Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren! (https://www.trojaner-board.de/160312-xp-rechner-tr-agent-83648-fbar-loescht-kopieren.html)

mac11 01.11.2014 23:07
XP Rechner TR/Agent.83648 Fbar löscht sich nach kopieren!
 
Ich wollte auf meinem Zweitrechner die Bootprogramme editieren da sind mir einige Dinge aufgefallen.
Sixth.exe das aber nicht mehr da ist..
Seventh.exe genau diese Version https://www.virustotal.com/de/file/6346947d1648abedcfbbb930dd954301ee3757471d39dd04b34ef993d58815b9/analysis/
SCheck und Intermediate exe die so lua teile in den Anwendungsdaten sind, diese haben aber nur eine Erkennung in Virustotal, und so ein Datamgr der aber auch "clean" aussieht..

Installiert ist dort Avast, das schon mal die seventh exe nicht erkennt, der Rechner soll möglichst wenig gebremst werden deswegen avast (keine Ahnung ob das perfekt ist)

Dann hatte ich die Anwendungsdaten von meinem Hauptrechner aus mit Avira gescant, weil es ja die Seventh erkennt. (Der alte rechner kann soweit ich weiss nicht auf meinen Hauptrechner zugreifen, bzw ich bekomm nur in eine richtung netzwerkzugriff.)
hier informationen von avira hxxp://www.avira.com/de/support-threats-summary/tid/8516/threat/TR.Agent.83648 der Ordner "Common/" wurde wie dort erwähnt auf dem Rechner erstellt.
Jetzt wollte ich die Checkliste abarbeiten aber wenn ich FRST auf den Rechner kopiere verschwindet es sofort wieder auch nach umbenennung.. :killpc:

Das ist natürlich recht beunruhigend.
Beide Rechner sind an meiner Easybox angeschlossen und haben dadurch Netzwerk.
Da ich fast nie das Internet über den alten öffne, und diese Seventh.exe nicht auf win7 vorkommt.. naja weiss ich auch nicht so recht.

Bitte zu hilf :heilig:
(hmm nach dem fbar Problem ist Avast acuh mal abgestürzt und gestern ist Avira auf meinem Hauptrechner glaube ich auch Abgestürzt)

Komisch da ist auch ewig ein Gast im Thread ist denn das ein spezieller Freund
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 1. November 2014  20:43


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Antivirus Free
Seriennummer  : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Starter
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Windows
Computername  : WINDOWS-PC

Versionsinformationen:
BUILD.DAT      : 14.0.7.306    92015 Bytes  24.09.2014 12:44:00
AVSCAN.EXE    : 14.0.7.266  1014576 Bytes  24.09.2014 10:44:21
AVSCANRC.DLL  : 14.0.7.220    65272 Bytes  24.09.2014 10:44:21
LUKE.DLL      : 14.0.7.220    59696 Bytes  24.09.2014 10:44:26
AVSCPLR.DLL    : 14.0.7.266    94512 Bytes  24.09.2014 10:44:21
REPAIR.DLL    : 14.0.7.266    366328 Bytes  24.09.2014 10:44:21
REPAIR.RDF    : 1.0.2.30      596694 Bytes  24.10.2014 12:39:41
AVREG.DLL      : 14.0.7.220    264952 Bytes  24.09.2014 10:44:21
AVLODE.DLL    : 14.0.7.266    563448 Bytes  24.09.2014 10:44:21
AVLODE.RDF    : 14.0.4.46      64835 Bytes  24.09.2014 10:44:21
XBV00011.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00012.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00013.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00014.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00015.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00016.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00017.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00018.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:30
XBV00019.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00020.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00021.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00022.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00023.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00024.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00025.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00026.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00027.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00028.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00029.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00030.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00031.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00032.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00033.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00034.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00035.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00036.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00037.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00038.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00039.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00040.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00041.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 10:44:31
XBV00208.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00209.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00210.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00211.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00212.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00213.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00214.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00215.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00216.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:58
XBV00217.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00218.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00219.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00220.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00221.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00222.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00223.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00224.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00225.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00226.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00227.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00228.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00229.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00230.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00231.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:28:59
XBV00232.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00233.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00234.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00235.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00236.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00237.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00238.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00239.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00240.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00241.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00242.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00243.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00244.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00245.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:00
XBV00246.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00247.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00248.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00249.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00250.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00251.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00252.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00253.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00254.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00255.VDF  : 8.11.178.32    2048 Bytes  14.10.2014 03:29:01
XBV00000.VDF  : 7.11.70.0  66736640 Bytes  04.04.2013 10:44:30
XBV00001.VDF  : 7.11.74.226  2201600 Bytes  30.04.2013 10:44:30
XBV00002.VDF  : 7.11.80.60  2751488 Bytes  28.05.2013 10:44:30
XBV00003.VDF  : 7.11.85.214  2162688 Bytes  21.06.2013 10:44:30
XBV00004.VDF  : 7.11.91.176  3903488 Bytes  23.07.2013 10:44:30
XBV00005.VDF  : 7.11.98.186  6822912 Bytes  29.08.2013 10:44:30
XBV00006.VDF  : 7.11.139.38 15708672 Bytes  27.03.2014 10:44:30
XBV00007.VDF  : 7.11.152.100  4193792 Bytes  02.06.2014 10:44:30
XBV00008.VDF  : 8.11.165.192  4251136 Bytes  07.08.2014 10:44:30
XBV00009.VDF  : 8.11.172.30  2094080 Bytes  15.09.2014 10:44:30
XBV00010.VDF  : 8.11.178.32  1581056 Bytes  14.10.2014 03:28:45
XBV00042.VDF  : 8.11.178.58    29696 Bytes  14.10.2014 03:28:45
XBV00043.VDF  : 8.11.178.60    2048 Bytes  14.10.2014 03:28:45
XBV00044.VDF  : 8.11.178.86    21504 Bytes  14.10.2014 03:28:45
XBV00045.VDF  : 8.11.178.88    11776 Bytes  15.10.2014 04:29:42
XBV00046.VDF  : 8.11.178.92    17408 Bytes  15.10.2014 04:29:42
XBV00047.VDF  : 8.11.178.94    2048 Bytes  15.10.2014 04:29:42
XBV00048.VDF  : 8.11.178.116    7680 Bytes  15.10.2014 04:29:42
XBV00049.VDF  : 8.11.178.136    21504 Bytes  15.10.2014 04:29:42
XBV00050.VDF  : 8.11.178.140    2048 Bytes  15.10.2014 04:29:42
XBV00051.VDF  : 8.11.178.162    32768 Bytes  15.10.2014 04:29:42
XBV00052.VDF  : 8.11.178.164    2048 Bytes  15.10.2014 04:29:42
XBV00053.VDF  : 8.11.178.166    14336 Bytes  15.10.2014 04:29:42
XBV00054.VDF  : 8.11.178.170    12800 Bytes  15.10.2014 04:29:42
XBV00055.VDF  : 8.11.178.190    4608 Bytes  15.10.2014 04:29:42
XBV00056.VDF  : 8.11.178.210    5120 Bytes  15.10.2014 04:29:43
XBV00057.VDF  : 8.11.178.230    17920 Bytes  16.10.2014 05:30:59
XBV00058.VDF  : 8.11.178.234    8704 Bytes  16.10.2014 05:31:00
XBV00059.VDF  : 8.11.178.236    13312 Bytes  16.10.2014 05:31:00
XBV00060.VDF  : 8.11.178.240    50176 Bytes  16.10.2014 05:31:00
XBV00061.VDF  : 8.11.179.4      2048 Bytes  16.10.2014 05:31:00
XBV00062.VDF  : 8.11.179.6      2048 Bytes  16.10.2014 05:31:00
XBV00063.VDF  : 8.11.179.8      2048 Bytes  16.10.2014 05:31:00
XBV00064.VDF  : 8.11.179.12    27136 Bytes  16.10.2014 05:31:00
XBV00065.VDF  : 8.11.179.18    29696 Bytes  17.10.2014 06:32:06
XBV00066.VDF  : 8.11.179.20    2048 Bytes  17.10.2014 06:32:07
XBV00067.VDF  : 8.11.179.22    8192 Bytes  17.10.2014 06:32:07
XBV00068.VDF  : 8.11.179.44    12800 Bytes  17.10.2014 06:32:07
XBV00069.VDF  : 8.11.179.62    6656 Bytes  17.10.2014 06:32:07
XBV00070.VDF  : 8.11.179.80    10752 Bytes  17.10.2014 06:32:07
XBV00071.VDF  : 8.11.179.82    2048 Bytes  17.10.2014 06:32:07
XBV00072.VDF  : 8.11.179.100    5632 Bytes  17.10.2014 06:32:07
XBV00073.VDF  : 8.11.179.106    22528 Bytes  17.10.2014 06:32:07
XBV00074.VDF  : 8.11.179.108    2560 Bytes  17.10.2014 06:32:07
XBV00075.VDF  : 8.11.179.110    9216 Bytes  17.10.2014 06:32:07
XBV00076.VDF  : 8.11.179.114    18432 Bytes  18.10.2014 07:33:18
XBV00077.VDF  : 8.11.179.116    3072 Bytes  18.10.2014 07:33:18
XBV00078.VDF  : 8.11.179.118    38912 Bytes  18.10.2014 07:33:18
XBV00079.VDF  : 8.11.179.120    2048 Bytes  18.10.2014 07:33:18
XBV00080.VDF  : 8.11.179.122    52224 Bytes  19.10.2014 08:33:58
XBV00081.VDF  : 8.11.179.140    2048 Bytes  19.10.2014 08:33:58
XBV00082.VDF  : 8.11.179.160    25600 Bytes  19.10.2014 08:33:58
XBV00083.VDF  : 8.11.179.162    2048 Bytes  19.10.2014 08:33:58
XBV00084.VDF  : 8.11.179.180    35328 Bytes  20.10.2014 08:33:58
XBV00085.VDF  : 8.11.179.182    2048 Bytes  20.10.2014 08:33:58
XBV00086.VDF  : 8.11.179.184    12800 Bytes  20.10.2014 08:33:59
XBV00087.VDF  : 8.11.179.186    7168 Bytes  20.10.2014 09:36:10
XBV00088.VDF  : 8.11.179.188    23040 Bytes  20.10.2014 09:36:10
XBV00089.VDF  : 8.11.179.190    2048 Bytes  20.10.2014 09:36:10
XBV00090.VDF  : 8.11.179.192    2048 Bytes  20.10.2014 09:36:10
XBV00091.VDF  : 8.11.179.194    13312 Bytes  20.10.2014 09:36:10
XBV00092.VDF  : 8.11.179.196    2048 Bytes  20.10.2014 09:36:10
XBV00093.VDF  : 8.11.179.216    36352 Bytes  20.10.2014 09:36:10
XBV00094.VDF  : 8.11.179.232    2048 Bytes  20.10.2014 09:36:10
XBV00095.VDF  : 8.11.179.234    2048 Bytes  20.10.2014 09:36:10
XBV00096.VDF  : 8.11.180.12    32256 Bytes  21.10.2014 09:36:10
XBV00097.VDF  : 8.11.180.30    17408 Bytes  21.10.2014 09:36:10
XBV00098.VDF  : 8.11.180.32    2048 Bytes  21.10.2014 09:36:11
XBV00099.VDF  : 8.11.180.34    16384 Bytes  21.10.2014 09:36:11
XBV00100.VDF  : 8.11.180.40    8704 Bytes  21.10.2014 09:36:11
XBV00101.VDF  : 8.11.180.42    10240 Bytes  21.10.2014 10:37:07
XBV00102.VDF  : 8.11.180.44    31744 Bytes  21.10.2014 10:37:08
XBV00103.VDF  : 8.11.180.60    2048 Bytes  21.10.2014 10:37:08
XBV00104.VDF  : 8.11.180.64    24576 Bytes  21.10.2014 10:37:08
XBV00105.VDF  : 8.11.180.66    6144 Bytes  21.10.2014 10:37:08
XBV00106.VDF  : 8.11.180.70    2560 Bytes  21.10.2014 10:37:08
XBV00107.VDF  : 8.11.180.88    33280 Bytes  22.10.2014 10:37:08
XBV00108.VDF  : 8.11.180.104    2560 Bytes  22.10.2014 10:37:08
XBV00109.VDF  : 8.11.180.106    2048 Bytes  22.10.2014 10:37:08
XBV00110.VDF  : 8.11.180.122    25600 Bytes  22.10.2014 10:37:08
XBV00111.VDF  : 8.11.180.138    11264 Bytes  22.10.2014 10:37:08
XBV00112.VDF  : 8.11.180.140    20992 Bytes  22.10.2014 11:37:49
XBV00113.VDF  : 8.11.180.142    2048 Bytes  22.10.2014 11:37:49
XBV00114.VDF  : 8.11.180.144    2048 Bytes  22.10.2014 11:37:49
XBV00115.VDF  : 8.11.180.150    43520 Bytes  22.10.2014 11:37:49
XBV00116.VDF  : 8.11.180.154    2048 Bytes  22.10.2014 11:37:49
XBV00117.VDF  : 8.11.180.172    12288 Bytes  22.10.2014 11:37:49
XBV00118.VDF  : 8.11.180.174    2048 Bytes  22.10.2014 11:37:49
XBV00119.VDF  : 8.11.180.188    7168 Bytes  22.10.2014 11:37:49
XBV00120.VDF  : 8.11.180.204    11776 Bytes  23.10.2014 11:37:49
XBV00121.VDF  : 8.11.180.206    3584 Bytes  23.10.2014 11:37:49
XBV00122.VDF  : 8.11.180.208    22016 Bytes  23.10.2014 11:37:50
XBV00123.VDF  : 8.11.180.210    20992 Bytes  23.10.2014 12:39:39
XBV00124.VDF  : 8.11.180.212    2048 Bytes  23.10.2014 12:39:39
XBV00125.VDF  : 8.11.180.214    2560 Bytes  23.10.2014 12:39:39
XBV00126.VDF  : 8.11.180.220    32768 Bytes  23.10.2014 12:39:39
XBV00127.VDF  : 8.11.180.222    2048 Bytes  23.10.2014 12:39:39
XBV00128.VDF  : 8.11.180.224    2048 Bytes  23.10.2014 12:39:39
XBV00129.VDF  : 8.11.180.226    15872 Bytes  23.10.2014 12:39:39
XBV00130.VDF  : 8.11.180.228    2048 Bytes  23.10.2014 12:39:39
XBV00131.VDF  : 8.11.180.232    28672 Bytes  24.10.2014 12:39:39
XBV00132.VDF  : 8.11.180.234    2048 Bytes  24.10.2014 12:39:40
XBV00133.VDF  : 8.11.180.236    38912 Bytes  24.10.2014 13:40:26
XBV00134.VDF  : 8.11.180.250    2048 Bytes  24.10.2014 13:40:26
XBV00135.VDF  : 8.11.180.252    2048 Bytes  24.10.2014 13:40:27
XBV00136.VDF  : 8.11.181.10    14336 Bytes  24.10.2014 13:40:27
XBV00137.VDF  : 8.11.181.24    6144 Bytes  24.10.2014 13:40:27
XBV00138.VDF  : 8.11.181.36    21504 Bytes  24.10.2014 13:40:27
XBV00139.VDF  : 8.11.181.38    2048 Bytes  24.10.2014 13:40:27
XBV00140.VDF  : 8.11.181.40    25088 Bytes  24.10.2014 13:40:27
XBV00141.VDF  : 8.11.181.42    2048 Bytes  25.10.2014 13:40:27
XBV00142.VDF  : 8.11.181.44    2048 Bytes  25.10.2014 13:40:27
XBV00143.VDF  : 8.11.181.48    62976 Bytes  25.10.2014 14:41:35
XBV00144.VDF  : 8.11.181.50    2048 Bytes  25.10.2014 14:41:35
XBV00145.VDF  : 8.11.181.52    27136 Bytes  25.10.2014 14:41:36
XBV00146.VDF  : 8.11.181.54    2048 Bytes  25.10.2014 14:41:36
XBV00147.VDF  : 8.11.181.56    2048 Bytes  25.10.2014 14:41:36
XBV00148.VDF  : 8.11.181.72    64000 Bytes  26.10.2014 14:41:36
XBV00149.VDF  : 8.11.181.84    2048 Bytes  26.10.2014 14:41:36
XBV00150.VDF  : 8.11.181.96    2048 Bytes  26.10.2014 14:41:36
XBV00151.VDF  : 8.11.181.108    2048 Bytes  26.10.2014 14:41:36
XBV00152.VDF  : 8.11.181.120    14336 Bytes  26.10.2014 15:43:50
XBV00153.VDF  : 8.11.181.132    2048 Bytes  26.10.2014 15:43:50
XBV00154.VDF  : 8.11.181.146    54272 Bytes  27.10.2014 15:43:50
XBV00155.VDF  : 8.11.181.148    2048 Bytes  27.10.2014 15:43:50
XBV00156.VDF  : 8.11.181.150    6656 Bytes  27.10.2014 15:43:50
XBV00157.VDF  : 8.11.181.152    7680 Bytes  27.10.2014 15:43:50
XBV00158.VDF  : 8.11.181.154    6656 Bytes  27.10.2014 15:43:50
XBV00159.VDF  : 8.11.181.156    13824 Bytes  27.10.2014 15:43:50
XBV00160.VDF  : 8.11.181.158    2048 Bytes  27.10.2014 15:43:50
XBV00161.VDF  : 8.11.181.172    35840 Bytes  27.10.2014 16:43:30
XBV00162.VDF  : 8.11.181.184    2048 Bytes  27.10.2014 16:43:30
XBV00163.VDF  : 8.11.181.186    2048 Bytes  27.10.2014 16:43:30
XBV00164.VDF  : 8.11.181.200    6144 Bytes  27.10.2014 16:43:30
XBV00165.VDF  : 8.11.181.214    5632 Bytes  28.10.2014 16:43:30
XBV00166.VDF  : 8.11.181.218    2560 Bytes  28.10.2014 16:43:30
XBV00167.VDF  : 8.11.181.220    3072 Bytes  28.10.2014 16:43:30
XBV00168.VDF  : 8.11.181.222    11776 Bytes  28.10.2014 16:43:30
XBV00169.VDF  : 8.11.181.224    27136 Bytes  28.10.2014 16:43:30
XBV00170.VDF  : 8.11.181.226    2048 Bytes  28.10.2014 16:43:30
XBV00171.VDF  : 8.11.181.228    2048 Bytes  28.10.2014 16:43:31
XBV00172.VDF  : 8.11.181.234    27136 Bytes  28.10.2014 17:44:29
XBV00173.VDF  : 8.11.181.240    2048 Bytes  28.10.2014 17:44:29
XBV00174.VDF  : 8.11.181.246    14336 Bytes  28.10.2014 17:44:29
XBV00175.VDF  : 8.11.181.250    58880 Bytes  29.10.2014 17:44:30
XBV00176.VDF  : 8.11.182.6      2048 Bytes  29.10.2014 17:44:30
XBV00177.VDF  : 8.11.182.16    2048 Bytes  29.10.2014 17:44:30
XBV00178.VDF  : 8.11.182.18    2048 Bytes  29.10.2014 17:44:30
XBV00179.VDF  : 8.11.182.28    25088 Bytes  29.10.2014 17:44:30
XBV00180.VDF  : 8.11.182.38    29184 Bytes  29.10.2014 17:44:30
XBV00181.VDF  : 8.11.182.40    2048 Bytes  29.10.2014 17:44:30
XBV00182.VDF  : 8.11.182.42    2048 Bytes  29.10.2014 17:44:30
XBV00183.VDF  : 8.11.182.46    43520 Bytes  29.10.2014 18:46:05
XBV00184.VDF  : 8.11.182.48    2048 Bytes  29.10.2014 18:46:05
XBV00185.VDF  : 8.11.182.50    2048 Bytes  29.10.2014 18:46:05
XBV00186.VDF  : 8.11.182.52    10752 Bytes  29.10.2014 18:46:05
XBV00187.VDF  : 8.11.182.64    31232 Bytes  30.10.2014 18:46:05
XBV00188.VDF  : 8.11.182.74    2048 Bytes  30.10.2014 18:46:05
XBV00189.VDF  : 8.11.182.76    2048 Bytes  30.10.2014 18:46:05
XBV00190.VDF  : 8.11.182.78    2048 Bytes  30.10.2014 18:46:05
XBV00191.VDF  : 8.11.182.90    36352 Bytes  30.10.2014 18:46:06
XBV00192.VDF  : 8.11.182.92    9216 Bytes  30.10.2014 18:46:06
XBV00193.VDF  : 8.11.182.94    2048 Bytes  30.10.2014 18:46:06
XBV00194.VDF  : 8.11.182.96    2048 Bytes  30.10.2014 18:46:06
XBV00195.VDF  : 8.11.182.106    2048 Bytes  30.10.2014 18:46:06
XBV00196.VDF  : 8.11.182.116    26624 Bytes  30.10.2014 18:46:06
XBV00197.VDF  : 8.11.182.120    24576 Bytes  30.10.2014 19:46:54
XBV00198.VDF  : 8.11.182.124    2048 Bytes  30.10.2014 19:46:54
XBV00199.VDF  : 8.11.182.126    9728 Bytes  31.10.2014 19:46:54
XBV00200.VDF  : 8.11.182.128    25088 Bytes  31.10.2014 19:46:54
XBV00201.VDF  : 8.11.182.130    13824 Bytes  31.10.2014 19:46:54
XBV00202.VDF  : 8.11.182.140    10752 Bytes  31.10.2014 19:46:54
XBV00203.VDF  : 8.11.182.142    2560 Bytes  31.10.2014 19:46:55
XBV00204.VDF  : 8.11.182.144    2048 Bytes  31.10.2014 19:46:55
XBV00205.VDF  : 8.11.182.152    18944 Bytes  31.10.2014 19:46:55
XBV00206.VDF  : 8.11.182.156    26112 Bytes  31.10.2014 19:46:55
XBV00207.VDF  : 8.11.182.158    2048 Bytes  31.10.2014 19:46:55
LOCAL000.VDF  : 8.11.182.158 113276928 Bytes  31.10.2014 19:47:15
Engineversion  : 8.3.26.2 
AEVDF.DLL      : 8.3.1.6      133992 Bytes  24.09.2014 10:44:20
AESCRIPT.DLL  : 8.2.2.6      526248 Bytes  31.10.2014 19:46:53
AESCN.DLL      : 8.3.2.2      139456 Bytes  24.09.2014 10:44:20
AESBX.DLL      : 8.2.20.24    1409224 Bytes  24.09.2014 10:44:20
AERDL.DLL      : 8.2.1.16      743328 Bytes  29.10.2014 17:44:28
AEPACK.DLL    : 8.4.0.54      788392 Bytes  13.10.2014 20:42:22
AEOFFICE.DLL  : 8.3.0.38      224112 Bytes  31.10.2014 19:46:52
AEHEUR.DLL    : 8.1.4.1370  7727984 Bytes  31.10.2014 19:46:52
AEHELP.DLL    : 8.3.1.0      278728 Bytes  24.09.2014 10:44:20
AEGEN.DLL      : 8.1.7.32      452512 Bytes  31.10.2014 19:46:37
AEEXP.DLL      : 8.4.2.32      247712 Bytes  24.09.2014 10:44:20
AEEMU.DLL      : 8.1.3.4      399264 Bytes  24.09.2014 10:44:20
AEDROID.DLL    : 8.4.2.24      442568 Bytes  24.09.2014 10:44:20
AECORE.DLL    : 8.3.2.6      243712 Bytes  24.09.2014 10:44:20
AEBB.DLL      : 8.1.2.0        60448 Bytes  24.09.2014 10:44:20
AVWINLL.DLL    : 14.0.7.220    25904 Bytes  24.09.2014 10:44:22
AVPREF.DLL    : 14.0.7.220    52016 Bytes  24.09.2014 10:44:21
AVREP.DLL      : 14.0.7.220    220976 Bytes  24.09.2014 10:44:21
AVARKT.DLL    : 14.0.7.220    227632 Bytes  24.09.2014 10:44:20
AVEVTLOG.DLL  : 14.0.7.220    185080 Bytes  24.09.2014 10:44:20
SQLITE3.DLL    : 14.0.7.220    453936 Bytes  24.09.2014 10:44:28
AVSMTP.DLL    : 14.0.7.220    79096 Bytes  24.09.2014 10:44:22
NETNT.DLL      : 14.0.7.220    15152 Bytes  24.09.2014 10:44:27
RCIMAGE.DLL    : 14.0.7.220  4865328 Bytes  24.09.2014 10:44:27
RCTEXT.DLL    : 14.0.7.240    77048 Bytes  24.09.2014 10:44:27

