoo4 4.0.5 (Version: 4.0.5)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25D438E5-0B31-4EBE-BC53-562C0D44E940} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {3424BCFB-6963-4722-B22D-9F33D0200334} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {5C560A48-B9E0-4056-85D4-2D4D54F6A99C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - a => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {5EA8AF9D-ACC0-4111-BA37-DED4C305ED9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {845C136B-451F-47FC-A946-EA8A8F856E03} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {955BC869-E969-4D89-B546-2AE137818FF3} - System32\Tasks\BatteryCareAuto => C:\Program Files\BatteryCare\BatteryCare.exe [2012-07-08] (Filipe Lourenço)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {A25EA4F6-38E0-4B9A-91E2-E113596775D5} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {C35C2F6F-4F76-45B3-8309-D119DB787D19} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {C84545D0-FE4B-461C-A666-3AA7E6DDC311} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14] (Adobe Systems Incorporated)
Task: {E1E6CF49-FCD2-4BD4-8837-9AA1EABAC278} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {EFE7EC10-1CA0-4B8F-8EFF-FAF46B8888D3} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-02-28] ()
Task: {F5AF3881-9979-4033-B2A2-E00D96ED22E9} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe [2013-09-29] (hxxp://goforfiles.com/)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-11 07:30 - 2010-02-11 07:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-10-25 10:53 - 2013-10-25 10:53 - 00011264 _____ () Z:\Temp\nsr99B7.tmp\System.dll
2013-10-25 10:53 - 2013-10-25 10:53 - 00008704 _____ () Z:\Temp\nsr99B7.tmp\newadvsplash.dll
2013-10-25 10:53 - 2013-10-25 10:53 - 00029696 _____ () Z:\Temp\nsr99B7.tmp\registry.dll
2013-10-25 10:58 - 2013-10-25 10:58 - 00029696 _____ () Z:\Temp\nsx8349.tmp\registry.dll
2013-10-25 10:58 - 2013-10-25 10:58 - 00008704 _____ () Z:\Temp\nsx8349.tmp\newadvsplash.dll
2013-10-25 10:58 - 2013-10-25 10:58 - 00011264 _____ () Z:\Temp\nsx8349.tmp\System.dll
2013-09-11 04:26 - 2013-09-11 04:26 - 03279768 _____ () C:\Users\s\PortableApps\FirefoxPortable\App\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Agere Systems HDA Modem
Description: Agere Systems HDA Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Agere
Service: Modem
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Standard-Volumeschattenkopie
Description: Standard-Volumeschattenkopie
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2013 07:48:24 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Hr = 0x81000101).

Error: (10/24/2013 07:48:24 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{a658c679-080e-11de-a499-806e6f6e6963} - 00000150,0x0053c008,00950BC8,0,0014AFD0,4096,[0])". hr = 0x80070079.


Vorgang:
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/24/2013 03:21:18 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 3.5 SP1 - Update "KB2840629" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei Z:\Temp\Microsoft .NET Framework 3.5-KB2840629_20131024_012109023-Msi0.txt enthalten.

Error: (10/24/2013 03:21:05 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 3.5 SP1 - Update "KB2736416" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei Z:\Temp\Microsoft .NET Framework 3.5-KB2736416_20131024_012059194-Msi0.txt enthalten.

Error: (10/24/2013 03:20:55 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 3.5 SP1 - Update "KB963707" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei Z:\Temp\Microsoft .NET Framework 3.5-KB963707_20131024_012051155-Msi0.txt enthalten.

Error: (10/24/2013 03:20:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 3.5 SP1 - Update "KB2861697" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei Z:\Temp\Microsoft .NET Framework 3.5-KB2861697_20131024_012036340-Msi0.txt enthalten.

Error: (10/24/2013 03:20:32 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Hr = 0x81000101).

Error: (10/24/2013 03:20:32 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{a658c679-080e-11de-a499-806e6f6e6963} - 00000154,0x0053c008,01AC0BC8,0,0079AFD0,4096,[0])". hr = 0x80070079.


Vorgang:
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/23/2013 05:19:00 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (10/23/2013 05:19:00 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x81000101).


System errors:
=============
Error: (10/25/2013 11:02:51 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.161.596.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.3.0219.00

        Quellpfad: 4.3.0219.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (10/25/2013 11:02:51 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.161.596.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.3.0219.00

        Quellpfad: 4.3.0219.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (10/25/2013 11:02:51 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.161.596.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.3.0219.00

        Quellpfad: 4.3.0219.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (10/25/2013 10:51:57 AM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (10/25/2013 10:51:57 AM) (Source: Service Control Manager) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (10/24/2013 10:05:52 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (10/24/2013 10:05:52 PM) (Source: Service Control Manager) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (10/24/2013 10:03:34 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (10/24/2013 07:48:24 AM) (Source: volsnap) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.

Error: (10/24/2013 03:22:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 3.5 SP1 unter Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2840629){1FB67FB2-12FD-4064-BDE6-7FA9248A36A0}202


Microsoft Office Sessions:
=========================
Error: (10/24/2013 07:48:24 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (10/24/2013 07:48:24 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a658c679-080e-11de-a499-806e6f6e6963} - 00000150,0x0053c008,00950BC8,0,0014AFD0,4096,[0])0x80070079

Vorgang:
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/24/2013 03:21:18 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft .NET Framework 3.5 SP1KB28406291603Z:\Temp\Microsoft .NET Framework 3.5-KB2840629_20131024_012109023-Msi0.txt(NULL)

Error: (10/24/2013 03:21:05 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft .NET Framework 3.5 SP1KB27364161603Z:\Temp\Microsoft .NET Framework 3.5-KB2736416_20131024_012059194-Msi0.txt(NULL)

Error: (10/24/2013 03:20:55 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft .NET Framework 3.5 SP1KB9637071603Z:\Temp\Microsoft .NET Framework 3.5-KB963707_20131024_012051155-Msi0.txt(NULL)

Error: (10/24/2013 03:20:47 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft .NET Framework 3.5 SP1KB28616971603Z:\Temp\Microsoft .NET Framework 3.5-KB2861697_20131024_012036340-Msi0.txt(NULL)

Error: (10/24/2013 03:20:32 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (10/24/2013 03:20:32 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a658c679-080e-11de-a499-806e6f6e6963} - 00000154,0x0053c008,01AC0BC8,0,0079AFD0,4096,[0])0x80070079

Vorgang:
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (10/23/2013 05:19:00 PM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (10/23/2013 05:19:00 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101


CodeIntegrity Errors:
===================================
  Date: 2013-10-16 19:47:08.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:47:07.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:47:07.338
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:47:06.813
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:53.929
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:53.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:52.831
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:52.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:51.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-16 19:46:51.089
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 2942.53 MB
Available physical RAM: 1046.1 MB
Total Pagefile: 3781.07 MB
Available Pagefile: 1763 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.11 GB) (Free:0.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.59 GB) (Free:0.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (OS_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.29 GB) NTFS
Drive g: () (Fixed) (Total:61.52 GB) (Free:0.95 GB) NTFS
Drive h: () (Fixed) (Total:39.27 GB) (Free:0.41 GB) NTFS
Drive z: (RamDisk) (Fixed) (Total:1 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 8451F94D)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 25.10.2013 11:32
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

siggi30 25.10.2013 12:42
Code:
ComboFix 13-10-24.01 - a 25.10.2013  13:10:44.1.2 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.2943.942 [GMT 2:00]
ausgeführt von:: c:\users\s\DL\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\a\AppData\Local\lame_enc.dll
c:\users\a\AppData\Local\no23xwrapper.dll
c:\users\a\AppData\Local\ogg.dll
c:\users\a\AppData\Local\vorbisenc.dll
c:\users\a\AppData\Local\vorbisfile.dll
c:\users\a\AppData\LocalLow\Flagfox\IE\FlAGfox.dll
c:\users\Public\phonostarStarter.exe
c:\users\s\1252.123
c:\users\s\850.123
c:\users\s\AppData\Roaming\9961660784cc2937229a742.95731288
c:\users\s\z.0
c:\users\s\Z.1
c:\users\s\z.2
c:\windows\#.bat
c:\windows\CdaC13BA.EXE
c:\windows\CdaC14BA.DLL
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
D:\Autorun.inf
z:\temp\nsr99B7.tmp\newadvsplash.dll
z:\temp\nsr99B7.tmp\registry.dll
z:\temp\nsr99B7.tmp\System.dll
z:\temp\nst8551.tmp\registry.dll
z:\temp\nst8551.tmp\System.dll
z:\temp\nsx8349.tmp\newadvsplash.dll
z:\temp\nsx8349.tmp\registry.dll
z:\temp\nsx8349.tmp\System.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVUPDATER
-------\Service_SrvUpdater
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-25 bis 2013-10-25  ))))))))))))))))))))))))))))))
.
.
2013-10-25 11:23 . 2013-10-25 11:23        62576        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1620BAD3-DA55-4E98-A588-AF7EFC76EC99}\offreg.dll
2013-10-25 11:19 . 2013-10-25 11:23        --------        d-----w-        c:\users\s\AppData\Local\temp
2013-10-25 09:06 . 2013-10-25 09:06        --------        d-----w-        C:\FRST
2013-10-24 05:48 . 2013-10-14 06:39        7796464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1620BAD3-DA55-4E98-A588-AF7EFC76EC99}\mpengine.dll
2013-10-22 23:10 . 2013-10-14 06:39        7796464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 02:12 . 2013-10-18 02:11        719224        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6889A87B-5542-4261-9572-54100ACE7AF0}\gapaengine.dll
2013-10-15 16:19 . 2013-10-15 16:19        --------        d-----w-        c:\users\s\AppData\Roaming\enchant
2013-10-09 18:33 . 2011-05-05 13:54        19456        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-10-09 18:33 . 2013-07-12 09:04        134272        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2013-10-09 18:33 . 2013-06-26 23:01        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2013-10-09 18:33 . 2013-06-04 01:49        293376        ----a-w-        c:\windows\system32\atmfd.dll
2013-10-09 18:33 . 2013-06-04 04:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2013-10-09 18:33 . 2013-07-04 04:21        532480        ----a-w-        c:\windows\system32\comctl32.dll
2013-10-09 18:33 . 2013-07-03 02:33        35328        ----a-w-        c:\windows\system32\drivers\usbscan.sys
2013-10-09 18:33 . 2013-07-03 02:10        25472        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2013-10-09 15:22 . 2013-10-09 15:22        0        ----a-w-        c:\windows\ativpsrm.bin
2013-10-06 13:45 . 2013-10-08 16:07        --------        d-sh--w-        c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 13:44 . 2013-10-06 13:55        --------        d-----w-        c:\programdata\Freemake
2013-10-06 13:44 . 2013-10-06 13:44        --------        d-----w-        c:\users\a\AppData\Roaming\OpenCandy
2013-10-06 13:44 . 2013-10-06 13:44        --------        d-----w-        c:\program files\Freemake
2013-09-29 16:57 . 2013-09-29 16:57        --------        d-----w-        c:\program files\diamondata
2013-09-29 16:56 . 2013-09-29 16:56        --------        d-----w-        c:\users\a\AppData\Roaming\GoforFiles
2013-09-29 16:56 . 2013-09-29 16:56        --------        d-----w-        c:\program files\GoforFiles
2013-09-29 16:13 . 2013-09-29 16:13        --------        d-----w-        C:\usres
2013-09-27 02:22 . 2013-10-06 16:14        --------        d-----w-        c:\users\s\AppData\Roaming\vlc
2013-09-25 16:13 . 2013-09-25 16:13        --------        d-----we        c:\users\s\DL
2013-09-25 15:44 . 2013-09-25 15:48        303        ----a-w-        c:\users\s\mm.bat
2013-09-25 14:45 . 2009-10-27 17:31        3982240        ----a-w-        c:\windows\system32\Flash10d.ocx
2013-09-25 14:45 . 2013-09-25 14:45        --------        d-----w-        c:\program files\StreamTransport
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 09:39 . 2012-04-06 14:31        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-10-14 09:39 . 2011-05-14 10:18        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-06 18:09 . 2010-06-10 20:54        2246        ----a-w-        c:\users\s\XCOPYall.BAT
2013-09-07 02:47 . 2013-03-13 07:52        718712        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-18 12:23 . 2010-06-10 22:52        2489        ----a-w-        c:\users\s\sub.bat
2013-08-12 08:48 . 2012-11-15 11:30        179        ----a-w-        c:\users\Public\LO.BAT
2013-08-07 03:41 . 2013-08-07 03:41        541        ----a-w-        c:\users\s\DIRALL.BAT
2013-08-02 04:09 . 2013-08-28 09:15        1548288        ----a-w-        c:\windows\system32\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-Recorder"="c:\program files\dradio-Recorder\phonostarStarter.exe" [2012-04-03 113152]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2010-04-27 138072]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iv6 - Verknüpfung.lnk - c:\users\Gast\AutoHotkey104805\iv6.bat [2010-7-22 114]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2013-7-3 274840]
.
c:\users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoHotkey1.lnk - c:\users\s\progs\AutoHotkey104805\AutoHotkey.exe c:\users\s\1.ahk [2010-6-10 245248]
Blau.lnk - c:\windows\System32\cmd.exe /K sub [2010-6-2 318976]
Command Prompt.lnk - c:\windows\System32\cmd.exe [2010-6-2 318976]
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
Gelb.lnk - c:\windows\System32\cmd.exe [2010-6-2 318976]
Grün.lnk - c:\windows\System32\cmd.exe [2010-6-2 318976]
PortableAppsPlatform.exe - Verknüpfung.lnk - c:\users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe [2012-10-14 2713672]
Rot.lnk - c:\windows\System32\cmd.exe [2010-6-2 318976]
.
c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
ClipMagic.lnk - c:\program files\ClipMagic3.2.3\clipmagic.exe [2005-12-13 964248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tevion Scanner Finder.lnk]
backup=c:\windows\pss\Tevion Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
backup=c:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryCare]
2012-07-08 20:34        728064        ----a-w-        c:\program files\BatteryCare\BatteryCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46        3673728        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2010-06-23 02:00        384512        ----a-w-        c:\program files\Multimedia keyboard utility\KBDAP32A.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2010-06-23 01:53        465920        ----a-w-        c:\program files\Browser Mouse\Mouse32V.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2009-09-01 09:41        499768        ----a-w-        c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41        196608        ----a-w-        c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-09-19 19:48        455968        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProgLauncher]
2013-04-23 16:38        372136        ----a-w-        c:\program files\ProgDVB\ProgLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 13:52        145184        ----a-w-        c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2009-11-11 14:11        287800        ----a-r-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11        287800        ----a-r-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 01:17        1791272        ----a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemExplorerAutoStart]
2013-05-16 14:00        2851784        ----a-w-        c:\users\s\PortableApps\SystemExplorerPortable\App\SystemExplorer\SystemExplorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-04-27 15:06        138072        ----a-w-        c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBestCR]
2011-09-25 19:35        4792320        ----a-w-        c:\program files\USIM Editor\iconcs1611750.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00        192512        ----a-w-        c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28        2153472        ----a-w-        c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-09-01 09:41        499768        ----a-w-        c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2902011239-2132124238-3506956372-1006]
"EnableNotificationsRef"=dword:00000001
.
R3 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2011-09-25 65536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-19 19:46        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:39]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 15:30]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 15:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page =
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\
FF - ExtSQL: 2013-09-28 06:31; firefox@diamondata.net; c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\firefox@diamondata.net.xpi
FF - ExtSQL: 2013-10-06 15:44; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5a9f98b6000000000000001a4b90d8f5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15812
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.163:37
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-CdaC13Ba - c:\windows\CdaC13BA.EXE
AddRemove-Chipkartenleser - c:\windows\unin0407.exe
AddRemove-Convert Doc_is1 - c:\program files\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-10-25 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
c:\program files\GoforFiles\GFFUpdater.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-25  13:30:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-25 11:30
.
Vor Suchlauf: 647.385.088 Bytes frei
Nach Suchlauf: 384.835.584 Bytes frei
.
- - End Of File - - 54BEE38E9E39BF791FAA9A28DD1361DA
07D2E0BB2B372A9E5EE57CE16C7EA284

schrauber 26.10.2013 12:03
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

siggi30 26.10.2013 15:48
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
a :: S-PC [Administrator]

26.10.2013 15:10:40
MBAM-log-2013-10-26 (15-27-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256831
Laufzeit: 12 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diamondata (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\Software\diamondata (PUP.Optional.diamondata.A) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\diamondata (PUP.Optional.Diamondata.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SOFTWAREUPDATER (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\SoftwareUpdater|partner_keyword (PUP.Optional.SoftwareUpdater.A) -> Daten: EAZELDE -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 7
C:\Program Files\diamondata (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Users\a\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Users\s\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\s\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\a\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\a\AppData\Roaming\OpenCandy\909AE92DEA0D4312B0F9EF7741F6B08F (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 22
C:\Users\s\Downloads\Portable_Stream_Transport_v1_02_1700_2_174.exe (PUP.Optional.OneClickDownloader.A) -> Keine Aktion durchgeführt.
C:\Users\s\PortableApps\Riot-setup.zip (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\s\PortableApps\Riot_dll.zip (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\s\progs\Firemin_2.0.1.11_portable_downloader_de_99251.exe (PUP.Optional.GoForFiles.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\diamondata.ico (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\diamondata.Common.dll (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\diamondataBHO.dll (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\diamondataUninstall.exe (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Program Files\diamondata\updatediamondata.exe (PUP.Optional.DiamonData.A) -> Keine Aktion durchgeführt.
C:\Users\a\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\KeyGen.dll (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\AppsUpdater.exe (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\AppsUpdater.exe.config (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\config.xml (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\Interop.Shell32.dll (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\translations.xml (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\uninstall.exe (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Program Files\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> Keine Aktion durchgeführt.
C:\Users\s\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\s\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\a\AppData\Roaming\OpenCandy\909AE92DEA0D4312B0F9EF7741F6B08F\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
Code:
# AdwCleaner v3.010 - Bericht erstellt am 26/10/2013 um 15:52:57
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzername : a - S-PC
# Gestartet von : C:\Users\s\DL\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Program Files\goforfiles
Ordner Gelöscht : C:\Program Files\MocaFlix
Ordner Gelöscht : C:\Program Files\optimizer pro
Ordner Gelöscht : C:\Program Files\orbitdownloader
Ordner Gelöscht : C:\Program Files\Red Sky
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
[!] Ordner Gelöscht : C:\Users\s\OCS
Ordner Gelöscht : C:\Users\a\appData\Local\DownTango
Ordner Gelöscht : C:\Users\a\appData\Local\eSupport.com
Ordner Gelöscht : C:\Users\a\appData\Local\Wajam
Ordner Gelöscht : C:\Users\a\appData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\a\appData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\a\appData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\a\appData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Datei Gelöscht : \END
Datei Gelöscht : C:\Users\a\appData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\a\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\invalidprefs.js
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\gdk6r6k0.default\invalidprefs.js
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\searchplugins\delta.xml
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\gdk6r6k0.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\user.js
Datei Gelöscht : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\gdk6r6k0.default\user.js
Datei Gelöscht : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5AF3881-9979-4033-B2A2-E00D96ED22E9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5AF3881-9979-4033-B2A2-E00D96ED22E9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_56ec1d15
Schlüssel Gelöscht : HKCU\Software\5e57d78fbd34be47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Orbit
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{16726771-C380-4280-BAF9-1223B3838786}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "5a9f98b6000000000000001a4b90d8f5");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15812");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.163:37:47");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

[ Datei : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\gdk6r6k0.default\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("extensions.50b85aee15064.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110809&babsrc=NT_ss&mntrId=5a9f98b6000000000000001a4b90d8f5");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?affID=110809&babsrc=KW_ss&mntrId=5a9f98b6000000000000001a4b90d8f5&q=");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "5a9f98b6000000000000001a4b90d8f5");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15812");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.163:37:45");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");

-\\ Google Chrome v

[ Datei : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13006 octets] - [26/10/2013 15:51:03]
AdwCleaner[S0].txt - [13024 octets] - [26/10/2013 15:52:57]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [13085 octets] ##########
---------------------------
Bei
Installation anti-malware:
dateien werden entpackt
Setup
Interner Fehler: Expression error 'Runtime Error (at 16:151):
RegSrv32-Aufruf scheiterte mit Exit-Code 0x5.'
---------------------------
jrt.exe lief durch, am Ende Aufforderung nach Neustart
danach war jrt.txt nicht (mehr?) zu finden.
Ist auf C: nicht vorhanden.
-----------------------------
Aufruf von frst.exe gab Aufforderung, die veraltete Version durch neue zu ersetzen.
Habe bejaht, darauf startete IE mit "webseite kann nicht angezeigt werden"
Habe IE gecancelt.
Jetzt ist frst.exe verschwunden.
Neu heruntergeladen. Gestartet.
-----------------------------------

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by a (administrator) on S-PC on 26-10-2013 16:44:08
Running from C:\Users\s\DL
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Join Air\UIExec.exe
() C:\Program Files\dradio-Recorder\phonostarTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(PortableApps.com) C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.EXE
(PortableApps.com) C:\Users\s\PortableApps\KiTTYPortable\KiTTYPortable.exe
(Simon Tatham) C:\Users\s\PortableApps\KiTTYPortable\App\KiTTY\kitty_portable.exe
(PortableApps.com) C:\Users\s\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\s\PortableApps\FirefoxPortable\App\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
() C:\users\s\PROGS\VS\win\VS.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\ntvdm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [138072 2010-04-27] ()
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [dradio-Recorder] - C:\Program Files\dradio-Recorder\phonostarStarter.exe [113152 2012-04-03] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] ()
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [13164 2013-10-26] ()
HKCU\...\Runonce: [JRTcleanup] - Z:\Temp\jrt\JRT.bat
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [] - [x]
Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iv6 - Verknüpfung.lnk
ShortcutTarget: iv6 - Verknüpfung.lnk -> C:\Users\Gast\AutoHotkey104805\iv6.bat ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey1.lnk
ShortcutTarget: AutoHotkey1.lnk -> C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blau.lnk
ShortcutTarget: Blau.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Command Prompt.lnk
ShortcutTarget: Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gelb.lnk
ShortcutTarget: Gelb.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Grün.lnk
ShortcutTarget: Grün.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableAppsPlatform.exe - Verknüpfung.lnk
ShortcutTarget: PortableAppsPlatform.exe - Verknüpfung.lnk -> C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rot.lnk
ShortcutTarget: Rot.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B9DFA372-9C13-41EE-A3E8-90AD5B8165D8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=10148&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=A2&apn_dtid=&apn_uid=05BF4130-7C66-4919-8CB0-4B89F8A31E13&apn_sauid=CC00A577-DD71-4F28-873E-DFB510D8A09C
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll No File
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll No File
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @soft-xpansion/npsxpdf - C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\firefox@diamondata.net.xpi
FF Extension: testpilot - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: defaults - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\s\PortableApps\FirefoxPortable\App\Firefox\firefox.exe

========================== Services (Whitelisted) =================

S3 AfaService; C:\Windows\system32\afasrv32.exe [65536 2011-09-25] ()
S4 bepldr6PixelPlanetService; C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe [172032 2009-11-25] ()
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196912 2011-06-21] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