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Windows\AppData\Local\Temp\9282b0c4.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 1. November 2014  20:43

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in '\\PALOMINO\Administrator'
\\PALOMINO\Administrator\Anwendungsdaten\Seventh\Seventh.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.83648
\\PALOMINO\Administrator\Desktop\Seventh.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.83648 (hatte es auf Desktop kopiert zum hochladen)

Beginne mit der Desinfektion:
\\PALOMINO\Administrator\Desktop\Seventh.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.83648
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50bf9cd1.qua' verschoben!
\\PALOMINO\Administrator\Anwendungsdaten\Seventh\Seventh.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.83648
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4828b376.qua' verschoben!


Ende des Suchlaufs: Samstag, 1. November 2014  21:10
Benötigte Zeit: 25:50 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  1415 Verzeichnisse wurden überprüft
  24509 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  24507 Dateien ohne Befall
    157 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise

schrauber 01.11.2014 23:45
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mac11 01.11.2014 23:53
Oh jetzt geht es, es war der stille Modus in Avast, da hab ich nichts mitbekommen.

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Administrator (administrator) on PALOMINO on 01-11-2014 23:49:58
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\Programme\Creative\Shared Files\CTAudSvc.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [20992 2003-12-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-26] (AVAST Software)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\LogonUI.EXE [515072 2008-04-14] (Microsoft Corporation)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [SCheck] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [DataMgr] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Run: [Intermediate] => C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [StartMenuLogOff] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\MountPoints2: {4bf7e97c-c885-11de-9d32-0030849af90d} - J:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECA244E4A892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {FB8903A1-C95F-4B51-A32F-70F51770D026} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {C333CF63-767F-4831-94AC-E683D962C63C} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984
FF DefaultSearchUrl: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF Homepage: hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\plugins\npcoolirisplugin.dll ()
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\ich@maltegoetz.de.xpi [2014-10-13]
FF Extension: OfferMosquito - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\om@offermosquito.com.xpi [2013-12-19]
FF Extension: Simple New Tab - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: StopTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\stoptube@kashiif.com.xpi [2013-05-30]
FF Extension: Zoom Page - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\zoompage@DW-dev.xpi [2013-06-25]
FF Extension: Resurrect Pages - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-05-30]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-26]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-08-25] ()
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-26] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-28] (Creative Labs)
R2 CTAudSvcService; C:\Programme\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-14] (Creative Technology Ltd)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S2 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-18] (Mozilla Foundation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [575008 2014-04-24] (Baidu Inc.)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 Al_elp; No ImagePath
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-26] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-26] ()
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-04] (ATI Technologies Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] ()
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-06-05] (Baidu, Inc.)
S2 BT848; C:\WINDOWS\System32\DRIVERS\BT848.sys [371349 2011-01-25] (Illusion & Hope.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798744 2009-06-23] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2009-06-23] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2009-06-23] (Creative Technology Ltd)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2006-03-13] (MCCI)
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2006-03-13] (MCCI)
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2006-03-13] (MCCI)
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2006-03-13] (MCCI)
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2006-03-13] (MCCI)
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51582 2003-12-11] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37916 2003-12-11] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2004-08-04] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
S3 Spring; C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [96608 2014-06-13] ()
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [682232 2009-09-09] (Duplex Secure Ltd.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [570168 2009-10-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [527800 2009-10-06] (eMPIA Technology, Inc.)
R2 vcs; F:\Programme\AV VCS 3.0\vcs.sys [6852 2002-12-10] ()
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [32000 2008-04-14] (Microsoft Corporation)
S3 BioNT_BS; \??\C:\Programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [X]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PCFApiUtil; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:49 - 2014-11-01 23:50 - 00000000 ____D () C:\FRST
2014-11-01 21:56 - 2014-11-01 21:56 - 00000020 _____ () C:\Dokumente und Einstellungen\Administrator\defogger_reenable
2014-11-01 18:46 - 2014-11-01 21:57 - 03162278 ____N () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.BAK
2014-11-01 15:51 - 2014-11-01 15:51 - 00000109 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\hjghghj.txt
2014-11-01 15:15 - 2014-11-01 23:50 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2014-11-01 15:11 - 2013-07-21 14:24 - 00168824 _____ (HTTO Group, Ltd.) C:\Dokumente und Einstellungen\Administrator\Desktop\DataMgr.exe
2014-10-18 17:39 - 2014-10-19 03:47 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\mr brave
2014-10-13 10:28 - 2014-10-13 10:29 - 00000287 _____ () C:\WINDOWS\nsw.log
2014-10-13 10:06 - 2014-10-13 10:06 - 00000252 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Windows-pc.lnk
2014-10-13 10:06 - 2014-10-13 10:06 - 00000249 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Easybox.lnk
2014-10-09 16:48 - 2014-10-09 16:48 - 00000000 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument (4).txt
2014-10-08 17:05 - 2014-10-13 09:44 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:49 - 2013-07-01 09:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
2014-11-01 23:09 - 2014-04-22 00:17 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 22:44 - 2013-08-06 16:15 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-01 22:40 - 2013-09-24 17:08 - 01160190 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-01 22:39 - 2014-06-15 09:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-01 22:39 - 2014-06-15 09:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-01 22:39 - 2014-04-22 00:17 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 22:38 - 2013-05-02 06:55 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-01 22:38 - 2009-04-04 12:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 22:23 - 2013-09-16 15:18 - 00001050 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
2014-11-01 21:57 - 2014-05-26 05:48 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-01 21:57 - 2013-02-28 13:27 - 03162278 _____ () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.CDF
2014-11-01 21:57 - 2009-04-04 12:12 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-11-01 21:56 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-11-01 21:10 - 2014-08-19 15:07 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
2014-11-01 18:55 - 2014-06-15 10:04 - 00689934 _____ () C:\WINDOWS\setupapi.log
2014-11-01 18:53 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-01 16:23 - 2013-09-16 15:18 - 00001028 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
2014-10-27 20:24 - 2009-04-04 12:32 - 01069336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-20 11:04 - 2009-04-04 12:32 - 00000000 ____D () C:\Programme
2014-10-19 03:58 - 2014-04-22 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\BOTS
2014-10-19 03:55 - 2013-08-06 17:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2014-10-18 09:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-10-18 09:02 - 2013-09-24 07:03 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-10-16 14:40 - 2014-07-19 20:50 - 00000266 _____ () C:\WINDOWS\setupact.log
2014-10-15 13:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-10-13 11:01 - 2014-06-10 18:05 - 00000000 ____D () C:\pisse
2014-10-13 10:36 - 2009-06-28 12:18 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
2014-10-08 21:34 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-10-08 18:48 - 2009-06-28 11:57 - 00000063 _____ () C:\WINDOWS\wininit.ini
2014-10-08 14:00 - 2014-04-22 00:10 - 00000232 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-10-07 17:02 - 2009-05-17 11:34 - 00278528 ___SH () C:\Dokumente und Einstellungen\Administrator\Desktop\Thumbs.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e   