S4 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [8864 2010-07-02] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2006-09-05] (Samsung Electronics Co., Ltd.)
S4 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573952 2011-04-04] (Hauppauge Computer Works, Inc.)
S4 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [16000 2011-04-04] (Hauppauge Computer Works, Inc.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2008-01-19] (Microsoft Corporation)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [12288 2009-04-30] (gavotte)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-18] (SCM Microsystems Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-15] (Duplex Secure Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2006-11-22] (Samsung Electronics)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-10-24] (NCH Software)
S3 UCharger; C:\Windows\System32\Drivers\UCharger.sys [13765 2007-05-15] ()
S3 WinRing0_1_2_0; C:\Program Files\BatteryCare\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
U3 affdudz7; C:\Windows\System32\Drivers\affdudz7.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-26 16:41 - 2013-10-26 16:41 - 01089001 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-10-26 16:21 - 2013-10-26 16:21 - 34304154 _____ C:\Users\Public\Clist-d.20131026
2013-10-26 16:20 - 2013-10-26 16:20 - 34304154 _____ C:\Users\Public\Clist.20131026
2013-10-26 16:09 - 2013-10-26 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-26 16:05 - 2013-10-26 16:06 - 01033335 _____ (Thisisu) C:\Users\s\Downloads\JRT.exe
2013-10-26 15:58 - 2013-10-26 15:53 - 00013164 _____ C:\Users\s\AdwCleaner[S0].txt
2013-10-26 15:58 - 2013-10-26 15:51 - 00013006 _____ C:\Users\s\AdwCleaner[R0].txt
2013-10-26 15:50 - 2013-10-26 15:53 - 00000000 ____D C:\AdwCleaner
2013-10-26 15:46 - 2013-10-26 15:46 - 01060070 _____ C:\Users\s\Downloads\adwcleaner.exe
2013-10-26 15:03 - 2013-10-26 15:03 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-26 15:03 - 2013-10-26 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 14:59 - 2013-10-26 15:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 14:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 14:55 - 2013-10-26 14:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-25 13:30 - 2013-10-25 13:30 - 00020978 _____ C:\ComboFix.txt
2013-10-25 13:07 - 2013-10-25 13:30 - 00000000 ____D C:\Qoobox
2013-10-25 13:07 - 2013-10-25 13:30 - 00000000 ____D C:\ComboFix
2013-10-25 13:07 - 2013-10-25 13:29 - 00000000 ____D C:\Windows\erdnt
2013-10-25 13:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-25 13:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-25 13:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-25 13:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-25 13:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-25 13:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-25 13:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-25 13:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-25 12:52 - 2013-10-25 12:52 - 05136677 ____R (Swearware) C:\Users\s\Downloads\ComboFix.exe
2013-10-25 11:10 - 2013-10-25 11:10 - 00033718 _____ C:\Users\s\Downloads\FRST1.txt
2013-10-25 11:10 - 2013-10-25 11:10 - 00030034 _____ C:\Users\s\Downloads\Addition.txt
2013-10-25 11:06 - 2013-10-25 11:06 - 00000000 ____D C:\FRST
2013-10-25 02:04 - 2013-10-26 16:08 - 00002473 _____ C:\Users\s\TROJANER.2
2013-10-23 00:39 - 2013-10-23 00:39 - 00000130 _____ C:\Users\s\FFERR
2013-10-15 18:15 - 2013-10-15 18:19 - 10425940 _____ C:\Users\Public\Slist-d.20131015
2013-10-15 18:13 - 2013-10-15 18:13 - 10425940 _____ C:\Users\Public\Slist.20131015
2013-10-15 18:09 - 2013-10-15 18:12 - 15836414 _____ C:\Users\Public\Clist.20131015
2013-10-11 03:32 - 2013-10-13 13:23 - 00000111 _____ C:\Users\s\Downloads\BEATLES
2013-10-11 03:27 - 2013-10-11 03:28 - 17411807 _____ C:\Users\s\Downloads\Shoujie Yang - Dr. Herbert Neubauer Stockholm WM 2012 - YouTube [360p].mp4
2013-10-10 09:36 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 09:36 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 09:36 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 09:36 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 09:36 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 09:36 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 09:36 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 09:36 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 09:36 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 09:36 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 09:36 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 09:36 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 09:36 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 09:36 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 09:36 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 09:35 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 09:23 - 2013-10-10 09:23 - 25003354 _____ C:\Users\Public\GList.20131010
2013-10-09 20:34 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 20:34 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 20:34 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 20:34 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 20:34 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 20:34 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 20:34 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 20:34 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 20:34 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 20:34 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 20:34 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 20:34 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 20:34 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 20:34 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 20:34 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 20:33 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 20:33 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 20:33 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 20:33 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 20:33 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 20:33 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 20:33 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 20:33 - 2011-05-05 15:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:22 - 2013-10-09 17:22 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-09 03:45 - 2013-10-09 03:45 - 00005967 _____ C:\Users\s\1UND1.2
2013-10-09 02:22 - 2013-10-09 02:22 - 34264915 _____ C:\Users\Public\Clist-d.20131009
2013-10-09 02:21 - 2013-10-09 02:21 - 34264915 _____ C:\Users\Public\Clist.20131009
2013-10-08 17:38 - 2013-10-08 17:38 - 00000379 _____ C:\Users\s\MSE
2013-10-06 17:18 - 2013-10-06 17:18 - 00000000 ____D C:\Users\s\Documents\Freemake
2013-10-06 16:54 - 2013-10-06 17:19 - 46427540 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [480p].flv
2013-10-06 16:52 - 2013-10-06 17:16 - 45982107 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [360p].flv
2013-10-06 15:45 - 2013-10-08 18:07 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 15:44 - 2013-10-06 15:56 - 00000000 ____D C:\Users\a\Documents\Freemake
2013-10-06 15:44 - 2013-10-06 15:55 - 00000000 ____D C:\ProgramData\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00001073 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Program Files\Freemake
2013-10-06 14:09 - 2013-08-14 03:29 - 00000464 _____ C:\Users\s\PARAGON
2013-09-29 18:56 - 2013-09-29 18:56 - 00001662 _____ C:\Users\Public\Desktop\GoforFiles.lnk
2013-09-29 18:13 - 2013-09-29 18:13 - 00000000 ____D C:\usres
2013-09-29 18:11 - 2013-09-29 19:29 - 00000000 ____D C:\Users\s\Downloads\The+Beatles+-+Munich+Concert+1966-by+buenrock-part1
2013-09-28 07:23 - 2013-09-28 07:23 - 00003261 _____ C:\Users\s\Downloads\linkhandler.php
2013-09-27 04:47 - 2013-09-27 04:47 - 00000913 _____ C:\Users\Public\hex8.1
2013-09-27 04:22 - 2013-10-06 18:14 - 00000000 ____D C:\Users\s\AppData\Roaming\vlc
2013-09-27 04:20 - 2013-09-27 04:20 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-26 22:44 - 2013-09-26 22:44 - 01660733 _____ C:\Users\s\Downloads\Beispiele-AutoIt-Hilfe-Deutsch-3.3.8.1-Stand-28_12_12.zip