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a   

C:\WINDOWS\system32\svchost.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366   

C:\WINDOWS\system32\services.exe
[2008-04-14 12:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc   

C:\WINDOWS\system32\User32.dll
[2008-04-14 12:00] - [2008-04-14 12:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd   

C:\WINDOWS\system32\userinit.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106   

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 12:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b   

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 12:00] - [2008-04-14 12:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d   


==================== End Of Log ============================
--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by Administrator at 2014-11-01 23:51:05
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.20 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version:  - )
Ashampoo WinOptimizer Platinum 3 (HKLM\...\Ashampoo WinOptimizer Platinum 3) (Version:  - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield Mod Development Toolkit 2.0 Beta (HKLM\...\MDT) (Version:  - )
Carmageddon (HKLM\...\CarmageddonDeinstKey) (Version:  - )
dBpowerAMP mp3PRO Input Codec (HKLM\...\dBpowerAMP mp3PRO Input Codec) (Version:  - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version:  - )
dBpowerAMP WMA V8 Codec (HKLM\...\dBpowerAMP WMA V8 Codec) (Version:  - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
dMC Auxiliary Input (HKLM\...\dMC Auxiliary Input) (Version:  - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 2 (HKLM\...\Fallout 2) (Version:  - )
ffdshow (HKLM\...\ffdshow) (Version: 20051221-gcc4.0.2-sse-x264.nl - Milan Cutka)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
GetFoldersize 1.2.3 (HKLM\...\GetFoldersize_is1) (Version: 1.2.3 - Michael Thummerer Software Design)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
Heroes of Might and Magic® IV (HKLM\...\Heroes of Might and Magic IV) (Version:  - )
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Internet Explorer 7 (Version:  - ) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
MC SW 1.6.1 (HKLM\...\Merciless SW Texture set_is1) (Version:  - MERCILESS CREATIONS)
MC: Zara5ustra Map Pack (HKLM\...\MC: Zara5ustra Map Pack) (Version:  - )
Merciless 1942 version 1.6 (HKLM\...\Merciless 1942 version 1.6) (Version:  - )
Merciless Creations Secret Weapons Single Player (HKLM\...\Merciless Creations Secret Weapons Single Player) (Version:  - )
Merciless Single Player (HKLM\...\Merciless Single Player) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.0 - Tracker Software Products Ltd)
Philppines and Kharkov update (HKLM\...\Merciless Creations 1.6.1 Texture Update_is1) (Version:  - Merciless Creations)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
Rome - Total War(TM) (HKLM\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (Version: 1.0 - Ihr Firmenname) Hidden
Rome - Total War(TM) (Version: 1.2 - Ihr Firmenname) Hidden
Sakura (HKLM\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Silkroad (HKLM\...\Silkroad) (Version:  - )
Snes9x (HKLM\...\Snes9x) (Version:  - )
SpeechRedist (HKLM\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TGW 0.15 (HKLM\...\TGW 0.15) (Version:  - )
Tony Hawk's Pro Skater 3® (HKLM\...\Tony Hawk's Pro Skater 3®) (Version: 1.0 - Activision Publishing, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
UltimateDefrag V1 FREE Public Domain Version (HKLM\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XBF 1.2 (HKLM\...\XBF 1.2) (Version:  - )
XNote Stopwatch 1.50 (HKLM\...\XNote Stopwatch) (Version:  - dnSoft Research Group)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{0CFA3FB2-47F4-4157-A162-648CAA980DE2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{19EFC4D2-5251-4EB5-84C8-5A970FF8F5E0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1A6F5C32-45F4-11D3-9A67-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{42E0F145-11FD-11D3-BB97-00C04F8EE6C0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\1033\itngram.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E48-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E49-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{EC468149-6916-11D2-9427-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 12:00 - 2010-09-08 17:17 - 00306512 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.100888290cs.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        www.10sek.com
127.0.0.1        10sek.com
127.0.0.1        www.123topsearch.com
127.0.0.1        123topsearch.com
127.0.0.1        www.132.com
127.0.0.1        132.com
127.0.0.1        www.136136.net
127.0.0.1        136136.net
127.0.0.1        www.163ns.com
127.0.0.1        163ns.com
127.0.0.1        171203.com
127.0.0.1        17-plus.com
127.0.0.1        www.1800searchonline.com
127.0.0.1        1800searchonline.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Eingabeaufforderung.job => C:\WINDOWS\system32\cmd.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-06 16:13 - 2014-08-26 07:43 - 00301152 _____ () C:\Programme\AVAST Software\Avast\aswProperty.dll
2014-11-01 20:20 - 2014-11-01 20:20 - 02898944 _____ () C:\Programme\AVAST Software\Avast\defs\14110101\algo.dll
2010-08-08 23:07 - 2005-11-10 17:08 - 00418304 _____ () C:\Programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
2013-09-24 07:08 - 2013-01-31 12:22 - 00357224 _____ () C:\Programme\NVIDIA Corporation\nview\nvshell.dll
2013-10-16 12:39 - 2014-08-26 07:44 - 19329904 _____ () C:\Programme\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:07BF512B
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0D786AE3
AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E5694BFB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1659004503-2025429265-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1659004503-2025429265-1606980848-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-1659004503-2025429265-1606980848-1000 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur

Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r


System errors:
=============
Error: (10/16/2014 10:28:46 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.123 für die Netzwerkkarte mit der Netzwerkadresse 0030849AF90D wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (10/15/2014 06:54:09 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.181 für die Netzwerkkarte mit der Netzwerkadresse 0030849AF9FF wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (10/08/2014 04:55:03 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 30 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/08/2014 04:55:03 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/08/2014 04:40:32 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/08/2014 04:40:32 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/08/2014 04:40:01 PM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/08/2014 04:40:01 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (10/01/2014 02:20:43 AM) (Source: W32Time) (EventID: 29) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (10/01/2014 02:20:43 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur

Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r


==================== Memory info ===========================

Processor: AMD Athlon(tm) XP 1900+
Percentage of memory in use: 25%
Total physical RAM: 1791.48 MB
Available physical RAM: 1331.41 MB
Total Pagefile: 3467.79 MB
Available Pagefile: 3184.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:11.38 GB) (Free:1.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:45.89 GB) (Free:11.81 GB) NTFS
Drive f: (BOOT) (Fixed) (Total:91.2 GB) (Free:2.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BACKUP) (Fixed) (Total:93.15 GB) (Free:38.5 GB) NTFS
Drive h: (SWAP) (Fixed) (Total:1.96 GB) (Free:0.17 GB) NTFS
Drive j: (MICROSD) (Removable) (Total:14.81 GB) (Free:0.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 57.3 GB) (Disk ID: 04680468)
Partition 1: (Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: CCD3CCD3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=91.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 02.11.2014 15:11
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

mac11 02.11.2014 15:40
Hi, danke für die Hilfe. Der Scan findet anscheinend nichts.