==================== One Month Modified Files and Folders =======

2013-10-26 16:41 - 2013-10-26 16:41 - 01089001 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-10-26 16:26 - 2010-06-21 15:34 - 01710862 _____ C:\Windows\WindowsUpdate.log
2013-10-26 16:21 - 2013-10-26 16:21 - 34304154 _____ C:\Users\Public\Clist-d.20131026
2013-10-26 16:21 - 2006-11-02 13:18 - 00000000 ____D C:\Users\Public
2013-10-26 16:20 - 2013-10-26 16:20 - 34304154 _____ C:\Users\Public\Clist.20131026
2013-10-26 16:19 - 2006-11-02 12:33 - 01503362 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-26 16:15 - 2010-07-04 21:05 - 00000000 ____D C:\Users\s\AppData\Roaming\Mozilla
2013-10-26 16:14 - 2010-07-13 16:29 - 17672816 _____ C:\Users\s\DesktopStCenter.txt
2013-10-26 16:13 - 2006-11-02 14:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 16:13 - 2006-11-02 14:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 16:12 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 16:11 - 2006-11-02 14:58 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-26 16:10 - 2010-07-13 16:32 - 00000000 ____D C:\Users\s\AppData\Roaming\FRITZ!
2013-10-26 16:09 - 2013-10-26 16:09 - 00000000 ____D C:\Windows\ERUNT
2013-10-26 16:08 - 2013-10-25 02:04 - 00002473 _____ C:\Users\s\TROJANER.2
2013-10-26 16:06 - 2013-10-26 16:05 - 01033335 _____ (Thisisu) C:\Users\s\Downloads\JRT.exe
2013-10-26 15:58 - 2009-03-03 19:58 - 00000000 ____D C:\Users\s
2013-10-26 15:53 - 2013-10-26 15:58 - 00013164 _____ C:\Users\s\AdwCleaner[S0].txt
2013-10-26 15:53 - 2013-10-26 15:50 - 00000000 ____D C:\AdwCleaner
2013-10-26 15:51 - 2013-10-26 15:58 - 00013006 _____ C:\Users\s\AdwCleaner[R0].txt
2013-10-26 15:46 - 2013-10-26 15:46 - 01060070 _____ C:\Users\s\Downloads\adwcleaner.exe
2013-10-26 15:40 - 2013-04-26 11:13 - 00031430 _____ C:\Windows\PFRO.log
2013-10-26 15:37 - 2010-06-10 00:19 - 00000000 ____D C:\Windows\pss
2013-10-26 15:36 - 2013-01-07 19:17 - 00000000 ____D C:\Users\s\AppData\Roaming\Iminent
2013-10-26 15:35 - 2010-06-02 17:38 - 00000000 ____D C:\Users\s\progs
2013-10-26 15:26 - 2010-07-02 03:18 - 00000000 ____D C:\Users\s\AppData\Roaming\Foxit Software
2013-10-26 15:03 - 2013-10-26 15:03 - 00000866 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-26 15:03 - 2013-10-26 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 15:03 - 2013-10-26 14:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 14:55 - 2013-10-26 14:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-26 03:00 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-25 13:30 - 2013-10-25 13:30 - 00020978 _____ C:\ComboFix.txt
2013-10-25 13:30 - 2013-10-25 13:07 - 00000000 ____D C:\Qoobox
2013-10-25 13:30 - 2013-10-25 13:07 - 00000000 ____D C:\ComboFix
2013-10-25 13:30 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-25 13:29 - 2013-10-25 13:07 - 00000000 ____D C:\Windows\erdnt
2013-10-25 13:26 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-25 13:21 - 2006-11-02 12:22 - 48758784 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-25 13:21 - 2006-11-02 12:22 - 36175872 _____ C:\Windows\system32\config\COMPON~1.bak
2013-10-25 13:21 - 2006-11-02 12:22 - 26476544 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-25 13:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-25 13:21 - 2006-11-02 12:22 - 00094208 _____ C:\Windows\system32\config\SAM.bak
2013-10-25 13:21 - 2006-11-02 12:22 - 00040960 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-25 12:52 - 2013-10-25 12:52 - 05136677 ____R (Swearware) C:\Users\s\Downloads\ComboFix.exe
2013-10-25 11:10 - 2013-10-25 11:10 - 00033718 _____ C:\Users\s\Downloads\FRST1.txt
2013-10-25 11:10 - 2013-10-25 11:10 - 00030034 _____ C:\Users\s\Downloads\Addition.txt
2013-10-25 11:08 - 2010-07-11 09:34 - 00000000 ____D C:\Users\Gast
2013-10-25 11:06 - 2013-10-25 11:06 - 00000000 ____D C:\FRST
2013-10-23 00:39 - 2013-10-23 00:39 - 00000130 _____ C:\Users\s\FFERR
2013-10-20 00:42 - 2011-03-11 20:00 - 00000000 ____D C:\Users\a\AppData\Roaming\Foxit Software
2013-10-17 13:03 - 2013-08-12 15:27 - 00030596 _____ C:\Users\s\Downloads\wg.log
2013-10-16 19:47 - 2013-01-31 04:24 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-16 19:47 - 2013-01-31 02:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 19:22 - 2012-04-06 16:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 18:19 - 2013-10-15 18:15 - 10425940 _____ C:\Users\Public\Slist-d.20131015
2013-10-15 18:13 - 2013-10-15 18:13 - 10425940 _____ C:\Users\Public\Slist.20131015
2013-10-15 18:12 - 2013-10-15 18:09 - 15836414 _____ C:\Users\Public\Clist.20131015
2013-10-14 18:28 - 2009-03-03 23:05 - 00000000 ____D C:\Users\s\BAT
2013-10-14 13:15 - 2010-09-01 20:59 - 00000000 ____D C:\Users\s\WIN
2013-10-14 11:39 - 2012-04-06 16:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-14 11:39 - 2011-05-14 12:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 13:23 - 2013-10-11 03:32 - 00000111 _____ C:\Users\s\Downloads\BEATLES
2013-10-11 03:28 - 2013-10-11 03:27 - 17411807 _____ C:\Users\s\Downloads\Shoujie Yang - Dr. Herbert Neubauer Stockholm WM 2012 - YouTube [360p].mp4
2013-10-10 15:39 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 15:25 - 2012-10-30 23:07 - 00464744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:52 - 2013-08-14 03:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 09:52 - 2013-02-01 20:34 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-10-10 09:40 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-10 09:23 - 2013-10-10 09:23 - 25003354 _____ C:\Users\Public\GList.20131010
2013-10-10 02:06 - 2012-02-12 22:33 - 00000000 ____D C:\Users\Public\dradiorecorder
2013-10-09 17:22 - 2013-10-09 17:22 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-09 03:45 - 2013-10-09 03:45 - 00005967 _____ C:\Users\s\1UND1.2
2013-10-09 02:22 - 2013-10-09 02:22 - 34264915 _____ C:\Users\Public\Clist-d.20131009
2013-10-09 02:21 - 2013-10-09 02:21 - 34264915 _____ C:\Users\Public\Clist.20131009
2013-10-08 18:58 - 2011-09-16 19:42 - 00000000 ____D C:\Users\a\AppData\Roaming\Nitro PDF
2013-10-08 18:38 - 2011-10-25 02:07 - 00000000 ____D C:\Users\a\AppData\Roaming\HpUpdate
2013-10-08 18:38 - 2011-05-31 03:36 - 00000000 ____D C:\Users\a\AppData\Roaming\enchant
2013-10-08 18:38 - 2010-07-01 17:39 - 00000000 ____D C:\Users\s\AppData\Roaming\HpUpdate
2013-10-08 18:38 - 2009-04-26 20:46 - 00000000 ____D C:\Users\s\AppData\Roaming\Roxio
2013-10-08 18:37 - 2013-07-03 18:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-08 18:37 - 2012-10-10 16:08 - 00000000 ____D C:\Program Files\Kernel Outlook PST Viewer
2013-10-08 18:37 - 2012-02-06 00:40 - 00000000 ____D C:\Program Files\Copernic Desktop Search - Home
2013-10-08 18:37 - 2011-10-22 21:53 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 18:37 - 2010-07-05 13:14 - 00000000 ____D C:\Program Files\SlickEdit
2013-10-08 18:37 - 2010-07-02 02:47 - 00000000 ____D C:\Program Files\ABBYY FineReader 5.0 Pro
2013-10-08 18:37 - 2010-06-27 15:45 - 00000000 ____D C:\ProgramData\launcher
2013-10-08 18:37 - 2010-06-27 15:45 - 00000000 ____D C:\ProgramData\explauncher
2013-10-08 18:07 - 2013-10-06 15:45 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-08 18:07 - 2012-10-30 22:14 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-10-08 17:38 - 2013-10-08 17:38 - 00000379 _____ C:\Users\s\MSE
2013-10-07 19:34 - 2012-10-30 22:14 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-06 20:09 - 2010-06-10 22:54 - 00002246 _____ C:\Users\s\XCOPYall.BAT
2013-10-06 18:14 - 2013-09-27 04:22 - 00000000 ____D C:\Users\s\AppData\Roaming\vlc
2013-10-06 17:19 - 2013-10-06 16:54 - 46427540 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [480p].flv
2013-10-06 17:18 - 2013-10-06 17:18 - 00000000 ____D C:\Users\s\Documents\Freemake
2013-10-06 17:16 - 2013-10-06 16:52 - 45982107 _____ C:\Users\s\Downloads\The Beatles - The Beatles And Support Acts Live At The Circus Krone Bau München (06-27-66) - YouTube [360p].flv
2013-10-06 15:56 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\Documents\Freemake
2013-10-06 15:55 - 2013-10-06 15:44 - 00000000 ____D C:\ProgramData\Freemake
2013-10-06 15:54 - 2012-10-30 22:20 - 00000000 ____D C:\Users\s\AppData\Roaming\TuneUp Software
2013-10-06 15:50 - 2007-06-30 07:40 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-06 15:46 - 2012-10-30 22:14 - 00000000 ____D C:\Users\a\AppData\Roaming\TuneUp Software
2013-10-06 15:44 - 2013-10-06 15:44 - 00001073 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-06 15:44 - 2013-10-06 15:44 - 00000000 ____D C:\Program Files\Freemake
2013-09-29 19:29 - 2013-09-29 18:11 - 00000000 ____D C:\Users\s\Downloads\The+Beatles+-+Munich+Concert+1966-by+buenrock-part1
2013-09-29 18:56 - 2013-09-29 18:56 - 00001662 _____ C:\Users\Public\Desktop\GoforFiles.lnk
2013-09-29 18:13 - 2013-09-29 18:13 - 00000000 ____D C:\usres
2013-09-28 07:23 - 2013-09-28 07:23 - 00003261 _____ C:\Users\s\Downloads\linkhandler.php
2013-09-27 04:47 - 2013-09-27 04:47 - 00000913 _____ C:\Users\Public\hex8.1
2013-09-27 04:20 - 2013-09-27 04:20 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-26 22:44 - 2013-09-26 22:44 - 01660733 _____ C:\Users\s\Downloads\Beispiele-AutoIt-Hilfe-Deutsch-3.3.8.1-Stand-28_12_12.zip

Files to move or delete:
====================
C:\Users\s\AppData\Roaming\CamData.ini
C:\Users\s\AppData\Roaming\CamLayout.ini
C:\Users\s\AppData\Roaming\CamShapes.ini
C:\Users\Gast\PINGUINS.BAT
C:\Users\Public\EXETimer.exe
C:\Users\Public\HDDSCAN5.bat
C:\Users\Public\HDDSCANX.bat
C:\Users\Public\isound7.exe
C:\Users\Public\LO.BAT
C:\Users\Public\phonostar.exe
C:\Users\Public\PINGUINS.BAT
C:\Users\s\#.bat
C:\Users\s\#0.bat
C:\Users\s\DIRALL.BAT
C:\Users\s\DIRsTemp.BAT
C:\Users\s\DOS0.BAT
C:\Users\s\E-OOHist.BAT
C:\Users\s\env.bat
C:\Users\s\IV6.BAT
C:\Users\s\IV7.BAT
C:\Users\s\mm.bat
C:\Users\s\msahci.reg
C:\Users\s\pro.bat
C:\Users\s\Start.exe
C:\Users\s\sub-.bat
C:\Users\s\sub.bat
C:\Users\s\sub0.bat
C:\Users\s\T.BAT
C:\Users\s\TST.BAT
C:\Users\s\XCOPYall.BAT


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 16:19

==================== End Of Log ============================
--- --- ---

schrauber 27.10.2013 07:12

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

siggi30 24.12.2013 20:18
Hab Dich nicht vergessen.
Inzwischen mehrere blue-screens, entstanden während ich einige Stunden nicht am Pc war. Normal-Start war immer möglich.
Der ESET-log:
<code>
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64f7ceb0c3c9c9428424e1edc969af34
# engine=16379
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-24 01:02:18
# local_time=2013-12-24 02:02:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 54141547 225379710 0 0
# scanned=466995
# found=8
# cleaned=0
# scan_time=18543
sh=6DC63D1841C9B40746CCE00F98DCBFD9EF58AA1F ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.UH application" ac=I fn="G:\2003\d\handy\ALCATEL\Alcatel-OT-305_App_Installation_rus-1334408224.zip"
sh=426ADE4BEFDD992888086CC1609AE0D4F056B554 ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.UH application" ac=I fn="G:\2003\d\handy\ALCATEL\Alcatel-OT-305_pc_connection_rus-1334408186.zip"
sh=3DAF9A509FC25E250ED874B4ED83431D8EBE83AE ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.UH application" ac=I fn="G:\2003\d\handy\ALCATEL\Alcatel-OT-305_TechService_rus-1334408242.zip"
sh=F01BB9954D62CA42449C3151E8CB8C1C650D2DDC ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.XP application" ac=I fn="G:\2003\d\handy\ALCATEL\Alcatel_connect_tool-1334408325.zip"
sh=CA2B2A9980864DF67C26CA77EDEFFE3A8090FBFE ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.XP application" ac=I fn="G:\2003\d\handy\ALCATEL\Alcatel_service_tool-1334408372.zip"
sh=F30F29122CC6AC9F6079065C47554B02FD67C80F ft=0 fh=0000000000000000 vn="a variant of J2ME/TrojanSMS.Agent.CV trojan" ac=I fn="G:\2003\d\handy\ALCATEL\Mobile_Internet_Browser_3_7.jar"
sh=F3FE02B3A3B610D40B9A3CD77C3EE6620B74E826 ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.UH application" ac=I fn="G:\2003\d\handy\ALCATEL\user_manual_Alcatel-OT-305-1334408068.zip"
sh=DCBAD03EC0C49017BDE5E992D2C7C1950B4FF508 ft=1 fh=0b2c3579c51afbd3 vn="Win32/KeyLogger.Refog.615 application" ac=I fn="H:\Programme\MPK\lnkmst.exe"
<\code>
Der Security-log:
<code>
Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Flash Player 11.9.900.152
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
<\code>
Der FRST-log:
<code>
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013 01
Ran by s (ATTENTION: The logged in user is not administrator) on S-PC on 24-12-2013 19:32:53
Running from C:\Users\s\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Join Air\UIExec.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\dradio-Recorder\phonostarTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
() G:\C\PROGS\AutoHotkey104805\AutoHotkey.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(PortableApps.com) C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Microsoft Corporation) C:\WINDOWS\System32\ntvdm.exe
(Michael Thummerer Software Design) C:\Users\s\PortableApps\AllDupPortable\AllDupPortable.exe
(PortableApps.com) C:\Users\s\PortableApps\FoxitReaderPortable\FoxitReaderPortable.exe
() C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\Foxit Reader.exe
(Microsoft Corporation) C:\WINDOWS\System32\ntvdm.exe
() G:\C\PROGS\Tor Browser\App\vidalia.exe
() G:\C\PROGS\Tor Browser\App\tor.exe
() G:\C\PROGS\Tor Browser\App\polipo.exe
(PortableApps.com) G:\C\PROGS\Tor Browser\PidginPortable\PidginPortable.exe
(The Pidgin developer community) G:\C\PROGS\Tor Browser\PidginPortable\App\Pidgin\pidgin-portable.exe
() G:\C\PROGS\VS\win\VS.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [138072 2010-04-27] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [] - [x]
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -update activex [814984 2013-07-09] (Adobe Systems Incorporated)
MountPoints2: {55184990-8148-11df-9c97-001a4b90d8f5} - K:\AutoRun.exe
MountPoints2: {7ba3adb6-e0f1-11df-9363-001a4b90d8f5} - I:\Install.exe
MountPoints2: {dca307c0-130d-11e1-aa15-806e6f6e6963} - I:\Setup.exe
MountPoints2: {e9a62206-91af-11df-93cf-001a4b90d8f5} - I:\AutoRun.exe
MountPoints2: {e9a62213-91af-11df-93cf-001a4b90d8f5} - I:\AutoRun.exe
MountPoints2: {f3de5539-838b-11df-81e2-001a4b90d8f5} - L:\AutoRun.exe
MountPoints2: {f3de553a-838b-11df-81e2-001a4b90d8f5} - L:\AutoRun.exe
Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iv6 - Verknüpfung.lnk
ShortcutTarget: iv6 - Verknüpfung.lnk -> C:\Users\Gast\AutoHotkey104805\iv6.bat ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps - Verknüpfung.lnk
ShortcutTarget: PortableApps - Verknüpfung.lnk -> C:\Users\s\PortableApps ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey1.lnk
ShortcutTarget: AutoHotkey1.lnk -> G:\C\PROGS\AutoHotkey104805\AutoHotkey.exe ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blau.lnk
ShortcutTarget: Blau.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Command Prompt.lnk
ShortcutTarget: Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gelb.lnk
ShortcutTarget: Gelb.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Grün.lnk
ShortcutTarget: Grün.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableAppsPlatform.exe - Verknüpfung.lnk
ShortcutTarget: PortableAppsPlatform.exe - Verknüpfung.lnk -> C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rot.lnk
ShortcutTarget: Rot.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1d0a2fd6-9b78-4bc0-89ee-526f67a0ded4&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll No File
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\3gx0giez.Aufbauprofil
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @soft-xpansion/npsxpdf - C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