Code:
15:29:34.0671 0x0db8  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:30:02.0046 0x0db8  ============================================================
15:30:02.0046 0x0db8  Current date / time: 2014/11/02 15:30:02.0046
15:30:02.0046 0x0db8  SystemInfo:
15:30:02.0046 0x0db8 
15:30:02.0046 0x0db8  OS Version: 5.1.2600 ServicePack: 3.0
15:30:02.0046 0x0db8  Product type: Workstation
15:30:02.0046 0x0db8  ComputerName: PALOMINO
15:30:02.0046 0x0db8  UserName: Administrator
15:30:02.0046 0x0db8  Windows directory: C:\WINDOWS
15:30:02.0046 0x0db8  System windows directory: C:\WINDOWS
15:30:02.0046 0x0db8  Processor architecture: Intel x86
15:30:02.0046 0x0db8  Number of processors: 1
15:30:02.0046 0x0db8  Page size: 0x1000
15:30:02.0046 0x0db8  Boot type: Normal boot
15:30:02.0046 0x0db8  ============================================================
15:30:03.0968 0x0db8  KLMD registered as C:\WINDOWS\system32\drivers\57299431.sys
15:30:05.0078 0x0db8  System UUID: {07C66F0A-9AD5-F9DC-202D-ED126914DE46}
15:30:08.0015 0x0db8  Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 ( 57.27 Gb ), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:30:08.0046 0x0db8  Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:30:08.0109 0x0db8  Drive \Device\Harddisk2\DR7 - Size: 0x3B4500000 ( 14.82 Gb ), SectorSize: 0x200, Cylinders: 0x78E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:08.0125 0x0db8  ============================================================
15:30:08.0125 0x0db8  \Device\Harddisk0\DR0:
15:30:08.0125 0x0db8  MBR partitions:
15:30:08.0125 0x0db8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x16C054E
15:30:08.0125 0x0db8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x16C05CC, BlocksNum 0x5BC9668
15:30:08.0125 0x0db8  \Device\Harddisk1\DR1:
15:30:08.0125 0x0db8  MBR partitions:
15:30:08.0125 0x0db8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3EC0C1
15:30:08.0125 0x0db8  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3EC100, BlocksNum 0xB664D41
15:30:08.0125 0x0db8  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xBA50E80, BlocksNum 0xBA4CF41
15:30:08.0125 0x0db8  \Device\Harddisk2\DR7:
15:30:08.0140 0x0db8  MBR partitions:
15:30:08.0140 0x0db8  \Device\Harddisk2\DR7\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DA0800
15:30:08.0140 0x0db8  ============================================================
15:30:08.0171 0x0db8  C: <-> \Device\Harddisk0\DR0\Partition1
15:30:08.0281 0x0db8  D: <-> \Device\Harddisk0\DR0\Partition2
15:30:08.0343 0x0db8  G: <-> \Device\Harddisk1\DR1\Partition3
15:30:08.0375 0x0db8  F: <-> \Device\Harddisk1\DR1\Partition2
15:30:08.0406 0x0db8  H: <-> \Device\Harddisk1\DR1\Partition1
15:30:08.0406 0x0db8  ============================================================
15:30:08.0406 0x0db8  Initialize success
15:30:08.0406 0x0db8  ============================================================
15:31:24.0312 0x0d40  ============================================================
15:31:24.0312 0x0d40  Scan started
15:31:24.0312 0x0d40  Mode: Manual; SigCheck; TDLFS;
15:31:24.0312 0x0d40  ============================================================
15:31:24.0312 0x0d40  KSN ping started
15:31:26.0812 0x0d40  KSN ping finished: true
15:31:27.0671 0x0d40  ================ Scan system memory ========================
15:31:27.0687 0x0d40  System memory - ok
15:31:27.0718 0x0d40  ================ Scan services =============================
15:31:28.0078 0x0d40  Abiosdsk - ok
15:31:28.0125 0x0d40  abp480n5 - ok
15:31:28.0265 0x0d40  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:31:34.0218 0x0d40  ACPI - ok
15:31:34.0312 0x0d40  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:31:34.0609 0x0d40  ACPIEC - ok
15:31:34.0750 0x0d40  [ F84C9DEE4698DF3C1D76801B7B1B55D7, 071A3938ED7B9E20E30E873011C8039382C7EFE90D39EC8C0F3E457B2873406E ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
15:31:34.0765 0x0d40  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
15:31:37.0171 0x0d40  Detect skipped due to KSN trusted
15:31:37.0171 0x0d40  Adobe LM Service - ok
15:31:37.0203 0x0d40  adpu160m - ok
15:31:37.0328 0x0d40  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec            C:\WINDOWS\system32\drivers\aec.sys
15:31:37.0656 0x0d40  aec - ok
15:31:37.0781 0x0d40  [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD            C:\WINDOWS\System32\drivers\afd.sys
15:31:37.0843 0x0d40  AFD - ok
15:31:37.0875 0x0d40  Aha154x - ok
15:31:37.0906 0x0d40  aic78u2 - ok
15:31:37.0937 0x0d40  aic78xx - ok
15:31:38.0015 0x0d40  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
15:31:38.0265 0x0d40  Alerter - ok
15:31:38.0312 0x0d40  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG            C:\WINDOWS\System32\alg.exe
15:31:38.0468 0x0d40  ALG - ok
15:31:38.0500 0x0d40  AliIde - ok
15:31:38.0578 0x0d40  [ 3A0DAFAC778236559C14C7203FB550EB, 9FA197E22A665465D3CBB4E5437CA9102C14757C0DA7C851C0A4436078E18746 ] AmdK7          C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:31:38.0875 0x0d40  AmdK7 - ok
15:31:38.0906 0x0d40  amsint - ok
15:31:39.0031 0x0d40  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
15:31:39.0203 0x0d40  AppMgmt - ok
15:31:39.0250 0x0d40  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:31:39.0562 0x0d40  Arp1394 - ok
15:31:39.0593 0x0d40  asc - ok
15:31:39.0625 0x0d40  asc3350p - ok
15:31:39.0640 0x0d40  asc3550 - ok
15:31:39.0828 0x0d40  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:31:39.0859 0x0d40  aspnet_state - ok
15:31:39.0937 0x0d40  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid        C:\WINDOWS\system32\drivers\aswHwid.sys
15:31:40.0000 0x0d40  aswHwid - ok
15:31:40.0093 0x0d40  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt      C:\WINDOWS\system32\drivers\aswMonFlt.sys
15:31:40.0125 0x0d40  aswMonFlt - ok
15:31:40.0171 0x0d40  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] AswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
15:31:40.0203 0x0d40  AswRdr - ok
15:31:40.0281 0x0d40  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt        C:\WINDOWS\system32\drivers\aswRvrt.sys
15:31:40.0296 0x0d40  aswRvrt - ok
15:31:40.0671 0x0d40  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
15:31:40.0890 0x0d40  aswSnx - ok
15:31:41.0109 0x0d40  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP          C:\WINDOWS\system32\drivers\aswSP.sys
15:31:41.0250 0x0d40  aswSP - ok
15:31:41.0328 0x0d40  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
15:31:41.0343 0x0d40  aswTdi - ok
15:31:41.0484 0x0d40  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
15:31:41.0562 0x0d40  aswVmm - ok
15:31:41.0609 0x0d40  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:31:41.0875 0x0d40  AsyncMac - ok
15:31:41.0984 0x0d40  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:42.0265 0x0d40  atapi - ok
15:31:42.0312 0x0d40  Atdisk - ok
15:31:42.0437 0x0d40  [ 74E104ADA8A304774713E9A9A9CB3556, DE73A354D65B927166EE76963CDD09CF5F5D99F95B5A0E30AA120F1C820982F1 ] atinrvxx        C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
15:31:42.0484 0x0d40  atinrvxx - ok
15:31:42.0546 0x0d40  [ 0E4BB35C5305099AC82053AC992E3E0E, 51621C0E64B4FF576ED57143306F4E4A9D283815975CA6BA41452D2FFC6C313A ] ATITool        C:\WINDOWS\system32\DRIVERS\ATITool.sys
15:31:42.0562 0x0d40  ATITool - detected UnsignedFile.Multi.Generic ( 1 )
15:31:44.0968 0x0d40  Detect skipped due to KSN trusted
15:31:44.0968 0x0d40  ATITool - ok
15:31:45.0031 0x0d40  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:31:45.0328 0x0d40  Atmarpc - ok
15:31:45.0375 0x0d40  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:31:45.0703 0x0d40  AudioSrv - ok
15:31:45.0750 0x0d40  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
15:31:46.0046 0x0d40  audstub - ok
15:31:46.0171 0x0d40  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
15:31:46.0203 0x0d40  avast! Antivirus - ok
15:31:46.0234 0x0d40  AviraUpgradeService - ok
15:31:46.0281 0x0d40  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:31:46.0593 0x0d40  Beep - ok
15:31:46.0671 0x0d40  [ BE125797A510CD7E9E77D0D79CB989EF, 31038BAE26E6DFF6303B71DAFA1192028815BD397D564A8F0825AFEDA131402F ] Bhbase          C:\WINDOWS\system32\drivers\Bhbase.sys
15:31:46.0718 0x0d40  Bhbase - ok
15:31:46.0750 0x0d40  BioNT_BS - ok
15:31:46.0953 0x0d40  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            C:\WINDOWS\system32\qmgr.dll
15:31:47.0515 0x0d40  BITS - ok
15:31:47.0546 0x0d40  BprotectEx - ok
15:31:47.0640 0x0d40  [ B2CC8D85D27BF10C5FAF5B98C335978E, 96A88DFBC7D3C2215933B5C06E6B0BCB674A81AA6399030FEC602193171C7E38 ] Browser        C:\WINDOWS\System32\browser.dll
15:31:47.0687 0x0d40  Browser - ok
15:31:47.0890 0x0d40  [ 028A7743DFF85BDA7CE9D507FE104CDF, 0D0B03FEC1778A53B787A0CB5EB105413571A9BC42979AF5ECCD4F807F2F9686 ] BT848          C:\WINDOWS\system32\DRIVERS\BT848.sys
15:31:48.0109 0x0d40  BT848 - detected UnsignedFile.Multi.Generic ( 1 )
15:31:50.0500 0x0d40  Detect skipped due to KSN trusted
15:31:50.0500 0x0d40  BT848 - ok
15:31:50.0562 0x0d40  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
15:31:50.0843 0x0d40  cbidf2k - ok
15:31:50.0906 0x0d40  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:31:51.0187 0x0d40  CCDECODE - ok
15:31:51.0234 0x0d40  cd20xrnt - ok
15:31:51.0281 0x0d40  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
15:31:51.0546 0x0d40  Cdaudio - ok
15:31:51.0609 0x0d40  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:31:51.0890 0x0d40  Cdfs - ok
15:31:51.0953 0x0d40  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:31:52.0015 0x0d40  Cdrom - ok
15:31:52.0046 0x0d40  Changer - ok
15:31:52.0093 0x0d40  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc          C:\WINDOWS\system32\cisvc.exe
15:31:52.0375 0x0d40  CiSvc - ok
15:31:52.0437 0x0d40  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
15:31:52.0718 0x0d40  ClipSrv - ok
15:31:52.0812 0x0d40  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:31:52.0890 0x0d40  clr_optimization_v2.0.50727_32 - ok
15:31:52.0921 0x0d40  CmdIde - ok
15:31:53.0015 0x0d40  [ 8ED4497E4CC0C030EAC8E2FFA1DD9679, 029CA18ED6355D3DE277ACF4C2B307C8E3DDF58C095CAA94CED0E48B95B51375 ] COMMONFX        C:\WINDOWS\system32\drivers\COMMONFX.SYS
15:31:53.0062 0x0d40  COMMONFX - ok
15:31:53.0140 0x0d40  [ 8ED4497E4CC0C030EAC8E2FFA1DD9679, 029CA18ED6355D3DE277ACF4C2B307C8E3DDF58C095CAA94CED0E48B95B51375 ] COMMONFX.SYS    C:\WINDOWS\System32\drivers\COMMONFX.SYS
15:31:53.0156 0x0d40  COMMONFX.SYS - ok
15:31:53.0187 0x0d40  COMSysApp - ok
15:31:53.0250 0x0d40  Cpqarray - ok
15:31:53.0343 0x0d40  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
15:31:53.0375 0x0d40  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
15:31:55.0921 0x0d40  Detect skipped due to KSN trusted
15:31:55.0921 0x0d40  Creative Audio Engine Licensing Service - ok
15:31:56.0015 0x0d40  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:31:56.0250 0x0d40  CryptSvc - ok
15:31:56.0500 0x0d40  [ C1E3B24CA4871BD2A8C3B95110E78721, 6EA9146E98B971A5564F457CD457BD12B612187A351022498BA8F1036C899EBA ] ctac32k        C:\WINDOWS\system32\drivers\ctac32k.sys
15:31:56.0625 0x0d40  ctac32k - ok
15:31:56.0890 0x0d40  [ 13E797253EA98C2574C878DE78CA691E, 46B586FFA7981327C437E58B5CB0C09580ADE8AD1E0EF64591DBA9A41E4C4069 ] ctaud2k        C:\WINDOWS\system32\drivers\ctaud2k.sys
15:31:57.0031 0x0d40  ctaud2k - ok
15:31:57.0296 0x0d40  [ AB3456984B59D1425BEFC0D457D41DD4, 088AA379B54A8FCB32FB5EFB00374470C0A51392F60EA9DA33DCFAE72D90491A ] CTAUDFX        C:\WINDOWS\system32\drivers\CTAUDFX.SYS
15:31:57.0421 0x0d40  CTAUDFX - ok
15:31:57.0687 0x0d40  [ AB3456984B59D1425BEFC0D457D41DD4, 088AA379B54A8FCB32FB5EFB00374470C0A51392F60EA9DA33DCFAE72D90491A ] CTAUDFX.SYS    C:\WINDOWS\System32\drivers\CTAUDFX.SYS
15:31:57.0812 0x0d40  CTAUDFX.SYS - ok
15:31:58.0031 0x0d40  [ 87CB26A58E2B8BF57F4FC92838318C12, AA58EB4F7E13C3DEC52E813AC64099DC4E07E0537C562E90F55745898DF6686B ] CTAudSvcService C:\Programme\Creative\Shared Files\CTAudSvc.exe
15:31:58.0171 0x0d40  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
15:32:00.0656 0x0d40  Detect skipped due to KSN trusted
15:32:00.0656 0x0d40  CTAudSvcService - ok
15:32:00.0859 0x0d40  [ D5E38C394787C1FBFC70E0C50345C25C, E7AE0E6D7AB93EACA0F3F7691E085B7D9AFFEB943F817EAE1D1FF5CD29F4FC46 ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:32:01.0062 0x0d40  ctdvda2k - ok
15:32:01.0187 0x0d40  [ B4297863E9FCE34C0493FCA66F0970A2, 8729973F1DFD05CF6E6FD6E6D1C1C35F22E229F11B432819538A19C676D6ADA3 ] CTERFXFX        C:\WINDOWS\system32\drivers\CTERFXFX.SYS
15:32:01.0218 0x0d40  CTERFXFX - ok
15:32:01.0281 0x0d40  [ B4297863E9FCE34C0493FCA66F0970A2, 8729973F1DFD05CF6E6FD6E6D1C1C35F22E229F11B432819538A19C676D6ADA3 ] CTERFXFX.SYS    C:\WINDOWS\System32\drivers\CTERFXFX.SYS
15:32:01.0328 0x0d40  CTERFXFX.SYS - ok
15:32:01.0375 0x0d40  [ 71007BD2E1E26927FE3E4EB00C0BEEDF, 372E487035D732807B5BC27BA173E382112426D3ECB82EE8BD96C87FD7AB98E5 ] ctljystk        C:\WINDOWS\system32\DRIVERS\ctljystk.sys
15:32:01.0625 0x0d40  ctljystk - ok
15:32:01.0718 0x0d40  [ D19AB3A7DF104250429000F26E0D4049, 583449BB7F3A3DA26007AAA2BFAF52A7734256CECADB979159A26DAB9C30BA74 ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:32:01.0734 0x0d40  ctprxy2k - ok
15:32:02.0015 0x0d40  [ D665DA6B6AEA45B9DB090096F2AEF023, 155D6BA1F4AB24B00DCD166F09E8A637F6E9FC8E8F78EE22EC208BB287094FF0 ] CTSBLFX        C:\WINDOWS\system32\drivers\CTSBLFX.SYS
15:32:02.0125 0x0d40  CTSBLFX - ok
15:32:02.0390 0x0d40  [ D665DA6B6AEA45B9DB090096F2AEF023, 155D6BA1F4AB24B00DCD166F09E8A637F6E9FC8E8F78EE22EC208BB287094FF0 ] CTSBLFX.SYS    C:\WINDOWS\System32\drivers\CTSBLFX.SYS
15:32:02.0515 0x0d40  CTSBLFX.SYS - ok
15:32:02.0625 0x0d40  [ 27C23069325ACDC27021671424F11BC1, BA0BA67AC1CC4C707B029441A86AFF099E81608B16ED6CA559C0A5A609CF24F7 ] ctsfm2k        C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:32:02.0671 0x0d40  ctsfm2k - ok
15:32:02.0718 0x0d40  dac2w2k - ok
15:32:02.0750 0x0d40  dac960nt - ok
15:32:02.0953 0x0d40  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:32:03.0109 0x0d40  DcomLaunch - ok
15:32:03.0218 0x0d40  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:32:03.0546 0x0d40  Dhcp - ok
15:32:03.0609 0x0d40  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:03.0828 0x0d40  Disk - ok
15:32:03.0859 0x0d40  dmadmin - ok
15:32:04.0203 0x0d40  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:32:04.0921 0x0d40  dmboot - ok
15:32:05.0046 0x0d40  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:32:05.0296 0x0d40  dmio - ok
15:32:05.0328 0x0d40  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:32:05.0593 0x0d40  dmload - ok
15:32:05.0656 0x0d40  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:32:05.0921 0x0d40  dmserver - ok
15:32:06.0000 0x0d40  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:32:06.0234 0x0d40  DMusic - ok
15:32:06.0328 0x0d40  [ 4548494812BA3B416D489E0C6AF8D643, 29FDA5352C731F65816250BC0A4A0B67516F1BCCBD56B527EC54210CFA48A647 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:32:06.0406 0x0d40  Dnscache - ok
15:32:06.0515 0x0d40  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
15:32:06.0781 0x0d40  Dot3svc - ok
15:32:06.0812 0x0d40  dpti2o - ok
15:32:06.0843 0x0d40  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:07.0078 0x0d40  drmkaud - ok
15:32:07.0109 0x0d40  EagleXNt - ok
15:32:07.0171 0x0d40  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost        C:\WINDOWS\System32\eapsvc.dll
15:32:07.0421 0x0d40  EapHost - ok
15:32:07.0593 0x0d40  [ 01F83E1B5DCE05F5CB7D99113CA9E890, A1ADC30B63D8CDEE16B8964BBC276CD9C1D3ED3D9BDDD60397A4680951D6CAE3 ] emu10k          C:\WINDOWS\system32\drivers\emu10k1m.sys
15:32:07.0906 0x0d40  emu10k - ok
15:32:07.0984 0x0d40  [ 7FFA171CCE6A8BFC774862A578BA39A2, B5F31E5CFA197CDCA274888ABA04154CB11C25116427CECBA56E4B0B930DE3E9 ] emu10k1        C:\WINDOWS\system32\drivers\ctlfacem.sys
15:32:08.0234 0x0d40  emu10k1 - ok
15:32:08.0328 0x0d40  [ D03A26D94F3A24CC6C32D70BD63BAEAA, ECF6AEBBB7893A7530C35CBC4D344B3B1BA7932DD3A3142DBCA5EBFA239A9506 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
15:32:08.0343 0x0d40  emupia - ok
15:32:08.0390 0x0d40  ENTECH - ok
15:32:08.0453 0x0d40  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc          C:\WINDOWS\System32\ersvc.dll
15:32:08.0687 0x0d40  ERSvc - ok
15:32:08.0781 0x0d40  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog        C:\WINDOWS\system32\services.exe
15:32:08.0843 0x0d40  Eventlog - ok
15:32:08.0968 0x0d40  [ ADA7241C16F3F42C7F210539FAD5F3AA, 70CF3FD831AD049D7C11AF0636E12FFC76A198BA05FC745CEB9A48516B9FA99E ] EventSystem    C:\WINDOWS\system32\es.dll
15:32:09.0109 0x0d40  EventSystem - ok
15:32:09.0218 0x0d40  [ 4D893323DAE445E34A4C9038B0551BC9, 39EE6D1EA496568368F7E8167EFE444CAEDD34A760EC9107EC383D8D17485EFD ] exFat          C:\WINDOWS\system32\drivers\exFat.sys
15:32:09.0281 0x0d40  exFat - ok
15:32:09.0437 0x0d40  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:09.0687 0x0d40  Fastfat - ok
15:32:09.0796 0x0d40  [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:32:09.0906 0x0d40  FastUserSwitchingCompatibility - ok
15:32:09.0968 0x0d40  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
15:32:10.0187 0x0d40  Fdc - ok
15:32:10.0265 0x0d40  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:32:10.0531 0x0d40  Fips - ok
15:32:10.0578 0x0d40  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:10.0812 0x0d40  Flpydisk - ok
15:32:10.0921 0x0d40  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:32:11.0171 0x0d40  FltMgr - ok
15:32:11.0265 0x0d40  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:11.0281 0x0d40  FontCache3.0.0.0 - ok
15:32:11.0343 0x0d40  [ 30D42943A54704EF13E2562911DBFCEA, 6E0904E60A2F8B62BD34E5EDA2DA2240DFBCE1288C58CB4D819F0025ECF76763 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:11.0375 0x0d40  Fs_Rec - ok
15:32:11.0453 0x0d40  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:11.0703 0x0d40  Ftdisk - ok
15:32:11.0750 0x0d40  [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:32:11.0968 0x0d40  gameenum - ok
15:32:12.0062 0x0d40  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:12.0265 0x0d40  Gpc - ok
15:32:12.0359 0x0d40  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Programme\Google\Update\GoogleUpdate.exe
15:32:12.0421 0x0d40  gupdate - ok
15:32:12.0484 0x0d40  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
15:32:12.0515 0x0d40  gupdatem - ok
15:32:12.0875 0x0d40  [ F5F17B523E467FA3DDA7D9A40D296961, F12EADBA8557DADE2960E82CBC63FBB3344EC940CD7A6D8618653B7EE7CA5C95 ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:32:13.0078 0x0d40  ha10kx2k - ok
15:32:13.0218 0x0d40  [ 42C81F4691681DED6E1FC639AABED570, 6AC5FD7BC44CB8708957ED119D2528C0DDD8A43C9009F492389EBBA08C7CA2BE ] hap16v2k        C:\WINDOWS\system32\drivers\hap16v2k.sys
15:32:13.0281 0x0d40  hap16v2k - ok
15:32:13.0421 0x0d40  [ 29EE8F6FCD5E9B206C0D91923E882F6A, 1FD45A6AB7E79BC1E1946BAD82CAD0199B2A34EDF409C7683F7945018F0F2AA6 ] hap17v2k        C:\WINDOWS\system32\drivers\hap17v2k.sys
15:32:13.0531 0x0d40  hap17v2k - ok
15:32:13.0593 0x0d40  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:32:13.0828 0x0d40  helpsvc - ok
15:32:13.0890 0x0d40  [ 923EE4EEF2582909A056904CA8026015, F8314EF330B72059B61DB7E7FC2E7CBD7C6697AC20A06980FDE06FD9DA8560BB ] hidgame        C:\WINDOWS\system32\DRIVERS\hidgame.sys
15:32:14.0093 0x0d40  hidgame - ok
15:32:14.0171 0x0d40  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ        C:\WINDOWS\System32\hidserv.dll
15:32:14.0390 0x0d40  HidServ - ok
15:32:14.0437 0x0d40  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:14.0671 0x0d40  hidusb - ok
15:32:14.0750 0x0d40  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:32:14.0953 0x0d40  hkmsvc - ok
15:32:14.0984 0x0d40  hpn - ok
15:32:15.0156 0x0d40  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:15.0281 0x0d40  HTTP - ok
15:32:15.0359 0x0d40  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:32:15.0578 0x0d40  HTTPFilter - ok
15:32:15.0625 0x0d40  hwdatacard - ok
15:32:15.0656 0x0d40  i2omgmt - ok
15:32:15.0703 0x0d40  i2omp - ok
15:32:15.0750 0x0d40  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:32:15.0968 0x0d40  i8042prt - ok
15:32:16.0093 0x0d40  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:32:16.0109 0x0d40  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
15:32:18.0546 0x0d40  Detect skipped due to KSN trusted
15:32:18.0546 0x0d40  IDriverT - ok
15:32:19.0000 0x0d40  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc          C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:19.0609 0x0d40  idsvc - ok
15:32:19.0671 0x0d40  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:19.0875 0x0d40  Imapi - ok
15:32:19.0968 0x0d40  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:32:20.0218 0x0d40  ImapiService - ok
15:32:20.0265 0x0d40  ini910u - ok
15:32:20.0328 0x0d40  IntelIde - ok
15:32:20.0390 0x0d40  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:32:20.0625 0x0d40  Ip6Fw - ok
15:32:20.0687 0x0d40  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:20.0906 0x0d40  IpFilterDriver - ok
15:32:20.0953 0x0d40  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:21.0171 0x0d40  IpInIp - ok
15:32:21.0265 0x0d40  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:21.0531 0x0d40  IpNat - ok
15:32:21.0609 0x0d40  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:21.0828 0x0d40  IPSec - ok
15:32:21.0921 0x0d40  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:22.0031 0x0d40  IRENUM - ok
15:32:22.0109 0x0d40  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:22.0312 0x0d40  isapnp - ok
15:32:22.0390 0x0d40  [ FE8300320281D658A7854D5CFC02A63F, E57978A0F3DE8D142291C659483C62A02CADAACF4A5C834292C9216C2255AE97 ] k750bus        C:\WINDOWS\system32\DRIVERS\k750bus.sys
15:32:22.0421 0x0d40  k750bus - detected UnsignedFile.Multi.Generic ( 1 )
15:32:24.0828 0x0d40  Detect skipped due to KSN trusted
15:32:24.0828 0x0d40  k750bus - ok
15:32:24.0875 0x0d40  [ F44521F63C0C00364FA3D59DB980DE6A, 17B9CCEC1A4854724E43BE92BAEFC455E3B62F1B5CCA0C0B409CFB6C9C5436CC ] k750mdfl        C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
15:32:24.0890 0x0d40  k750mdfl - detected UnsignedFile.Multi.Generic ( 1 )
15:32:27.0468 0x0d40  Detect skipped due to KSN trusted
15:32:27.0468 0x0d40  k750mdfl - ok
15:32:27.0546 0x0d40  [ E93323C3ED5E8923A177740A973C27B2, F91D39503D490E21BF9E9873677955CE72D28E5D563AD22334AFC56E208D32F1 ] k750mdm        C:\WINDOWS\system32\DRIVERS\k750mdm.sys
15:32:27.0578 0x0d40  k750mdm - detected UnsignedFile.Multi.Generic ( 1 )
15:32:30.0031 0x0d40  Detect skipped due to KSN trusted
15:32:30.0031 0x0d40  k750mdm - ok
15:32:30.0093 0x0d40  [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7, 4425B88E95B747141A54DCE631C53C1721B33A345A574D59AA750CFCD5FCAFD3 ] k750mgmt        C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
15:32:30.0125 0x0d40  k750mgmt - detected UnsignedFile.Multi.Generic ( 1 )
15:32:32.0609 0x0d40  Detect skipped due to KSN trusted
15:32:32.0609 0x0d40  k750mgmt - ok
15:32:32.0921 0x0d40  [ 81CA2D57B2C14F76F4BA80846784BB3D, 74EC7D3B99DF8A18BF4BD4681C096B85257B65EF5DD0857E48214A0DE95ABE55 ] k750obex        C:\WINDOWS\system32\DRIVERS\k750obex.sys
15:32:32.0953 0x0d40  k750obex - detected UnsignedFile.Multi.Generic ( 1 )
15:32:35.0453 0x0d40  Detect skipped due to KSN trusted
15:32:35.0453 0x0d40  k750obex - ok
15:32:35.0515 0x0d40  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:35.0734 0x0d40  Kbdclass - ok
15:32:35.0765 0x0d40  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:35.0968 0x0d40  kbdhid - ok
15:32:36.0093 0x0d40  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:32:36.0312 0x0d40  kmixer - ok
15:32:36.0390 0x0d40  [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:36.0437 0x0d40  KSecDD - ok
15:32:36.0531 0x0d40  [ 42DEC1FBCFA291720460705A8881A1C4, 094A0B529F8B722F1F1F552F33F938BC0625313A1ED7DC904D0BBB46F20B5FCE ] L8042pr2        C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
15:32:36.0578 0x0d40  L8042pr2 - ok
15:32:36.0671 0x0d40  [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:32:36.0734 0x0d40  LanmanServer - ok
15:32:36.0828 0x0d40  [ C9B816901C1ABF28BA6C5B6CB65EB75B, CF155F810851D2478F99363A3B788F243A5D446516B6497EDAAA7CBDB8108224 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:32:36.0937 0x0d40  lanmanworkstation - ok
15:32:36.0968 0x0d40  lbrtfdc - ok
15:32:37.0062 0x0d40  [ 03976C309EDE05D39017C05B817CD94F, 77CE122F794EF51A95A0DE54D8BEED76EAB8608700BF7BF3ED4726B636AC1093 ] LHidFlt2        C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
15:32:37.0125 0x0d40  LHidFlt2 - ok
15:32:37.0187 0x0d40  [ 25688115843C4028686A96D88BC28007, B5F2236BAAB5255C75579692609285222D0523463B0E9E4F7F34CA0A626479CF ] LHidUsb        C:\WINDOWS\system32\Drivers\LHidUsb.Sys
15:32:37.0218 0x0d40  LHidUsb - ok
15:32:37.0312 0x0d40  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
15:32:37.0562 0x0d40  LmHosts - ok
15:32:37.0640 0x0d40  [ 26407519FCA64EC4091FE1F815B4AFC4, 0889A70A05D89D337621822B18ECE2E7DFE4B35D7772E2690856488AB2440A38 ] LMouFlt2        C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
15:32:37.0703 0x0d40  LMouFlt2 - ok
15:32:37.0718 0x0d40  LVUSBSta - ok
15:32:37.0796 0x0d40  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
15:32:38.0015 0x0d40  Messenger - ok
15:32:38.0062 0x0d40  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:38.0296 0x0d40  mnmdd - ok
15:32:38.0359 0x0d40  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
15:32:38.0593 0x0d40  mnmsrvc - ok
15:32:38.0671 0x0d40  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
15:32:38.0890 0x0d40  Modem - ok