========================== Services (Whitelisted) =================

S3 AfaService; C:\Windows\system32\afasrv32.exe [65536 2011-09-25] ()
S4 bepldr6PixelPlanetService; C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe [172032 2009-11-25] ()
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [582144 2013-08-31] (Hauppauge Computer Works)
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196912 2011-06-21] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R3 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

S4 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [8864 2010-07-02] ()
R3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573952 2013-04-22] (Hauppauge Computer Works, Inc.)
R3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [16000 2013-04-22] (Hauppauge Computer Works, Inc.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2008-01-19] (Microsoft Corporation)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [12288 2009-04-30] (gavotte)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-18] (SCM Microsystems Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-14] (Duplex Secure Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-10-24] (NCH Software)
S3 UCharger; C:\Windows\System32\Drivers\UCharger.sys [13765 2007-05-15] ()
S3 WinRing0_1_2_0; C:\Program Files\BatteryCare\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
U3 aij7mgvk; C:\Windows\System32\Drivers\aij7mgvk.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-24 19:32 - 2013-12-24 19:32 - 00013344 _____ C:\Users\s\Downloads\FRST.txt
2013-12-24 19:31 - 2013-12-24 19:31 - 01061545 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-12-24 18:14 - 2013-12-24 18:14 - 00000000 ___DL C:\Users\s\D
2013-12-24 17:12 - 2013-12-24 17:12 - 00000895 _____ C:\Users\s\checkup.txt
2013-12-23 15:10 - 2013-12-23 15:20 - 00002297 _____ C:\Users\Public\x4.txt
2013-12-22 15:23 - 2013-12-22 15:32 - 28734267 _____ C:\Users\Public\cList-d.20131222
2013-12-22 15:21 - 2013-12-22 15:21 - 28734267 _____ C:\Users\Public\cList.20131222
2013-12-22 00:23 - 2013-12-22 00:23 - 00001521 _____ C:\Users\s\setpath0.1
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Users\a\AppData\Roaming\IObit
2013-12-20 19:40 - 2013-09-11 14:33 - 00000807 _____ C:\Users\s\Documents\FRITZ!Box3.htm
2013-12-20 19:40 - 2013-09-11 13:25 - 03072054 _____ C:\Users\s\Documents\Clipboard03.bmp
2013-12-20 19:40 - 2013-09-11 13:23 - 03072054 _____ C:\Users\s\Documents\Clipboard02.bmp
2013-12-20 19:40 - 2013-09-11 13:23 - 03072054 _____ C:\Users\s\Documents\Clipboard01.bmp
2013-12-20 19:40 - 2013-09-11 13:16 - 00000807 _____ C:\Users\s\Documents\FRITZ!Box2.htm
2013-12-20 19:40 - 2013-09-10 14:14 - 00000806 _____ C:\Users\s\Documents\FRITZ!Box.htm
2013-12-17 23:04 - 2013-12-17 23:05 - 02559796 _____ C:\Users\s\Documents\bookmarks.html
2013-12-17 22:59 - 2013-12-17 22:59 - 00001886 _____ C:\Users\s\TROJANER.2A
2013-12-16 19:49 - 2013-12-17 18:59 - 00000000 ____D C:\Users\a\.denemo-1.1.0
2013-12-16 19:49 - 2013-12-16 19:51 - 00000000 ____D C:\Users\a\.lilypond-fonts.cache-2
2013-12-16 19:21 - 2013-12-16 19:21 - 00001766 _____ C:\Users\Public\Desktop\Denemo.lnk
2013-12-16 19:20 - 2013-12-16 19:21 - 00000000 ____D C:\Program Files\Denemo
2013-12-16 11:25 - 2013-12-16 11:25 - 00000023 _____ C:\Users\s\PRO2.BAT
2013-12-15 23:29 - 2013-12-15 23:50 - 00003263 _____ C:\Users\Public\x3.txt
2013-12-12 00:25 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:25 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:25 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:25 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 00:25 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:25 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:25 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 00:25 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:25 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 00:25 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:25 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 00:25 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:25 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\SkypePM
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\Skype
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 16:12 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 16:12 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 16:11 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 16:11 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 16:11 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 16:11 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 16:11 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 16:11 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 16:11 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-09 14:15 - 2013-12-09 14:15 - 00004652 _____ C:\Users\s\FFADDONS
2013-12-07 17:24 - 2013-12-07 17:24 - 00000840 _____ C:\Users\Public\Desktop\WinTV 7.lnk
2013-12-07 17:24 - 2013-12-07 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-07 16:58 - 2013-12-07 17:50 - 00000000 ____D C:\ProgramData\Hauppauge
2013-12-07 16:23 - 2013-12-07 17:03 - 00000000 ____D C:\Program Files\WinTV
2013-12-07 16:19 - 2013-04-22 08:37 - 00573952 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw95bda.sys
2013-12-07 16:19 - 2013-04-22 08:37 - 00016000 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw95rc.sys
2013-12-07 16:18 - 2013-12-08 04:03 - 00000000 ____D C:\Users\Public\WinTV
2013-12-07 14:42 - 2013-12-07 14:55 - 00001104 _____ C:\Users\Public\x2.txt
2013-12-07 14:39 - 2013-12-07 14:41 - 00001337 _____ C:\Users\Public\75.txt
2013-12-05 22:00 - 2013-12-05 22:00 - 00012270 _____ C:\Users\Gast\Downloads\Wild Rover(1).odt
2013-12-05 15:41 - 2013-12-05 15:41 - 00012270 _____ C:\Users\Gast\Downloads\Wild Rover.odt
2013-12-05 14:37 - 2013-12-05 14:37 - 00014331 _____ C:\Users\Gast\Downloads\Telefonliste.odt
2013-12-05 09:36 - 2013-12-05 09:36 - 00000000 ____D C:\Windows\system32\A
2013-12-03 15:59 - 2013-12-03 16:28 - 00010253 _____ C:\Users\Public\x1.txt
2013-11-29 15:31 - 2013-12-17 18:54 - 00000000 ____D C:\Users\s\AbiSuite
2013-11-28 09:20 - 2013-11-29 15:32 - 00005061 _____ C:\Users\Public\ip.txt
2013-11-28 03:45 - 2013-11-28 03:49 - 00000166 _____ C:\Users\Public\x.txt

==================== One Month Modified Files and Folders =======

2013-12-24 19:33 - 2013-12-24 19:32 - 00013344 _____ C:\Users\s\Downloads\FRST.txt
2013-12-24 19:31 - 2013-12-24 19:31 - 01061545 _____ (Farbar) C:\Users\s\Downloads\FRST.exe
2013-12-24 19:16 - 2006-11-02 13:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 19:16 - 2006-11-02 13:45 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-24 18:44 - 2010-07-10 13:18 - 00000000 ____D C:\Users\a
2013-12-24 18:43 - 2010-06-21 14:34 - 01374344 _____ C:\Windows\WindowsUpdate.log
2013-12-24 18:18 - 2009-03-03 18:58 - 00000000 ____D C:\Users\s
2013-12-24 18:14 - 2013-12-24 18:14 - 00000000 ___DL C:\Users\s\D
2013-12-24 17:12 - 2013-12-24 17:12 - 00000895 _____ C:\Users\s\checkup.txt
2013-12-24 05:04 - 2006-11-02 12:18 - 00000000 ____D C:\Users\Public
2013-12-23 22:24 - 2010-07-02 02:18 - 00000000 ____D C:\Users\s\AppData\Roaming\Foxit Software
2013-12-23 20:36 - 2010-07-13 15:32 - 00000000 ____D C:\Users\s\AppData\Roaming\FRITZ!
2013-12-23 20:26 - 2006-11-02 11:33 - 01503362 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 20:21 - 2010-07-13 15:29 - 17698668 _____ C:\Users\s\DesktopStCenter.txt
2013-12-23 20:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-23 20:19 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 16:04 - 2006-11-02 13:58 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-23 15:20 - 2013-12-23 15:10 - 00002297 _____ C:\Users\Public\x4.txt
2013-12-23 13:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-12-22 15:32 - 2013-12-22 15:23 - 28734267 _____ C:\Users\Public\cList-d.20131222
2013-12-22 15:21 - 2013-12-22 15:21 - 28734267 _____ C:\Users\Public\cList.20131222
2013-12-22 15:09 - 2010-06-29 15:39 - 00000000 ____D C:\Windows\Minidump
2013-12-22 05:45 - 2013-11-16 08:59 - 00000000 ____D C:\Users\s\Downloads\rw
2013-12-22 00:23 - 2013-12-22 00:23 - 00001521 _____ C:\Users\s\setpath0.1
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Users\a\AppData\Roaming\IObit
2013-12-20 01:03 - 2009-03-03 22:05 - 00000000 ____D C:\Users\s\BAT
2013-12-18 02:09 - 2011-03-11 19:00 - 00000000 ____D C:\Users\a\AppData\Roaming\Foxit Software
2013-12-17 23:05 - 2013-12-17 23:04 - 02559796 _____ C:\Users\s\Documents\bookmarks.html
2013-12-17 23:00 - 2010-07-04 20:05 - 00000000 ____D C:\Users\s\AppData\Roaming\Mozilla
2013-12-17 22:59 - 2013-12-17 22:59 - 00001886 _____ C:\Users\s\TROJANER.2A
2013-12-17 19:05 - 2012-10-30 22:07 - 00467712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 18:59 - 2013-12-16 19:49 - 00000000 ____D C:\Users\a\.denemo-1.1.0
2013-12-17 18:54 - 2013-11-29 15:31 - 00000000 ____D C:\Users\s\AbiSuite
2013-12-16 19:51 - 2013-12-16 19:49 - 00000000 ____D C:\Users\a\.lilypond-fonts.cache-2
2013-12-16 19:21 - 2013-12-16 19:21 - 00001766 _____ C:\Users\Public\Desktop\Denemo.lnk
2013-12-16 19:21 - 2013-12-16 19:20 - 00000000 ____D C:\Program Files\Denemo
2013-12-16 18:16 - 2010-06-24 01:01 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2013-12-16 11:25 - 2013-12-16 11:25 - 00000023 _____ C:\Users\s\PRO2.BAT
2013-12-15 23:50 - 2013-12-15 23:29 - 00003263 _____ C:\Users\Public\x3.txt
2013-12-12 00:53 - 2013-08-14 02:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:48 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 23:36 - 2013-11-03 15:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 23:36 - 2010-07-04 20:05 - 00000806 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-11 23:35 - 2013-07-03 17:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\SkypePM
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\Skype
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 20:37 - 2013-05-26 18:07 - 00000204 _____ C:\Windows\setupact.log
2013-12-09 14:15 - 2013-12-09 14:15 - 00004652 _____ C:\Users\s\FFADDONS
2013-12-08 04:03 - 2013-12-07 16:18 - 00000000 ____D C:\Users\Public\WinTV
2013-12-07 17:50 - 2013-12-07 16:58 - 00000000 ____D C:\ProgramData\Hauppauge
2013-12-07 17:24 - 2013-12-07 17:24 - 00000840 _____ C:\Users\Public\Desktop\WinTV 7.lnk
2013-12-07 17:24 - 2013-12-07 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-07 17:24 - 2013-04-24 13:18 - 00000401 _____ C:\Windows\ODBCINST.INI
2013-12-07 17:24 - 2013-04-24 13:18 - 00000135 _____ C:\Windows\ODBC.INI
2013-12-07 17:03 - 2013-12-07 16:23 - 00000000 ____D C:\Program Files\WinTV
2013-12-07 17:03 - 2013-09-09 12:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-07 17:03 - 2013-04-24 13:18 - 00037621 _____ C:\Windows\Irremote.ini
2013-12-07 17:02 - 2013-04-24 13:07 - 00010072 _____ C:\Windows\HCWPNP.INI
2013-12-07 17:02 - 2013-04-23 23:26 - 00162593 _____ C:\hcwDriverInstall.txt
2013-12-07 16:18 - 2013-04-23 23:23 - 00000000 ____D C:\Hauppauge
2013-12-07 15:29 - 2011-12-06 15:34 - 00000000 ____D C:\Users\s\AppData\Roaming\AbiSuite
2013-12-07 14:55 - 2013-12-07 14:42 - 00001104 _____ C:\Users\Public\x2.txt
2013-12-07 14:41 - 2013-12-07 14:39 - 00001337 _____ C:\Users\Public\75.txt
2013-12-07 13:39 - 2013-05-22 12:58 - 00000000 ____D C:\Users\Gast\AbiSuite
2013-12-05 22:00 - 2013-12-05 22:00 - 00012270 _____ C:\Users\Gast\Downloads\Wild Rover(1).odt
2013-12-05 15:41 - 2013-12-05 15:41 - 00012270 _____ C:\Users\Gast\Downloads\Wild Rover.odt
2013-12-05 14:37 - 2013-12-05 14:37 - 00014331 _____ C:\Users\Gast\Downloads\Telefonliste.odt
2013-12-05 09:36 - 2013-12-05 09:36 - 00000000 ____D C:\Windows\system32\A
2013-12-03 16:28 - 2013-12-03 15:59 - 00010253 _____ C:\Users\Public\x1.txt
2013-12-01 13:25 - 2012-04-06 15:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 15:32 - 2013-11-28 09:20 - 00005061 _____ C:\Users\Public\ip.txt
2013-11-28 09:03 - 2012-04-06 15:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-28 09:03 - 2011-05-14 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-28 03:49 - 2013-11-28 03:45 - 00000166 _____ C:\Users\Public\x.txt
2013-11-26 11:55 - 2012-10-29 21:55 - 00000000 ____D C:\Users\Public\DCIM

Files to move or delete:
====================
C:\Users\s\AppData\Roaming\CamData.ini
C:\Users\s\AppData\Roaming\CamLayout.ini
C:\Users\s\AppData\Roaming\CamShapes.ini
C:\Users\Gast\PINGUINS.BAT
C:\Users\Public\EXETimer.exe
C:\Users\Public\HDDSCAN5.bat
C:\Users\Public\HDDSCANX.bat
C:\Users\Public\isound7.exe
C:\Users\Public\LO.BAT
C:\Users\Public\phonostar.exe
C:\Users\Public\PINGUINS.BAT
C:\Users\s\#.bat
C:\Users\s\#0.bat
C:\Users\s\DIRALL.BAT
C:\Users\s\DIRsTemp.BAT
C:\Users\s\DOS0.BAT
C:\Users\s\E-OOHist.BAT
C:\Users\s\env.bat
C:\Users\s\IV6.BAT
C:\Users\s\IV7.BAT
C:\Users\s\mm.bat
C:\Users\s\msahci.reg
C:\Users\s\pro.bat
C:\Users\s\PRO2.BAT
C:\Users\s\Start.exe
C:\Users\s\sub-.bat
C:\Users\s\sub.bat
C:\Users\s\sub0.bat
C:\Users\s\T.BAT
C:\Users\s\TST.BAT
C:\Users\s\XCOPYall.BAT


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---
<\code>
Wünsch Dir ein erfolgreiches Studium!
Vielleicht kommst Du irgendwann nächstes Jahr dazu, mir zu antworten.
Jedenfalls Dank für Deine uneigennützige Hilfe.
"Noch Probleme?" bis jetzt keine!
Siggi

schrauber 25.12.2013 15:02
FRST bitte mit Adminrechten scannen lassen. Schau mal bitte unter C:\Windows\Minidump ob ein aktuelles Dumpfile angelegt wurde.

siggi30 25.12.2013 16:05
Ja, minidumps gibts (nach den diversen bluescreens erstellt?).
09.12.2013 11:55 146.343 MINI12~1.DMP Mini120913-01.dmp
11.12.2013 00:40 147.079 MINI12~2.DMP Mini121113-01.dmp
11.12.2013 15:58 146.119 MINI12~3.DMP Mini121113-02.dmp
22.12.2013 15:09 146.375 MINI12~4.DMP Mini122213-01.dmp
Hier frst log mit admin-Rechten:
<code>
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by a (administrator) on S-PC on 25-12-2013 15:57:40
Running from C:\Users\s\D
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German

Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenUSB.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureDLNA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Join Air\UIExec.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\dradio-Recorder\phonostarTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
() G:\C\PROGS\AutoHotkey104805\AutoHotkey.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(PortableApps.com) C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick

Launch Buttons\VolCtrl.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(PortableApps.com) C:\Users\s\PortableApps\PortableApps.com\PortableAppsUpdater.exe
(PortableApps.com) C:\Users\s\PortableApps\KiTTYPortable\KiTTYPortable.exe
(Simon Tatham) C:\Users\s\PortableApps\KiTTYPortable\App\KiTTY\kitty_portable.exe
(PortableApps.com) C:\Users\s\PortableApps\FoxitReaderPortable\FoxitReaderPortable.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
() C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit Reader\Foxit Reader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch

Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440

2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [138072 2010-04-27] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe

[1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

[217088 2009-04-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [dradio-Recorder] - C:\Program Files\dradio-

Recorder\phonostarStarter.exe [113152 2012-04-03] ()
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files\dradio-

Recorder\phonostarTimer.exe [41472 2012-04-03] ()
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S0].txt [13164 2013-10-26] ()
HKCU\...\Runonce: [JRTcleanup] - Z:\Temp\jrt\JRT.bat
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32

\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe -update plugin [830344 2013-11-28]

(Adobe Systems Incorporated)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe

oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe

oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [] - [x]
HKU\Gast\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\System32

\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe [ 2013-11-28] (Adobe Systems

Incorporated)
Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\iv6 - Verknüpfung.lnk
ShortcutTarget: iv6 - Verknüpfung.lnk -> C:\Users\Gast\AutoHotkey104805\iv6.bat ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\PortableApps - Verknüpfung.lnk
ShortcutTarget: PortableApps - Verknüpfung.lnk -> C:\Users\s\PortableApps ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\AutoHotkey1.lnk
ShortcutTarget: AutoHotkey1.lnk -> G:\C\PROGS\AutoHotkey104805\AutoHotkey.exe ()
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Blau.lnk
ShortcutTarget: Blau.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Command Prompt.lnk
ShortcutTarget: Command Prompt.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft

Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM

Berlin)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Gelb.lnk
ShortcutTarget: Gelb.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Grün.lnk
ShortcutTarget: Grün.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\PortableAppsPlatform.exe - Verknüpfung.lnk
ShortcutTarget: PortableAppsPlatform.exe - Verknüpfung.lnk ->

C:\Users\s\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Rot.lnk
ShortcutTarget: Rot.lnk -> C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

iSearch - Brothersoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B9DFA372-9C13-41EE-A3E8-90AD5B8165D8} URL =

hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=10148&src=kw&q={searchTerms}

&locale=en_US&apn_ptnrs=A2&apn_dtid=&apn_uid=05BF4130-7C66-4919-8CB0-

4B89F8A31E13&apn_sauid=CC00A577-DD71-4F28-873E-DFB510D8A09C
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program

Files\Orbitdownloader\GrabPro.dll No File
Toolbar: HKCU - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program

Files\Orbitdownloader\GrabPro.dll No File
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard

-Benutzer
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32

\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -

C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit

Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -

C:\Users\s\PortableApps\FoxitReaderPortable\App\Foxit

Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google

Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll

(Oracle Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll

(Nitro PDF)
FF Plugin: @soft-xpansion/npsxpdf - C:\Program Files\Common Files\soft Xpansion\np-

sxpdf.dll (soft Xpansion)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program

Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program

Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll

(VideoLAN)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\dradio-

Recorder\npphonostarDetectNP.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-

de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla

firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: diamondata -

C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-

Benutzer\Extensions\firefox@diamondata.net.xpi
FF Extension: Test Pilot -

C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-

Benutzer\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Microsoft .NET Framework Assistant -

C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\09iind3n.Standard-

Benutzer\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program

Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake

Video Converter\BrowserPlugin\Firefox\

========================== Services (Whitelisted) =================

S3 AfaService; C:\Windows\system32\afasrv32.exe [65536 2011-09-25] ()
S4 bepldr6PixelPlanetService; C:\Program Files\Common Files\BCL

Technologies\PixelPlanet6\bepldr.exe [172032 2009-11-25] ()
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [582144

2013-08-31] (Hauppauge Computer Works)
S3 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23]

(Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23]

(Microsoft Corporation)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2

\NitroPDFReaderDriverService2.exe [196912 2011-06-21] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3

\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [247152 2010

-04-27] ()

==================== Drivers (Whitelisted) ====================

S4 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec,

Inc.)
R2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [8864 2010-07-02] ()
R3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573952 2013-04-22] (Hauppauge

Computer Works, Inc.)
R3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [16000 2013-04-22] (Hauppauge

Computer Works, Inc.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows

(R) Codename Longhorn DDK provider)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB

smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft

Corporation)
S3 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2008-01-19] (Microsoft

Corporation)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [12288 2009-04-30] (gavotte)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-18] (SCM

Microsystems Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-14] (Duplex Secure Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-10-24] (NCH

Software)
S3 UCharger; C:\Windows\System32\Drivers\UCharger.sys [13765 2007-05-15] ()
S3 WinRing0_1_2_0; C:\Program Files\BatteryCare\WinRing0.sys [14416 2008-07-26]

(OpenLibSys.org)
U3 a3fltigd; C:\Windows\System32\Drivers\a3fltigd.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-25 15:54 - 2013-12-25 15:54 - 00000000 ____D C:\Users\s\Downloads\FRST-

OlderVersion
2013-12-25 03:07 - 2013-12-25 03:07 - 00025484 _____ C:\Users\s\Downloads\Web of Debt

- REVIVE LINCOLN’S MONETARY POLICY  AN OPEN LETTER TO PRESIDENT OBAMA.htm
2013-12-24 21:25 - 2013-12-24 21:35 - 00002248 _____ C:\Users\Public\x5.txt
2013-12-24 19:57 - 2013-12-24 19:57 - 28369632 _____ C:\Users\Public\cList-d.20131224
2013-12-24 19:54 - 2013-12-24 19:54 - 28369632 _____ C:\Users\Public\cList.20131224
2013-12-24 19:32 - 2013-12-25 15:57 - 00014115 _____ C:\Users\s\Downloads\FRST.txt
2013-12-24 19:32 - 2013-12-25 15:56 - 00030123 _____ C:\Users\s\Downloads\FRST1.txt
2013-12-24 19:31 - 2013-12-25 15:54 - 01061649 _____ (Farbar)

C:\Users\s\Downloads\FRST.exe
2013-12-24 18:14 - 2013-12-24 18:14 - 00000000 ___DL C:\Users\s\D
2013-12-24 17:12 - 2013-12-24 17:12 - 00000895 _____ C:\Users\s\checkup.txt
2013-12-23 15:10 - 2013-12-23 15:20 - 00002297 _____ C:\Users\Public\x4.txt
2013-12-22 15:23 - 2013-12-22 15:32 - 28734267 _____ C:\Users\Public\cList-d.20131222
2013-12-22 15:21 - 2013-12-22 15:21 - 28734267 _____ C:\Users\Public\cList.20131222
2013-12-22 00:23 - 2013-12-22 00:23 - 00001521 _____ C:\Users\s\setpath0.1
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Users\a\AppData\Roaming\IObit
2013-12-20 19:40 - 2013-09-11 14:33 - 00000807 _____ C:\Users\s\Documents\FRITZ!