15:32:38.0953 0x0d40  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:39.0156 0x0d40  Mouclass - ok
15:32:39.0187 0x0d40  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:39.0437 0x0d40  mouhid - ok
15:32:39.0500 0x0d40  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:39.0718 0x0d40  MountMgr - ok
15:32:39.0812 0x0d40  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:32:39.0875 0x0d40  MozillaMaintenance - ok
15:32:39.0921 0x0d40  [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE            C:\WINDOWS\system32\DRIVERS\MPE.sys
15:32:40.0125 0x0d40  MPE - ok
15:32:40.0171 0x0d40  mraid35x - ok
15:32:40.0296 0x0d40  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:40.0578 0x0d40  MRxDAV - ok
15:32:40.0828 0x0d40  [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:41.0093 0x0d40  MRxSmb - ok
15:32:41.0140 0x0d40  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC          C:\WINDOWS\system32\msdtc.exe
15:32:41.0359 0x0d40  MSDTC - ok
15:32:41.0406 0x0d40  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:32:41.0640 0x0d40  Msfs - ok
15:32:41.0671 0x0d40  MSIServer - ok
15:32:41.0718 0x0d40  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:41.0953 0x0d40  MSKSSRV - ok
15:32:41.0984 0x0d40  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:42.0171 0x0d40  MSPCLOCK - ok
15:32:42.0187 0x0d40  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:42.0406 0x0d40  MSPQM - ok
15:32:42.0484 0x0d40  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:42.0671 0x0d40  mssmbios - ok
15:32:42.0718 0x0d40  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
15:32:42.0906 0x0d40  MSTEE - ok
15:32:42.0953 0x0d40  [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401      C:\WINDOWS\system32\drivers\msmpu401.sys
15:32:43.0140 0x0d40  ms_mpu401 - ok
15:32:43.0250 0x0d40  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
15:32:43.0312 0x0d40  Mup - ok
15:32:43.0359 0x0d40  [ 514829ED3E7F140AAC16154106D04981, B92E66381CCF7FA44E3C443BBD0E411415EFC79C44798657D3D3155F3606087F ] MVDCODEC        C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
15:32:43.0406 0x0d40  MVDCODEC - ok
15:32:43.0468 0x0d40  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:32:43.0703 0x0d40  NABTSFEC - ok
15:32:43.0875 0x0d40  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:32:44.0203 0x0d40  napagent - ok
15:32:44.0312 0x0d40  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:32:44.0609 0x0d40  NDIS - ok
15:32:44.0671 0x0d40  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:32:44.0875 0x0d40  NdisIP - ok
15:32:44.0921 0x0d40  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:44.0984 0x0d40  NdisTapi - ok
15:32:45.0046 0x0d40  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:45.0250 0x0d40  Ndisuio - ok
15:32:45.0328 0x0d40  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:45.0562 0x0d40  NdisWan - ok
15:32:45.0640 0x0d40  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:45.0687 0x0d40  NDProxy - ok
15:32:45.0734 0x0d40  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:45.0968 0x0d40  NetBIOS - ok
15:32:46.0078 0x0d40  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:46.0296 0x0d40  NetBT - ok
15:32:46.0390 0x0d40  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:32:46.0656 0x0d40  NetDDE - ok
15:32:46.0734 0x0d40  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:32:46.0953 0x0d40  NetDDEdsdm - ok
15:32:47.0015 0x0d40  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:32:47.0218 0x0d40  Netlogon - ok
15:32:47.0343 0x0d40  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          C:\WINDOWS\System32\netman.dll
15:32:47.0640 0x0d40  Netman - ok
15:32:47.0734 0x0d40  [ 562E15CE8A98282F241E03829657E344, 76AC4652F4942226427F5C5D9150F8600A47F240571E2C728C8B41994E6668D1 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:47.0796 0x0d40  NetTcpPortSharing - ok
15:32:47.0875 0x0d40  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:32:48.0078 0x0d40  NIC1394 - ok
15:32:48.0203 0x0d40  [ 4AA50627B01C0E9C6B4C6BD3AF648F12, D0CABA3CC35F15352EC4A1C70B14299000A168D548EEC24E3B229B19E349FB81 ] Nla            C:\WINDOWS\System32\mswsock.dll
15:32:48.0359 0x0d40  Nla - ok
15:32:48.0671 0x0d40  [ CB992AE1506985D9167E85883B4C3240, 667592260A9D3828BDF8955AA6D2864C8977EEC385D7EC2EE3A6B601B8DB70AB ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
15:32:48.0953 0x0d40  NMIndexingService - ok
15:32:49.0031 0x0d40  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:32:49.0218 0x0d40  Npfs - ok
15:32:49.0484 0x0d40  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:49.0984 0x0d40  Ntfs - ok
15:32:50.0062 0x0d40  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
15:32:50.0234 0x0d40  NtLmSsp - ok
15:32:50.0468 0x0d40  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
15:32:50.0921 0x0d40  NtmsSvc - ok
15:32:50.0968 0x0d40  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:32:51.0171 0x0d40  Null - ok
15:32:56.0078 0x0d40  [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:33:00.0390 0x0d40  nv - ok
15:33:00.0671 0x0d40  [ 1982E96B2C5C2EFFEF38EFC37293A42E, 06FA232C69CEEDE98EBC4580C0C1421688A4909CB46912D5E16541A2020F3160 ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
15:33:00.0750 0x0d40  NVSvc - ok
15:33:00.0828 0x0d40  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:33:01.0031 0x0d40  NwlnkFlt - ok
15:33:01.0062 0x0d40  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:33:01.0281 0x0d40  NwlnkFwd - ok
15:33:01.0359 0x0d40  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:33:01.0578 0x0d40  ohci1394 - ok
15:33:01.0687 0x0d40  [ 4B8AABB697AE81A61395A19CE4447D49, E8ED9057410ECF4410C18A08C7FF013FA7390A45174D94ADB77B05515F74710E ] ossrv          C:\WINDOWS\system32\drivers\ctoss2k.sys
15:33:01.0718 0x0d40  ossrv - ok
15:33:01.0812 0x0d40  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
15:33:02.0031 0x0d40  Parport - ok
15:33:02.0078 0x0d40  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
15:33:02.0281 0x0d40  PartMgr - ok
15:33:02.0328 0x0d40  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:33:02.0515 0x0d40  ParVdm - ok
15:33:02.0859 0x0d40  [ 25B86F45001D6117F17457D894DCCA1C, 66F1161F8EE468469950AB1C3D773798E2DFB4264FE7D08CE00F298B5B4D7C8E ] PCAppStoreSvc_{PCAppStore_4.3.1.5579} C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe
15:33:03.0156 0x0d40  PCAppStoreSvc_{PCAppStore_4.3.1.5579} - ok
15:33:03.0234 0x0d40  PCFApiUtil - ok
15:33:03.0296 0x0d40  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
15:33:03.0515 0x0d40  PCI - ok
15:33:03.0562 0x0d40  PCIDump - ok
15:33:03.0593 0x0d40  PCIIde - ok
15:33:03.0703 0x0d40  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:33:03.0937 0x0d40  Pcmcia - ok
15:33:03.0968 0x0d40  PDCOMP - ok
15:33:04.0000 0x0d40  PDFRAME - ok
15:33:04.0031 0x0d40  PDRELI - ok
15:33:04.0078 0x0d40  PDRFRAME - ok
15:33:04.0109 0x0d40  perc2 - ok
15:33:04.0140 0x0d40  perc2hib - ok
15:33:04.0234 0x0d40  PID_0928 - ok
15:33:04.0328 0x0d40  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay        C:\WINDOWS\system32\services.exe
15:33:04.0375 0x0d40  PlugPlay - ok
15:33:04.0421 0x0d40  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
15:33:04.0640 0x0d40  PolicyAgent - ok
15:33:04.0703 0x0d40  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:33:04.0906 0x0d40  PptpMiniport - ok
15:33:04.0968 0x0d40  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:33:05.0140 0x0d40  ProtectedStorage - ok
15:33:05.0218 0x0d40  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:33:05.0421 0x0d40  PSched - ok
15:33:05.0468 0x0d40  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:33:05.0687 0x0d40  Ptilink - ok
15:33:05.0765 0x0d40  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:33:05.0796 0x0d40  PxHelp20 - ok
15:33:05.0828 0x0d40  ql1080 - ok
15:33:05.0875 0x0d40  Ql10wnt - ok
15:33:05.0906 0x0d40  ql12160 - ok
15:33:05.0953 0x0d40  ql1240 - ok
15:33:05.0968 0x0d40  ql1280 - ok
15:33:06.0015 0x0d40  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:33:06.0234 0x0d40  RasAcd - ok
15:33:06.0312 0x0d40  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
15:33:06.0531 0x0d40  RasAuto - ok
15:33:06.0609 0x0d40  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:33:06.0812 0x0d40  Rasl2tp - ok
15:33:06.0906 0x0d40  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:33:07.0187 0x0d40  RasMan - ok
15:33:07.0250 0x0d40  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:33:07.0453 0x0d40  RasPppoe - ok
15:33:07.0515 0x0d40  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:33:07.0734 0x0d40  Raspti - ok
15:33:07.0859 0x0d40  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:33:08.0109 0x0d40  Rdbss - ok
15:33:08.0156 0x0d40  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:33:08.0343 0x0d40  RDPCDD - ok
15:33:08.0484 0x0d40  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:33:08.0765 0x0d40  rdpdr - ok
15:33:08.0875 0x0d40  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
15:33:08.0937 0x0d40  RDPWD - ok
15:33:09.0031 0x0d40  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
15:33:09.0281 0x0d40  RDSessMgr - ok
15:33:09.0359 0x0d40  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
15:33:09.0593 0x0d40  redbook - ok
15:33:09.0671 0x0d40  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:33:09.0890 0x0d40  RemoteAccess - ok
15:33:09.0953 0x0d40  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:33:10.0171 0x0d40  RemoteRegistry - ok
15:33:10.0234 0x0d40  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:33:10.0453 0x0d40  RpcLocator - ok
15:33:10.0640 0x0d40  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
15:33:10.0796 0x0d40  RpcSs - ok
15:33:10.0906 0x0d40  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:33:11.0140 0x0d40  RSVP - ok
15:33:11.0218 0x0d40  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139        C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:33:11.0406 0x0d40  rtl8139 - ok
15:33:11.0453 0x0d40  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs          C:\WINDOWS\system32\lsass.exe
15:33:11.0671 0x0d40  SamSs - ok
15:33:11.0781 0x0d40  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:33:12.0015 0x0d40  SCardSvr - ok
15:33:12.0125 0x0d40  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:33:12.0406 0x0d40  Schedule - ok
15:33:12.0468 0x0d40  [ BA0D892D2F786BCEBDF03B0A252B47F3, 4ED103BD45ECE4D2B6029C36D0E209C8A6F1C34E0F72B01553742773CB1F43A1 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:33:12.0484 0x0d40  Secdrv - detected UnsignedFile.Multi.Generic ( 1 )
15:33:18.0187 0x0d40  Detect skipped due to KSN trusted
15:33:18.0187 0x0d40  Secdrv - ok
15:33:18.0250 0x0d40  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:33:18.0453 0x0d40  seclogon - ok
15:33:18.0515 0x0d40  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            C:\WINDOWS\system32\sens.dll
15:33:18.0750 0x0d40  SENS - ok
15:33:18.0796 0x0d40  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
15:33:19.0015 0x0d40  serenum - ok
15:33:19.0078 0x0d40  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:33:19.0296 0x0d40  Serial - ok
15:33:19.0406 0x0d40  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy        C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:33:19.0625 0x0d40  Sfloppy - ok
15:33:19.0687 0x0d40  [ 0B1A5E9CACB5CDD54A2815107BD7C772, 0561D083BDB02177BEE3A6A87C2B71962B13F45127A59E65899B1144F14F6329 ] sfman          C:\WINDOWS\system32\drivers\sfmanm.sys
15:33:19.0875 0x0d40  sfman - ok
15:33:20.0031 0x0d40  [ F96D196D81A92A6C55178F3F49B227A1, 44119E123E8667F17A197C959838DF02F08201BF0E704A55E60390B77CE691D3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:33:20.0281 0x0d40  SharedAccess - ok
15:33:20.0359 0x0d40  [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:33:20.0437 0x0d40  ShellHWDetection - ok
15:33:20.0453 0x0d40  Simbad - ok
15:33:20.0515 0x0d40  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:33:20.0734 0x0d40  SLIP - ok
15:33:20.0765 0x0d40  Sparrow - ok
15:33:20.0812 0x0d40  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:33:21.0031 0x0d40  splitter - ok
15:33:21.0109 0x0d40  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
15:33:21.0156 0x0d40  Spooler - ok
15:33:21.0234 0x0d40  [ 3409718967C8A428898435B832149B0F, D3D400036ACE89EFDB60CE19DD37E802260F068428B4B82C64FF373B0AF51F9D ] Spring          C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys
15:33:21.0281 0x0d40  Spring - ok
15:33:21.0578 0x0d40  [ 4F576E516CC76EC50A244586BCFA1C78, 75BCA3475AF5E211307EE3FEEB523A935971F56884F1174FD117E4AFE0B0DBD6 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
15:33:22.0000 0x0d40  sptd - ok
15:33:22.0109 0x0d40  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:33:22.0218 0x0d40  sr - ok
15:33:22.0312 0x0d40  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice      C:\WINDOWS\system32\srsvc.dll
15:33:22.0500 0x0d40  srservice - ok
15:33:22.0703 0x0d40  [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
15:33:22.0937 0x0d40  Srv - ok
15:33:23.0015 0x0d40  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
15:33:23.0140 0x0d40  SSDPSRV - ok
15:33:23.0312 0x0d40  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:33:23.0765 0x0d40  stisvc - ok
15:33:23.0812 0x0d40  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:33:24.0015 0x0d40  streamip - ok
15:33:24.0078 0x0d40  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:33:24.0281 0x0d40  swenum - ok
15:33:24.0328 0x0d40  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:33:24.0562 0x0d40  swmidi - ok
15:33:24.0593 0x0d40  SwPrv - ok
15:33:24.0656 0x0d40  symc810 - ok
15:33:24.0671 0x0d40  symc8xx - ok
15:33:24.0718 0x0d40  sym_hi - ok
15:33:24.0750 0x0d40  sym_u3 - ok
15:33:24.0828 0x0d40  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:33:25.0046 0x0d40  sysaudio - ok
15:33:25.0109 0x0d40  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
15:33:25.0328 0x0d40  SysmonLog - ok
15:33:25.0484 0x0d40  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
15:33:25.0796 0x0d40  TapiSrv - ok
15:33:26.0000 0x0d40  [ AD978A1B783B5719720CFF204B666C8E, FA50A3664522C58E1637C06731B9CB9D56FF14F0A5F8AB496A1945585E8A2C16 ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:33:26.0234 0x0d40  Tcpip - ok
15:33:26.0312 0x0d40  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:33:26.0500 0x0d40  TDPIPE - ok
15:33:26.0531 0x0d40  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
15:33:26.0750 0x0d40  TDTCP - ok
15:33:26.0812 0x0d40  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:33:27.0015 0x0d40  TermDD - ok
15:33:27.0171 0x0d40  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService    C:\WINDOWS\System32\termsrv.dll
15:33:27.0484 0x0d40  TermService - ok
15:33:27.0593 0x0d40  [ 927666F4228E3FBBC3D1171581DC8BDC, 55E4055FC9429C94F00B1F7046C78A0893BA9495125E3B77F8E89EA540686B60 ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:33:27.0625 0x0d40  Themes - ok
15:33:27.0703 0x0d40  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
15:33:27.0828 0x0d40  TlntSvr - ok
15:33:27.0875 0x0d40  TosIde - ok
15:33:27.0953 0x0d40  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:33:28.0171 0x0d40  TrkWks - ok
15:33:28.0250 0x0d40  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:33:28.0453 0x0d40  Udfs - ok
15:33:28.0484 0x0d40  ultra - ok
15:33:28.0687 0x0d40  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:33:29.0109 0x0d40  Update - ok
15:33:29.0234 0x0d40  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:33:29.0406 0x0d40  upnphost - ok
15:33:29.0437 0x0d40  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS            C:\WINDOWS\System32\ups.exe
15:33:29.0703 0x0d40  UPS - ok
15:33:29.0984 0x0d40  [ D163C2FA32265AACBB1B7EAF613FBDD4, 8DE1445429CDE1B322F7FE766B873C48F99347A7901DE0E132AF1C42B49CFD50 ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA.sys
15:33:30.0296 0x0d40  USB28xxBGA - ok
15:33:30.0562 0x0d40  [ 2E7ADD4F70C336E4E66F68567FEF01D5, 512304E07A029C262870547E551A6F6E41D83F69212DF4EAE45137707792C6AC ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM.sys
15:33:30.0859 0x0d40  USB28xxOEM - ok
15:33:30.0921 0x0d40  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:33:30.0953 0x0d40  usbaudio - ok
15:33:31.0031 0x0d40  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:33:31.0078 0x0d40  usbccgp - ok
15:33:31.0156 0x0d40  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:33:31.0171 0x0d40  usbehci - ok
15:33:31.0234 0x0d40  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:33:31.0453 0x0d40  usbhub - ok
15:33:31.0500 0x0d40  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:33:31.0718 0x0d40  usbohci - ok
15:33:31.0781 0x0d40  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:33:31.0812 0x0d40  usbscan - ok
15:33:31.0890 0x0d40  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:33:32.0093 0x0d40  USBSTOR - ok
15:33:32.0156 0x0d40  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:33:32.0359 0x0d40  usbuhci - ok
15:33:32.0468 0x0d40  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
15:33:32.0531 0x0d40  usbvideo - ok
15:33:32.0656 0x0d40  [ CE9B7DF9AF5B01884BEEAB3F703C3BF6, 17881A5A8EC34A32AC56D76626573529B68FC66A151CF31B8F466B8028557262 ] vcs            F:\Programme\AV VCS 3.0\vcs.sys
15:33:32.0687 0x0d40  vcs - detected UnsignedFile.Multi.Generic ( 1 )
15:33:35.0375 0x0d40  Detect skipped due to KSN trusted
15:33:35.0375 0x0d40  vcs - ok
15:33:35.0437 0x0d40  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
15:33:35.0656 0x0d40  VgaSave - ok
15:33:35.0703 0x0d40  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:33:35.0921 0x0d40  viaagp - ok
15:33:35.0984 0x0d40  [ 4B039BBD037B01F5DB5A144C837F283A, EA319B165958D19C71E059762C9F6ECD96BB96FBFF3B187519D1BBB2033F6A6D ] viaagp1        C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:33:36.0015 0x0d40  viaagp1 - ok
15:33:36.0062 0x0d40  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
15:33:36.0265 0x0d40  ViaIde - ok
15:33:36.0328 0x0d40  [ F95C0FCFBCBDA6D8F202D2DF4052F88D, 976FC7EE44C588648D373B900647D861C3F8D4394A9BE9CCD6277678D950D23E ] videX32        C:\WINDOWS\system32\DRIVERS\videX32.sys
15:33:36.0359 0x0d40  videX32 - ok
15:33:36.0437 0x0d40  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
15:33:36.0656 0x0d40  VolSnap - ok
15:33:36.0812 0x0d40  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS            C:\WINDOWS\System32\vssvc.exe
15:33:37.0015 0x0d40  VSS - ok
15:33:37.0156 0x0d40  [ 39247D93BE13E0C67A996A837EAB8E02, 700DB729ABEC4CDA9CCDCDD788528CB063F840D3E6CF75BC0262B8DF87BA6448 ] W32Time        C:\WINDOWS\system32\w32time.dll
15:33:37.0250 0x0d40  W32Time - ok
15:33:37.0328 0x0d40  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:33:37.0562 0x0d40  Wanarp - ok
15:33:37.0625 0x0d40  [ 2E8BA025D65DD49D15EA66973E2A15DF, 58C14D85D7FECB9940CA42B367FE6B023262A1B6AFD990FC0CE3DCBC7D8544AD ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:33:37.0968 0x0d40  wceusbsh - ok
15:33:37.0984 0x0d40  WDICA - ok
15:33:38.0078 0x0d40  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:33:38.0296 0x0d40  wdmaud - ok
15:33:38.0375 0x0d40  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient      C:\WINDOWS\System32\webclnt.dll
15:33:38.0593 0x0d40  WebClient - ok
15:33:38.0750 0x0d40  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
15:33:39.0000 0x0d40  winmgmt - ok
15:33:39.0125 0x0d40  [ 581176F60885AEF8F78C6E38DCC3CDF9, C175F84936964EC7AE7EA24025C4003E0907E7EA2BEAA0930BA2CB01360A5B79 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
15:33:39.0156 0x0d40  WMDM PMSP Service - detected UnsignedFile.Multi.Generic ( 1 )
15:33:41.0625 0x0d40  Detect skipped due to KSN trusted
15:33:41.0625 0x0d40  WMDM PMSP Service - ok
15:33:41.0687 0x0d40  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
15:33:41.0718 0x0d40  WmdmPmSN - ok
15:33:42.0046 0x0d40  [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi            C:\WINDOWS\System32\advapi32.dll
15:33:42.0484 0x0d40  Wmi - ok
15:33:42.0625 0x0d40  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:33:42.0859 0x0d40  WmiApSrv - ok
15:33:43.0250 0x0d40  [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
15:33:43.0843 0x0d40  WMPNetworkSvc - ok
15:33:43.0968 0x0d40  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:33:44.0171 0x0d40  wscsvc - ok
15:33:44.0218 0x0d40  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:33:44.0437 0x0d40  WSTCODEC - ok
15:33:44.0531 0x0d40  [ AAE1A6FFBA2B0436E91795120F48C461, B26EABDBB7E0E101643C0D68CBF2CB6A3DD7E685D939EBD1BFAD5E7AE8E352B7 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:33:44.0562 0x0d40  wuauserv - ok
15:33:44.0625 0x0d40  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:33:44.0687 0x0d40  WudfPf - ok
15:33:44.0750 0x0d40  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:33:44.0796 0x0d40  WudfRd - ok
15:33:44.0843 0x0d40  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
15:33:44.0921 0x0d40  WudfSvc - ok
15:33:45.0156 0x0d40  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:33:45.0656 0x0d40  WZCSVC - ok
15:33:45.0765 0x0d40  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
15:33:46.0015 0x0d40  xmlprov - ok
15:33:46.0093 0x0d40  ================ Scan global ===============================
15:33:46.0156 0x0d40  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
15:33:46.0343 0x0d40  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
15:33:46.0578 0x0d40  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
15:33:46.0687 0x0d40  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
15:33:46.0687 0x0d40  [ Global ] - ok
15:33:46.0703 0x0d40  ================ Scan MBR ==================================
15:33:46.0750 0x0d40  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:33:47.0156 0x0d40  \Device\Harddisk0\DR0 - ok
15:33:47.0187 0x0d40  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
15:33:47.0484 0x0d40  \Device\Harddisk1\DR1 - ok
15:33:47.0562 0x0d40  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR7
15:33:48.0531 0x0d40  \Device\Harddisk2\DR7 - ok
15:33:48.0546 0x0d40  ================ Scan VBR ==================================
15:33:48.0562 0x0d40  [ EF6869EB1E586B3304CA86DD8A92B2C6 ] \Device\Harddisk0\DR0\Partition1
15:33:48.0578 0x0d40  \Device\Harddisk0\DR0\Partition1 - ok
15:33:48.0609 0x0d40  [ 40E1F4A01CADFA7FDC028366D63785FE ] \Device\Harddisk0\DR0\Partition2
15:33:48.0609 0x0d40  \Device\Harddisk0\DR0\Partition2 - ok
15:33:48.0640 0x0d40  [ 04B4A817644EE7375694F38163EE604E ] \Device\Harddisk1\DR1\Partition1
15:33:48.0640 0x0d40  \Device\Harddisk1\DR1\Partition1 - ok
15:33:48.0687 0x0d40  [ 5A05CC6DA4B9D5422AC39D2484BC34B3 ] \Device\Harddisk1\DR1\Partition2
15:33:48.0687 0x0d40  \Device\Harddisk1\DR1\Partition2 - ok
15:33:48.0718 0x0d40  [ B2628B46126B912A25248CBFE600CD42 ] \Device\Harddisk1\DR1\Partition3
15:33:48.0734 0x0d40  \Device\Harddisk1\DR1\Partition3 - ok
15:33:48.0765 0x0d40  [ 67C4D26C272C607A4AB6255B109F5212 ] \Device\Harddisk2\DR7\Partition1
15:33:48.0781 0x0d40  \Device\Harddisk2\DR7\Partition1 - ok
15:33:48.0796 0x0d40  ================ Scan generic autorun ======================
15:33:48.0859 0x0d40  [ C921A733FA3F1E4C3505D436DBC5EA47, 3C7DF45D928FB7D3B150F0E20F41A4FC16CBC747A2932FA6F5B8E98EAEC3B8DF ] C:\WINDOWS\Logi_MwX.Exe
15:33:48.0875 0x0d40  Logitech Utility - ok
15:33:48.0890 0x0d40  NvCplDaemon - ok
15:33:48.0921 0x0d40  NvMediaCenter - ok
15:33:49.0765 0x0d40  [ 6E0F29BD0E792618FF285AB094F4DCEF, 6BED26091EE890ABEFD31B95E1DCADE27C8775E580D201C6071D851FB5BB20BC ] C:\Programme\NVIDIA Corporation\nview\nwiz.exe
15:33:51.0093 0x0d40  nwiz - ok
15:33:52.0750 0x0d40  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Programme\AVAST Software\Avast\AvastUI.exe
15:33:55.0515 0x0d40  AvastUI.exe - ok
15:33:55.0609 0x0d40  [ 9F0A950B8A71B71CF5330C22C429E4F4, 456A86496060C3447F0A9DC56E9CE36ACE4F8878C1758FF551CA6139B4BC1B79 ] C:\WINDOWS\system32\CTHELPER.EXE
15:33:55.0625 0x0d40  CTHelper - detected UnsignedFile.Multi.Generic ( 1 )
15:33:57.0968 0x0d40  Detect skipped due to KSN trusted
15:33:57.0968 0x0d40  CTHelper - ok
15:33:57.0984 0x0d40  _nltide_3 - ok
15:33:58.0015 0x0d40  IE7 - ok
15:33:58.0031 0x0d40  ShowDeskFix - ok
15:33:58.0140 0x0d40  [ FDB4F88B9B1CD409E1DC06AD68BEA2B8, B031473D2B11C00FB9464D0A518DF30BB01EF7A157AE7994C2FDEF1DF6F0C097 ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe
15:33:58.0171 0x0d40  SCheck - detected UnsignedFile.Multi.Generic ( 1 )
15:34:00.0546 0x0d40  Detect skipped due to KSN trusted
15:34:00.0546 0x0d40  SCheck - ok
15:34:00.0671 0x0d40  [ 8238C67128E71D66516A1986B863930C, 4CD5AC3BAC449AAED19529D3840CC1A4770A328DE756D4193EC90F3026353ACF ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe
15:34:00.0765 0x0d40  DataMgr - detected UnsignedFile.Multi.Generic ( 1 )
15:34:03.0359 0x0d40  Detect skipped due to KSN trusted
15:34:03.0359 0x0d40  DataMgr - ok
15:34:03.0406 0x0d40  [ FDB4F88B9B1CD409E1DC06AD68BEA2B8, B031473D2B11C00FB9464D0A518DF30BB01EF7A157AE7994C2FDEF1DF6F0C097 ] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe
15:34:03.0421 0x0d40  Intermediate - detected UnsignedFile.Multi.Generic ( 1 )
15:34:03.0421 0x0d40  Detect skipped due to KSN trusted
15:34:03.0421 0x0d40  Intermediate - ok
15:34:03.0484 0x0d40  AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
15:34:03.0500 0x0d40  Win FW state via NFM: enabled
15:34:05.0968 0x0d40  ============================================================
15:34:05.0968 0x0d40  Scan finished
15:34:05.0968 0x0d40  ============================================================
15:34:06.0015 0x09ec  Detected object count: 0
15:34:06.0015 0x09ec  Actual detected object count: 0