Box3.htm
2013-12-20 19:40 - 2013-09-11 13:25 - 03072054 _____

C:\Users\s\Documents\Clipboard03.bmp
2013-12-20 19:40 - 2013-09-11 13:23 - 03072054 _____

C:\Users\s\Documents\Clipboard02.bmp
2013-12-20 19:40 - 2013-09-11 13:23 - 03072054 _____

C:\Users\s\Documents\Clipboard01.bmp
2013-12-20 19:40 - 2013-09-11 13:16 - 00000807 _____ C:\Users\s\Documents\FRITZ!

Box2.htm
2013-12-20 19:40 - 2013-09-10 14:14 - 00000806 _____ C:\Users\s\Documents\FRITZ!

Box.htm
2013-12-17 23:04 - 2013-12-17 23:05 - 02559796 _____

C:\Users\s\Documents\bookmarks.html
2013-12-17 22:59 - 2013-12-25 01:00 - 00002015 _____ C:\Users\s\TROJANER.2A
2013-12-16 19:49 - 2013-12-17 18:59 - 00000000 ____D C:\Users\a\.denemo-1.1.0
2013-12-16 19:49 - 2013-12-16 19:51 - 00000000 ____D C:\Users\a\.lilypond-fonts.cache

-2
2013-12-16 19:21 - 2013-12-16 19:21 - 00001766 _____

C:\Users\Public\Desktop\Denemo.lnk
2013-12-16 19:20 - 2013-12-16 19:21 - 00000000 ____D C:\Program Files\Denemo
2013-12-16 11:25 - 2013-12-16 11:25 - 00000023 _____ C:\Users\s\PRO2.BAT
2013-12-15 23:29 - 2013-12-15 23:50 - 00003263 _____ C:\Users\Public\x3.txt
2013-12-12 00:25 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation)

C:\Windows\system32\mshtml.dll
2013-12-12 00:25 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation)

C:\Windows\system32\ieframe.dll
2013-12-12 00:25 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation)

C:\Windows\system32\jscript9.dll
2013-12-12 00:25 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation)

C:\Windows\system32\urlmon.dll
2013-12-12 00:25 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation)

C:\Windows\system32\inetcpl.cpl
2013-12-12 00:25 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation)

C:\Windows\system32\wininet.dll
2013-12-12 00:25 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation)

C:\Windows\system32\url.dll
2013-12-12 00:25 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation)

C:\Windows\system32\jsproxy.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation)

C:\Windows\system32\jscript.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation)

C:\Windows\system32\vbscript.dll
2013-12-12 00:25 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation)

C:\Windows\system32\ieUnatt.exe
2013-12-12 00:25 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation)

C:\Windows\system32\msfeeds.dll
2013-12-12 00:25 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation)

C:\Windows\system32\iertutil.dll
2013-12-12 00:25 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation)

C:\Windows\system32\mshtmled.dll
2013-12-12 00:25 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation)

C:\Windows\system32\mshtml.tlb
2013-12-12 00:25 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation)

C:\Windows\system32\ieui.dll
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D

C:\Users\s\AppData\Roaming\SkypePM
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\Skype
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 16:12 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation)

C:\Windows\system32\Drivers\portcls.sys
2013-12-11 16:12 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation)

C:\Windows\system32\win32k.sys
2013-12-11 16:11 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation)

C:\Windows\system32\Drivers\drmk.sys
2013-12-11 16:11 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation)

C:\Windows\system32\imagehlp.dll
2013-12-11 16:11 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation)

C:\Windows\system32\scrrun.dll
2013-12-11 16:11 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation)

C:\Windows\system32\wshom.ocx
2013-12-11 16:11 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation)

C:\Windows\system32\wshcon.dll
2013-12-11 16:11 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation)

C:\Windows\system32\wscript.exe
2013-12-11 16:11 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation)

C:\Windows\system32\cscript.exe
2013-12-09 14:15 - 2013-12-09 14:15 - 00004652 _____ C:\Users\s\FFADDONS
2013-12-07 17:24 - 2013-12-07 17:24 - 00000840 _____ C:\Users\Public\Desktop\WinTV

7.lnk
2013-12-07 17:24 - 2013-12-07 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-07 16:58 - 2013-12-07 17:50 - 00000000 ____D C:\ProgramData\Hauppauge
2013-12-07 16:23 - 2013-12-07 17:03 - 00000000 ____D C:\Program Files\WinTV
2013-12-07 16:19 - 2013-04-22 08:37 - 00573952 _____ (Hauppauge Computer Works, Inc.)

C:\Windows\system32\Drivers\hcw95bda.sys
2013-12-07 16:19 - 2013-04-22 08:37 - 00016000 _____ (Hauppauge Computer Works, Inc.)

C:\Windows\system32\Drivers\hcw95rc.sys
2013-12-07 16:18 - 2013-12-08 04:03 - 00000000 ____D C:\Users\Public\WinTV
2013-12-07 14:42 - 2013-12-07 14:55 - 00001104 _____ C:\Users\Public\x2.txt
2013-12-07 14:39 - 2013-12-07 14:41 - 00001337 _____ C:\Users\Public\75.txt
2013-12-05 22:00 - 2013-12-05 22:00 - 00012270 _____ C:\Users\Gast\Downloads\Wild

Rover(1).odt
2013-12-05 15:41 - 2013-12-05 15:41 - 00012270 _____ C:\Users\Gast\Downloads\Wild

Rover.odt
2013-12-05 14:37 - 2013-12-05 14:37 - 00014331 _____

C:\Users\Gast\Downloads\Telefonliste.odt
2013-12-05 09:36 - 2013-12-05 09:36 - 00000000 ____D C:\Windows\system32\A
2013-12-03 15:59 - 2013-12-03 16:28 - 00010253 _____ C:\Users\Public\x1.txt
2013-11-29 15:31 - 2013-12-17 18:54 - 00000000 ____D C:\Users\s\AbiSuite
2013-11-28 09:20 - 2013-11-29 15:32 - 00005061 _____ C:\Users\Public\ip.txt
2013-11-28 03:45 - 2013-11-28 03:49 - 00000166 _____ C:\Users\Public\x.txt

==================== One Month Modified Files and Folders =======

2013-12-25 15:57 - 2013-12-24 19:32 - 00014115 _____ C:\Users\s\Downloads\FRST.txt
2013-12-25 15:56 - 2013-12-24 19:32 - 00030123 _____ C:\Users\s\Downloads\FRST1.txt
2013-12-25 15:54 - 2013-12-25 15:54 - 00000000 ____D C:\Users\s\Downloads\FRST-

OlderVersion
2013-12-25 15:54 - 2013-12-24 19:31 - 01061649 _____ (Farbar)

C:\Users\s\Downloads\FRST.exe
2013-12-25 15:54 - 2013-10-25 10:06 - 00000000 ____D C:\FRST
2013-12-25 15:35 - 2010-06-21 14:34 - 01531497 _____ C:\Windows\WindowsUpdate.log
2013-12-25 15:18 - 2010-07-02 02:18 - 00000000 ____D C:\Users\s\AppData\Roaming\Foxit

Software
2013-12-25 14:55 - 2012-04-06 15:31 - 00692616 _____ (Adobe Systems Incorporated)

C:\Windows\system32\FlashPlayerApp.exe
2013-12-25 14:55 - 2012-04-06 15:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash

Player Updater.job
2013-12-25 14:55 - 2011-05-14 11:18 - 00071048 _____ (Adobe Systems Incorporated)

C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-25 14:55 - 2010-07-13 15:29 - 17698968 _____ C:\Users\s\DesktopStCenter.txt
2013-12-25 14:27 - 2006-11-02 11:33 - 01503362 _____ C:\Windows\system32

\PerfStringBackup.INI
2013-12-25 14:20 - 2013-04-26 10:13 - 00034474 _____ C:\Windows\PFRO.log
2013-12-25 14:20 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-25 14:20 - 2006-11-02 13:45 - 00003296 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-25 14:20 - 2006-11-02 13:45 - 00003296 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-25 03:28 - 2006-11-02 13:58 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 03:07 - 2013-12-25 03:07 - 00025484 _____ C:\Users\s\Downloads\Web of Debt

- REVIVE LINCOLN’S MONETARY POLICY  AN OPEN LETTER TO PRESIDENT OBAMA.htm
2013-12-25 01:00 - 2013-12-17 22:59 - 00002015 _____ C:\Users\s\TROJANER.2A
2013-12-25 00:40 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing
2013-12-24 21:35 - 2013-12-24 21:25 - 00002248 _____ C:\Users\Public\x5.txt
2013-12-24 21:25 - 2006-11-02 12:18 - 00000000 ____D C:\Users\Public
2013-12-24 19:57 - 2013-12-24 19:57 - 28369632 _____ C:\Users\Public\cList-d.20131224
2013-12-24 19:54 - 2013-12-24 19:54 - 28369632 _____ C:\Users\Public\cList.20131224
2013-12-24 18:44 - 2010-07-10 13:18 - 00000000 ____D C:\Users\a
2013-12-24 18:18 - 2009-03-03 18:58 - 00000000 ____D C:\Users\s
2013-12-24 18:14 - 2013-12-24 18:14 - 00000000 ___DL C:\Users\s\D
2013-12-24 17:12 - 2013-12-24 17:12 - 00000895 _____ C:\Users\s\checkup.txt
2013-12-23 20:36 - 2010-07-13 15:32 - 00000000 ____D C:\Users\s\AppData\Roaming\FRITZ!
2013-12-23 20:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-23 15:20 - 2013-12-23 15:10 - 00002297 _____ C:\Users\Public\x4.txt
2013-12-22 15:32 - 2013-12-22 15:23 - 28734267 _____ C:\Users\Public\cList-d.20131222
2013-12-22 15:21 - 2013-12-22 15:21 - 28734267 _____ C:\Users\Public\cList.20131222
2013-12-22 15:09 - 2010-09-14 15:01 - 00146375 _____ C:\Windows\Minidump\Mini122213-