schrauber 03.11.2014 11:50
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es eine Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mac11 06.11.2014 17:52
Hi,
ich war ein paar Tage nicht zu hause, jetzt hab ich mal das Combofix laufen lassen.
Echt nett mir mit diesem Steinzeit Teil zu helfen, aber ich nutze ihn immer noch ständig, oder auch als Testrechner.

Code:
ComboFix 14-10-29.01 - Administrator 06.11.2014  13:02:16.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1791.1397 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\omesuperv.exe
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAUserName.txt
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
C:\END
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\kernel1.exe
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCS
-------\Service_vcs
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-06 bis 2014-11-06  ))))))))))))))))))))))))))))))
.
.
2014-11-03 21:21 . 2014-11-03 23:07        --------        d-----w-        c:\programme\SpeedFan
2014-11-01 22:49 . 2014-11-01 22:51        --------        d-----w-        C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-26 06:45 . 2013-08-06 15:15        414520        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-08-26 06:44 . 2013-08-06 15:15        57800        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-08-26 06:44 . 2013-08-06 15:15        779536        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-08-26 06:44 . 2013-08-06 15:15        192352        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-08-26 06:44 . 2014-05-01 16:20        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-08-26 06:44 . 2013-08-06 15:15        55112        ----a-w-        c:\windows\system32\drivers\aswrdr.sys
2014-08-26 06:44 . 2013-08-06 15:15        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-08-26 06:44 . 2013-08-06 15:15        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-08-26 06:44 . 2014-08-26 06:44        43152        ----a-w-        c:\windows\avastSS.scr
2014-08-26 06:44 . 2013-08-06 15:15        276432        ----a-w-        c:\windows\system32\aswBoot.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-04 16:08 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-04-04 16:08 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-02-19 . 66476149DB011EA7323AA30434568434 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-26 06:43        578240        ----a-w-        c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SCheck"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SCheck\SCheck.exe" [2013-12-09 37376]
"DataMgr"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe" [2013-07-21 168824]
"Intermediate"="c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Intermediate\Intermediate.exe" [2013-12-09 37376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
"AvastUI.exe"="c:\programme\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"IE7"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\programme\TGTSoft\StyleXP\StyleXP.exe -Hide
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Battlefield 1942\\BF1942.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Anwendungsdaten\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [06.08.2013 16:15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [06.08.2013 16:15 192352]
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [22.04.2014 18:42 47456]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [06.08.2013 16:15 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [06.08.2013 16:15 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [01.05.2014 17:20 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [06.08.2013 16:15 67824]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_5121528e\avupgsvc.exe [?]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.01.2011 08:09 371349]
S3 AIDA32Driver;AIDA32Driver;g:\programme\Tools\Hardware Tools\aida\aida32.sys [02.04.2009 14:50 3584]
S3 Al_elp;Al_elp; [x]
S3 BioNT_BS;BioNT_BS;\??\c:\programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys --> c:\programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [?]
S3 BprotectEx;Baidu ProtectEx;\??\c:\windows\System32\drivers\BprotectEx.sys --> c:\windows\System32\drivers\BprotectEx.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.06.2009 13:34 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [28.02.2013 13:28 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.06.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.06.2009 13:35 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.06.2009 13:34 566296]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 PCFApiUtil;PCFApiUtil;\??\c:\programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys --> c:\programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [?]
S3 Spring;Spring;c:\programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [13.06.2014 17:32 96608]
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579};Baidu PC App Store Service 4.3.1.5579;c:\programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [24.04.2014 13:29 575008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09.09.2009 17:32 682232]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-26 06:43]
.
2013-04-30 c:\windows\Tasks\Eingabeaufforderung.job
- c:\windows\system32\cmd.exe [2008-04-14 11:00]
.
2014-10-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-04-21 23:28]
.
2014-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2013-09-16 14:18]
.
2014-11-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2013-09-16 14:18]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-04-21 23:16]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-04-21 23:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.fbdownloader.com/?channel=sfit204fbdgy11
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-AtiExtEvent - (no file)
AddRemove-CarmageddonDeinstKey - d:\carmageddon\DeIsL1.isu
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-MDT - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-06 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-2025429265-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\msi.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
c:\programme\Tracker Software\Shell Extensions\XCShInfo.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\NVRSDE.DLL
c:\programme\NVIDIA Corporation\nview\nvshell.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\AVAST Software\Avast\AvastSvc.exe
c:\programme\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTHELPER.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-06  13:32:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-06 12:32
.
Vor Suchlauf: 981.909.504 Bytes frei
Nach Suchlauf: 894.296.064 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC4B6B25A35DBC8B82767634BC9CFBAD
72B8CE41AF0DE751C946802B3ED844B4

schrauber 07.11.2014 08:48
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

mac11 10.11.2014 00:28
HI, :pfeiff: musste bischen regedit editieren weil der immer auf pio runter ist, was ich in everest aida nicht sehen konnte haha..
Auch etwas peinlich was da für Zeug drauf ist, also nochmal :dankeschoen:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 09.11.2014
Suchlauf-Zeit: 21:52:07
Logdatei: malwarebytes.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.09.07
Rootkit Datenbank: v2014.11.08.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295892
Verstrichene Zeit: 37 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 11
PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}, In Quarantäne, [c9f287b2394360d64eb0377b37cbc040],
PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}, In Quarantäne, [2596b4853d3f003641be81318082926e],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\babylontoolbar, In Quarantäne, [d4e79b9e96e647ef813af78aaa5aea16],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, In Quarantäne, [19a22217106c0c2a859da1c39a6930d0],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [02b952e76715ab8bf4df780ba46046ba],
PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferMosquito, In Quarantäne, [aa1164d52e4ec472006c23834cb8c53b],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, In Quarantäne, [9b20f841bfbd1a1c05c288c98a799a66],
PUP.Optional.VisualBee.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\visualbee LTD, In Quarantäne, [d8e3c475a0dc162073155702956ef50b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [427903361b61142270ca04557d86b24e],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759],