01.dmp
2013-12-22 15:09 - 2010-06-29 15:39 - 00000000 ____D C:\Windows\Minidump
2013-12-22 05:45 - 2013-11-16 08:59 - 00000000 ____D C:\Users\s\Downloads\rw
2013-12-22 00:23 - 2013-12-22 00:23 - 00001521 _____ C:\Users\s\setpath0.1
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Users\a\AppData\Roaming\IObit
2013-12-20 01:03 - 2009-03-03 22:05 - 00000000 ____D C:\Users\s\BAT
2013-12-18 02:09 - 2011-03-11 19:00 - 00000000 ____D C:\Users\a\AppData\Roaming\Foxit

Software
2013-12-17 23:05 - 2013-12-17 23:04 - 02559796 _____

C:\Users\s\Documents\bookmarks.html
2013-12-17 23:00 - 2010-07-04 20:05 - 00000000 ____D

C:\Users\s\AppData\Roaming\Mozilla
2013-12-17 19:05 - 2012-10-30 22:07 - 00467712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 18:59 - 2013-12-16 19:49 - 00000000 ____D C:\Users\a\.denemo-1.1.0
2013-12-17 18:54 - 2013-11-29 15:31 - 00000000 ____D C:\Users\s\AbiSuite
2013-12-16 19:51 - 2013-12-16 19:49 - 00000000 ____D C:\Users\a\.lilypond-fonts.cache

-2
2013-12-16 19:21 - 2013-12-16 19:21 - 00001766 _____

C:\Users\Public\Desktop\Denemo.lnk
2013-12-16 19:21 - 2013-12-16 19:20 - 00000000 ____D C:\Program Files\Denemo
2013-12-16 18:16 - 2010-06-24 01:01 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2013-12-16 11:25 - 2013-12-16 11:25 - 00000023 _____ C:\Users\s\PRO2.BAT
2013-12-15 23:50 - 2013-12-15 23:29 - 00003263 _____ C:\Users\Public\x3.txt
2013-12-12 00:53 - 2013-08-14 02:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:48 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation)

C:\Windows\system32\mrt.exe
2013-12-11 23:36 - 2013-11-03 15:52 - 00000000 ____D C:\Program Files\Mozilla

Maintenance Service
2013-12-11 23:36 - 2010-07-04 20:05 - 00000806 _____ C:\Users\Public\Desktop\Mozilla

Firefox.lnk
2013-12-11 23:35 - 2013-07-03 17:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D

C:\Users\s\AppData\Roaming\SkypePM
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\Users\s\AppData\Roaming\Skype
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 20:37 - 2013-05-26 18:07 - 00000204 _____ C:\Windows\setupact.log
2013-12-11 15:58 - 2010-09-14 15:01 - 00146119 _____ C:\Windows\Minidump\Mini121113-

02.dmp
2013-12-11 00:40 - 2010-09-14 15:01 - 00147079 _____ C:\Windows\Minidump\Mini121113-

01.dmp
2013-12-09 14:15 - 2013-12-09 14:15 - 00004652 _____ C:\Users\s\FFADDONS
2013-12-09 11:55 - 2010-09-14 15:01 - 00146343 _____ C:\Windows\Minidump\Mini120913-

01.dmp
2013-12-08 04:03 - 2013-12-07 16:18 - 00000000 ____D C:\Users\Public\WinTV
2013-12-07 17:50 - 2013-12-07 16:58 - 00000000 ____D C:\ProgramData\Hauppauge
2013-12-07 17:24 - 2013-12-07 17:24 - 00000840 _____ C:\Users\Public\Desktop\WinTV

7.lnk
2013-12-07 17:24 - 2013-12-07 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-07 17:24 - 2013-04-24 13:18 - 00000401 _____ C:\Windows\ODBCINST.INI
2013-12-07 17:24 - 2013-04-24 13:18 - 00000135 _____ C:\Windows\ODBC.INI
2013-12-07 17:03 - 2013-12-07 16:23 - 00000000 ____D C:\Program Files\WinTV
2013-12-07 17:03 - 2013-09-09 12:12 - 00000000 ___HD C:\Program Files\InstallShield

Installation Information
2013-12-07 17:03 - 2013-04-24 13:18 - 00037621 _____ C:\Windows\Irremote.ini
2013-12-07 17:02 - 2013-04-24 13:07 - 00010072 _____ C:\Windows\HCWPNP.INI
2013-12-07 17:02 - 2013-04-23 23:26 - 00162593 _____ C:\hcwDriverInstall.txt
2013-12-07 16:18 - 2013-04-23 23:23 - 00000000 ____D C:\Hauppauge
2013-12-07 15:29 - 2011-12-06 15:34 - 00000000 ____D

C:\Users\s\AppData\Roaming\AbiSuite
2013-12-07 14:55 - 2013-12-07 14:42 - 00001104 _____ C:\Users\Public\x2.txt
2013-12-07 14:41 - 2013-12-07 14:39 - 00001337 _____ C:\Users\Public\75.txt
2013-12-07 13:39 - 2013-05-22 12:58 - 00000000 ____D C:\Users\Gast\AbiSuite
2013-12-05 22:00 - 2013-12-05 22:00 - 00012270 _____ C:\Users\Gast\Downloads\Wild

Rover(1).odt
2013-12-05 15:41 - 2013-12-05 15:41 - 00012270 _____ C:\Users\Gast\Downloads\Wild

Rover.odt
2013-12-05 14:37 - 2013-12-05 14:37 - 00014331 _____

C:\Users\Gast\Downloads\Telefonliste.odt
2013-12-05 09:36 - 2013-12-05 09:36 - 00000000 ____D C:\Windows\system32\A
2013-12-03 16:28 - 2013-12-03 15:59 - 00010253 _____ C:\Users\Public\x1.txt
2013-11-29 15:32 - 2013-11-28 09:20 - 00005061 _____ C:\Users\Public\ip.txt
2013-11-28 03:49 - 2013-11-28 03:45 - 00000166 _____ C:\Users\Public\x.txt
2013-11-26 11:55 - 2012-10-29 21:55 - 00000000 ____D C:\Users\Public\DCIM

Files to move or delete:
====================
C:\Users\s\AppData\Roaming\CamData.ini
C:\Users\s\AppData\Roaming\CamLayout.ini
C:\Users\s\AppData\Roaming\CamShapes.ini
C:\Users\Gast\PINGUINS.BAT
C:\Users\Public\EXETimer.exe
C:\Users\Public\HDDSCAN5.bat
C:\Users\Public\HDDSCANX.bat
C:\Users\Public\isound7.exe
C:\Users\Public\LO.BAT
C:\Users\Public\phonostar.exe
C:\Users\Public\PINGUINS.BAT
C:\Users\s\#.bat
C:\Users\s\#0.bat
C:\Users\s\DIRALL.BAT
C:\Users\s\DIRsTemp.BAT
C:\Users\s\DOS0.BAT
C:\Users\s\E-OOHist.BAT
C:\Users\s\env.bat
C:\Users\s\IV6.BAT
C:\Users\s\IV7.BAT
C:\Users\s\mm.bat
C:\Users\s\msahci.reg
C:\Users\s\pro.bat
C:\Users\s\PRO2.BAT
C:\Users\s\Start.exe
C:\Users\s\sub-.bat
C:\Users\s\sub.bat
C:\Users\s\sub0.bat
C:\Users\s\T.BAT
C:\Users\s\TST.BAT
C:\Users\s\XCOPYall.BAT


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-25 14:35

==================== End Of Log ============================
--- --- ---
<\code>

schrauber 26.12.2013 14:31
Bite das aktuellste Dumpfile zippen und anhängen.

siggi30 26.12.2013 19:09
Anbei Mini122213-01.dmp als 7z.
Gruß!
Siggi

schrauber 27.12.2013 16:47
Zitat:
Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP:
ks!KsDispatchIrp+19
82dde3c8 8b00 mov eax,dword ptr [eax]

EXCEPTION_RECORD: 8b12b55c -- (.exr 0xffffffff8b12b55c)
.exr 0xffffffff8b12b55c
ExceptionAddress: 82dde3c8 (ks!KsDispatchIrp+0x00000019)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0024648d
Attempt to read from address 0024648d

CONTEXT: 8b12b258 -- (.cxr 0xffffffff8b12b258)
.cxr 0xffffffff8b12b258
eax=0024648d ebx=86936ac8 ecx=86d4e174 edx=86d4e008 esi=86d4e008 edi=00000000
eip=82dde3c8 esp=8b12b624 ebp=8b12b624 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
ks!KsDispatchIrp+0x19:
82dde3c8 8b00 mov eax,dword ptr [eax] ds:0023:0024648d=????????
.cxr
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 0024648d

READ_ADDRESS: GetPointerFromAddress: unable to read from 8237f874
Unable to read MiSystemVaType memory at 8235f420
0024648d

FOLLOWUP_IP:
ks!KsDispatchIrp+19
82dde3c8 8b00 mov eax,dword ptr [eax]

BUGCHECK_STR: 0x7E

LOCK_ADDRESS: 8237c600 -- (!locks 8237c600)
!locks ffffffff8237c600

Resource @ nt!PiEngineLock (0x8237c600) Available

Check mal den Arbeitsspeicher.

siggi30 28.12.2013 14:15
BIOS-Speichercheck (3072 MB) keine Fehler. Blauer Windows-Speichercheck auf höchster Stufe 3 ab gestern Abend. Versprach Neustart und Anzeige des Ergebnisses. Geht der auch nur auf 3072?
----------------------------
Heute von storage check Ergebis sehe ich nichts. Also nix Fehler.
Habe 1.072.689.152 Bytes Ramdisk oben (Gavotte)
mit festem pagefile 872.415.232 Bytes - der Rest für TEMP usw.
--------------------------
Könnte gesamte Ramdisk schreiben + lesen. Bitmuster?
Egal, da ja intern 0-bit-Folgen extra synchro-Flanken bekommen?
Was wäre schnellste Programmiersprache für diesen Zweck?
Gruß
Siggi







3953 12-28-2013 9:22a ----A c:\WINDOWS\System32

schrauber 29.12.2013 11:49
Zitat:
Könnte gesamte Ramdisk schreiben + lesen. Bitmuster?
Egal, da ja intern 0-bit-Folgen extra synchro-Flanken bekommen?
Was wäre schnellste Programmiersprache für diesen Zweck?
Ich versteh nur Bahnhof :)

siggi30 29.12.2013 22:22
Von den 2x2 GB Speicherchips adressiert Windows nur 3072 MB, das obere GB habe ich als RAMDisk Z: eingerichtet und dort ein pagefile der festen (Anfang=Ende) Größe 800MB liegen. Wenn in diesem GB Speicherfehler liegen, würde Windows abstürzen, sobald aus dem System-Cache Z:\pagefile fehlerhafte Seiten angefordert werden. Beschreiben und Lesen sämtlicher Bytes von Z: würde diese Fehler finden.
Habe noch überlegt, welche Bitmuster für den Test am Geeignesten sind; mir fiel ein, dass der interne Code, der auf die Platte geschrieben wird, für 8 bit 12 oder 14 bits erzeugen, als selbstkorrigiernder Code und um längere 0-Folgen zu vermeiden.
Gruß
Siggi

schrauber 30.12.2013 17:33
Ok, jetzt weiß ich wen ich frage wenn ich Stress mit dem Studium hab :D

Ich kann Dir nur ansatzweise folgen. Ich würd ja einfach einen Riegel rausmachen, testen, Riegel tauschen, andren Steckplatz und so Sachen. Oder das Toom Memtest nutzen.

siggi30 01.01.2014 13:52
Jedenfalls hst Du mir eine Lösung vorgeschlagen, auf die ich nicht gekommen bin: die beiden Speicherriegel vertauschen und die mit dem 1. und der 1. Hälfte des 2. Riegels gemachten Tests (die keinen Fehler brachten) wiederholen. Danke für die Anregung! Chips 1und 2 tauschen ist ja kein Problem.
Gruß!
Siggi

schrauber 02.01.2014 08:58
Alles klar :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131