Registrierungswerte: 3
PUP.Optional.DataMgr.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe", In Quarantäne, [e4d7241515677db91ef81e8432d213ed]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759]

Registrierungsdaten: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Gut: (1), Schlecht: (0),Ersetzt,[744736033d3faf87231cf94413f21ee2]

Ordner: 12
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Free Mahjong Games, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\web_player, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.InstallBrain.A, C:\WINDOWS\system32\WNLT\INSTALLATION, In Quarantäne, [c8f386b37a02a2948b3f34cb936f619f],
PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VISUALBEEEXE, In Quarantäne, [65563405344876c0aef9a55bbf44e11f],
PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\All Users\VISUALBEE, In Quarantäne, [39822d0c89f3e056773344bc59aafe02],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04],

Dateien: 26
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\INSTALLER.JS, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\common.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Uninstall.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\WebPlayer.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\main.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\shortcut.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\tray.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\config.xml, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\main.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\stub.html, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\event_listener.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\io.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\json.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\jsonstorage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\storage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\utils.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\xhr.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\web_player.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.OfferMosquito.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\OM@OFFERMOSQUITO.COM.XPI, In Quarantäne, [407b52e7b0cc49ed498183ce19eac13f],
PUP.Optional.DataMgr.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe, In Quarantäne, [e4d7241515677db91ef81e8432d213ed],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\SNT@DOTLABS.CO.XPI, In Quarantäne, [fbc093a693e939fd86e5a7ff03017090],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\simple_new_tab.dll, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls\index.html, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE\repository.xml, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)
Beim adw cleaner sind jetzt zwei logs, ich poste mal beide. Es gibt wohl ein paar Unterschiede. (Die neueste Version ist bei Filepony noch nicht oben)
[R0]
AdwCleaner Logfile:
Code:
# AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:27:26
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gefunden : C:\WINDOWS\system32\WNLT

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\5d6d78de13ebe47
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Protector
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Tencent
Schlüssel Gefunden : HKLM\SOFTWARE\VBMZ
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.fbdownloader.com/?channel=de

-\\ Mozilla Firefox v32.0.1 (x86 de)

[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");

*************************

AdwCleaner[R0].txt - [4827 octets] - [09/11/2014 23:27:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4887 octets] ##########
--- --- ---

[S0]
AdwCleaner Logfile:
Code:
# AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:34:43
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gelöscht : C:\WINDOWS\system32\WNLT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d6d78de13ebe47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tencent
Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.1 (x86 de)

[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");

*************************

AdwCleaner[R0].txt - [4967 octets] - [09/11/2014 23:27:26]
AdwCleaner[S0].txt - [4814 octets] - [09/11/2014 23:34:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4874 octets] ##########
--- --- ---
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 09.11.2014 at 23:49:46,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C333CF63-767F-4831-94AC-E683D962C63C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\baidu security"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\getrighttogo"
Successfully deleted: [Folder] "C:\Programme\baidu security"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2014 at 23:56:30,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Administrator (administrator) on PALOMINO on 09-11-2014 23:59:32
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\Programme\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [20992 2003-12-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-07] (AVAST Software)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECA244E4A892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {FB8903A1-C95F-4B51-A32F-70F51770D026} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\plugins\npcoolirisplugin.dll ()
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\ich@maltegoetz.de.xpi [2014-10-13]
FF Extension: StopTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\stoptube@kashiif.com.xpi [2013-05-30]
FF Extension: Zoom Page - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\zoompage@DW-dev.xpi [2013-06-25]
FF Extension: Resurrect Pages - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-05-30]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-08-25] () [File not signed]
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-07] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Programme\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-14] (Creative Technology Ltd) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-18] (Mozilla Foundation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 Al_elp; No ImagePath
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-07] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-11-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-07] ()
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-04] (ATI Technologies Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-06-05] (Baidu, Inc.)
S2 BT848; C:\WINDOWS\System32\DRIVERS\BT848.sys [371349 2011-01-25] (Illusion & Hope.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798744 2009-06-23] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2009-06-23] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2009-06-23] (Creative Technology Ltd)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2006-03-13] (MCCI) [File not signed]
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2006-03-13] (MCCI) [File not signed]
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2006-03-13] (MCCI) [File not signed]
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2006-03-13] (MCCI) [File not signed]
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2006-03-13] (MCCI) [File not signed]
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51582 2003-12-11] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37916 2003-12-11] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2004-08-04] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [12400 2010-06-11] (Macrovision Europe Ltd) [File not signed]
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [682232 2009-09-09] (Duplex Secure Ltd.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [570168 2009-10-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [527800 2009-10-06] (eMPIA Technology, Inc.)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [32000 2008-04-14] (Microsoft Corporation)
S3 BioNT_BS; \??\C:\Programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [X]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PCFApiUtil; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 Spring; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 23:56 - 2014-11-09 23:56 - 00002032 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2014-11-09 23:49 - 2014-11-09 23:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-09 23:26 - 2014-11-09 23:34 - 00000000 ____D () C:\AdwCleaner
2014-11-09 22:55 - 2014-11-09 22:55 - 01706808 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2014-11-09 22:33 - 2014-11-09 22:33 - 00011194 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\malwarebytes.txt
2014-11-09 21:49 - 2014-11-09 21:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 21:48 - 2014-11-09 21:48 - 00000799 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-11-09 21:48 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-09 21:48 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-09 21:47 - 2014-11-09 18:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 18:54 - 2014-11-09 18:54 - 00000554 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit DiskMark.exe.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00001657 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\CrystalDiskInfo.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Programme\CrystalDiskInfo
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CrystalDiskInfo
2014-11-09 16:49 - 2014-11-09 16:49 - 00000643 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\HD Tune.lnk
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Programme\HD Tune
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HD Tune
2014-11-07 22:01 - 2014-11-07 22:01 - 00001751 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avast Free Antivirus.lnk
2014-11-07 22:01 - 2014-11-07 22:00 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-07 22:00 - 2014-11-07 22:00 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-06 13:32 - 2014-11-10 00:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00014229 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.txt
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-06 13:19 - 2014-11-06 13:19 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-06 12:58 - 2014-11-06 12:58 - 00000000 _RSHD () C:\cmdcons
2014-11-06 12:58 - 2013-05-02 17:33 - 00000211 _____ () C:\Boot.bak
2014-11-06 12:58 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-11-06 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-06 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-06 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-06 12:55 - 2014-11-06 13:32 - 00000000 ____D () C:\Qoobox
2014-11-06 12:54 - 2014-11-06 13:29 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-05 01:39 - 2014-11-05 14:04 - 00001561 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neues Textdokument.txt
2014-11-03 22:21 - 2014-11-06 23:20 - 00000000 ____D () C:\Programme\SpeedFan
2014-11-03 22:21 - 2014-11-03 22:21 - 00000704 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\SpeedFan.lnk
2014-11-03 22:21 - 2014-11-03 22:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\SpeedFan
2014-11-01 23:49 - 2014-11-09 23:59 - 00000000 ____D () C:\FRST
2014-11-01 21:56 - 2014-11-01 21:56 - 00000020 _____ () C:\Dokumente und Einstellungen\Administrator\defogger_reenable
2014-11-01 18:46 - 2014-11-09 23:00 - 03162278 ____N () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.BAK
2014-11-01 15:51 - 2014-11-01 15:51 - 00000109 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\hjghghj.txt
2014-10-13 10:28 - 2014-10-13 10:29 - 00000287 _____ () C:\WINDOWS\nsw.log
2014-10-13 10:06 - 2014-10-13 10:06 - 00000252 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Windows-pc.lnk
2014-10-13 10:06 - 2014-10-13 10:06 - 00000249 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Easybox.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 23:59 - 2013-07-01 09:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
2014-11-09 23:52 - 2009-04-04 12:32 - 00000000 ____D () C:\Programme
2014-11-09 23:45 - 2013-08-06 16:15 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-09 23:41 - 2013-09-24 17:08 - 01391966 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-09 23:39 - 2014-04-22 00:17 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 23:39 - 2009-04-04 12:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 23:38 - 2014-05-26 05:48 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-09 23:38 - 2009-04-04 12:12 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-11-09 23:38 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-11-09 23:34 - 2013-08-06 13:14 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common
2014-11-09 23:25 - 2013-09-28 06:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument.txt
2014-11-09 23:00 - 2013-02-28 13:27 - 03162278 _____ () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.CDF
2014-11-09 22:35 - 2014-04-21 23:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-11-09 22:23 - 2013-09-16 15:18 - 00001050 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
2014-11-09 22:09 - 2014-04-22 00:17 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 21:48 - 2009-04-04 12:32 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-11-09 20:48 - 2013-05-02 06:55 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-09 19:48 - 2014-04-22 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\BOTS
2014-11-09 19:44 - 2010-06-10 00:01 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Desktop\~~~~
2014-11-09 19:39 - 2013-08-06 17:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2014-11-09 18:48 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-09 16:23 - 2013-09-16 15:18 - 00001028 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
2014-11-08 15:00 - 2014-04-22 00:10 - 00000232 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-11-07 22:00 - 2014-05-01 17:20 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-07 21:59 - 2013-08-06 16:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-06 13:32 - 2009-04-04 12:01 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-11-06 13:26 - 2008-04-14 12:00 - 00000311 _____ () C:\WINDOWS\system.ini
2014-11-06 13:24 - 2009-04-04 11:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-06 13:19 - 2009-04-04 13:30 - 30146560 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 08126464 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 03670016 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-06 12:58 - 2009-04-04 13:30 - 00000327 __RSH () C:\boot.ini
2014-11-03 22:21 - 2009-04-08 00:25 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo
2014-11-03 22:21 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-11-01 18:55 - 2014-06-15 10:04 - 00689934 _____ () C:\WINDOWS\setupapi.log
2014-10-27 20:24 - 2009-04-04 12:32 - 01069336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-18 09:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-10-18 09:02 - 2013-09-24 07:03 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-10-16 14:40 - 2014-07-19 20:50 - 00000266 _____ () C:\WINDOWS\setupact.log
2014-10-15 13:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-10-13 11:01 - 2014-06-10 18:05 - 00000000 ____D () C:\pisse
2014-10-13 10:36 - 2009-06-28 12:18 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
2014-10-13 09:44 - 2014-10-08 17:05 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfamcc00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfareca00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Administrator at 2014-11-10 00:00:51
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.20 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version:  - )
Ashampoo WinOptimizer Platinum 3 (HKLM\...\Ashampoo WinOptimizer Platinum 3) (Version:  - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
CrystalDiskInfo 6.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
dBpowerAMP mp3PRO Input Codec (HKLM\...\dBpowerAMP mp3PRO Input Codec) (Version:  - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version:  - )
dBpowerAMP WMA V8 Codec (HKLM\...\dBpowerAMP WMA V8 Codec) (Version:  - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
dMC Auxiliary Input (HKLM\...\dMC Auxiliary Input) (Version:  - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 2 (HKLM\...\Fallout 2) (Version:  - )
ffdshow (HKLM\...\ffdshow) (Version: 20051221-gcc4.0.2-sse-x264.nl - Milan Cutka)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
GetFoldersize 1.2.3 (HKLM\...\GetFoldersize_is1) (Version: 1.2.3 - Michael Thummerer Software Design)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Internet Explorer 7 (Version:  - ) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MC SW 1.6.1 (HKLM\...\Merciless SW Texture set_is1) (Version:  - MERCILESS CREATIONS)
MC: Zara5ustra Map Pack (HKLM\...\MC: Zara5ustra Map Pack) (Version:  - )
Merciless 1942 version 1.6 (HKLM\...\Merciless 1942 version 1.6) (Version:  - )
Merciless Creations Secret Weapons Single Player (HKLM\...\Merciless Creations Secret Weapons Single Player) (Version:  - )
Merciless Single Player (HKLM\...\Merciless Single Player) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.0 - Tracker Software Products Ltd)
Philppines and Kharkov update (HKLM\...\Merciless Creations 1.6.1 Texture Update_is1) (Version:  - Merciless Creations)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
Rome - Total War(TM) (HKLM\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (Version: 1.0 - Ihr Firmenname) Hidden
Rome - Total War(TM) (Version: 1.2 - Ihr Firmenname) Hidden
Sakura (HKLM\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Silkroad (HKLM\...\Silkroad) (Version:  - )
Snes9x (HKLM\...\Snes9x) (Version:  - )
SpeechRedist (HKLM\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TGW 0.15 (HKLM\...\TGW 0.15) (Version:  - )
Tony Hawk's Pro Skater 3® (HKLM\...\Tony Hawk's Pro Skater 3®) (Version: 1.0 - Activision Publishing, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
UltimateDefrag V1 FREE Public Domain Version (HKLM\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XBF 1.2 (HKLM\...\XBF 1.2) (Version:  - )
XNote Stopwatch 1.50 (HKLM\...\XNote Stopwatch) (Version:  - dnSoft Research Group)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{0CFA3FB2-47F4-4157-A162-648CAA980DE2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{19EFC4D2-5251-4EB5-84C8-5A970FF8F5E0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1A6F5C32-45F4-11D3-9A67-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{42E0F145-11FD-11D3-BB97-00C04F8EE6C0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\1033\itngram.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E48-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E49-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{EC468149-6916-11D2-9427-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-11-2014 12:25:03 Systemprüfpunkt
07-11-2014 13:24:02 Systemprüfpunkt
07-11-2014 20:55:40 avast! antivirus system restore point
08-11-2014 22:05:40 Systemprüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 12:00 - 2014-11-06 13:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Eingabeaufforderung.job => C:\WINDOWS\system32\cmd.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-09 20:51 - 2014-11-09 20:51 - 02900992 _____ () C:\Programme\AVAST Software\Avast\defs\14110901\algo.dll
2013-10-16 12:39 - 2014-11-07 22:00 - 38562088 _____ () C:\Programme\AVAST Software\Avast\libcef.dll
2010-08-08 23:07 - 2005-11-10 17:08 - 00418304 _____ () C:\Programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1659004503-2025429265-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1659004503-2025429265-1606980848-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-1659004503-2025429265-1606980848-1000 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur

Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r


System errors:
=============
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer

Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer


Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur

Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r


==================== Memory info ===========================

Processor: AMD Athlon(tm) XP 2000+
Percentage of memory in use: 24%
Total physical RAM: 1791.48 MB
Available physical RAM: 1357.93 MB
Total Pagefile: 3467.69 MB
Available Pagefile: 3218.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:11.38 GB) (Free:1.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:45.89 GB) (Free:11.8 GB) NTFS
Drive f: (BOOT) (Fixed) (Total:91.2 GB) (Free:2.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BACKUP) (Fixed) (Total:93.15 GB) (Free:38.49 GB) NTFS
Drive h: (SWAP) (Fixed) (Total:1.96 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 57.3 GB) (Disk ID: 04680468)
Partition 1: (Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: CCD3CCD3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=91.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 10.11.2014 17:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131