Trojaner-Board - Löst immer Fehler aus C:\Temp\73c6

Bezüglich deiner Aufforderung.

Zitat:

Zitat von schrauber (Beitrag 1390366)

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01

Ran by Admin at 2014-11-28 10:39:37

Running from C:\Documents and Settings\Admin\My Documents\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)

Assistant (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e64a4d03}) (Version:  - Verified Publisher) <==== ATTENTION

Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)

Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)

BitLocker To Go Reader (HKLM\...\KB970401) (Version:  - Microsoft Corporation)

BlackShot Á¦°Å (HKLM\...\BlackShot) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)

ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu)

Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )

ExeIcon (remove only) (HKU\S-1-5-21-1960408961-1202660629-682003330-1003\...\ExeIcon) (Version:  - )

Free Video Flip and Rotate version 2.1.9.822 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)

HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)

Havij 1.17 Pro (HKLM\...\Havij_is1) (Version:  - ITSecTeam)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)

K-Lite Mega Codec Pack 10.3.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.5 - )

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

ParetoLogic PC Health Advisor (HKLM\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.0.0 - ParetoLogic, Inc.)

Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )

RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)

saffeweb (HKLM\...\{497C131E-2032-051B-B32A-C69A960FBB13}) (Version: 4.3.0.1667 - seafeweB) <==== ATTENTION

Search Protect (HKLM\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION

SNT (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 1.1.0.1185 - SNT) <==== ATTENTION

SumatraPDF 2.4 (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)

SW.Booster (HKLM\...\S-5458797678) (Version: 3.1.0.1526 - PremiumSoft) <==== ATTENTION

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)

VMware Tools (HKLM\...\{A4226134-90A6-40A4-8F97-421F96EE8F2F}) (Version: 9.8.4.2202052 - VMware, Inc.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)

WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Wireshark 1.10.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1960408961-1202660629-682003330-1003_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli)

CustomCLSID: HKU\S-1-5-21-1960408961-1202660629-682003330-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll (Simon Bünzli)
 

==================== Restore Points  =========================
 

26-11-2014 09:58:32 Printer Driver TP PS Driver BF894F778A7842a6AED5B72B7 Installed

26-11-2014 10:01:44 Removed VMware Tools

26-11-2014 10:04:16 Printer Driver TP PS Driver 8C85E5423D5147b1B734D20DE Installed

26-11-2014 10:06:16 Printer Driver TP PS Driver 937CF1F11A8746f98DB287BCA Installed

26-11-2014 10:06:43 Printer Driver TP PS Driver AEEF591F75864349A13CB4F89 Installed

26-11-2014 15:52:06 Printer Driver TP PS Driver 2491E35ACAC5490f8E373554B Installed

26-11-2014 15:52:23 Printer Driver TP PS Driver ADEE24911D3541b6A715C0897 Installed

27-11-2014 21:09:37 Printer Driver TP PS Driver 73B6A9E71A44410294A61130A Installed

27-11-2014 21:20:13 Printer Driver TP PS Driver E16FF54404744f309ABACF87D Installed

27-11-2014 21:20:21 Printer Driver TP PS Driver EE633B7DEA834508B57DC68B5 Installed

28-11-2014 13:08:52 Printer Driver TP PS Driver ACD6A340157A4804AB0FF5D5B Installed

28-11-2014 13:09:31 Printer Driver TP PS Driver 1994A49397A74786955C0E175 Installed

28-11-2014 16:26:08 Printer Driver TP PS Driver 71A51C387A834df6A41252D21 Installed

28-11-2014 16:27:28 Printer Driver TP PS Driver EFB0B005E1544240801CA53BC Installed

28-11-2014 16:35:17 Installed Java 7 Update 71
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2008-04-14 05:00 - 2008-04-14 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll

Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

Task: C:\WINDOWS\Tasks\PC Health Advisor Defrag.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe

Task: C:\WINDOWS\Tasks\PC Health Advisor.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe

Task: C:\WINDOWS\Tasks\SW.Booster-S-5458797678.job => c:\documents and settings\all users\application data\puresafe\sw.booster\SW.Booster.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: 2dc89c3a03af5817f628726a3e4694ff => "C:\Documents and Settings\Admin\Local Settings\Temp\Trojan.exe" ..

MSCONFIG\startupreg: CoolSwitch => C:\WINDOWS\system32\taskswitch.exe

MSCONFIG\startupreg: scvcchost => C:\Documents and Settings\Admin\Application Data\scvcchost.exe

MSCONFIG\startupreg: svchost => C:\Documents and Settings\Admin\Application Data\svchost.exe
 

========================= Accounts: ==========================
 

Admin (S-1-5-21-1960408961-1202660629-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin

Administrator (S-1-5-21-1960408961-1202660629-682003330-500 - Administrator - Disabled)

ASPNET (S-1-5-21-1960408961-1202660629-682003330-1004 - Limited - Enabled)

Guest (S-1-5-21-1960408961-1202660629-682003330-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-1960408961-1202660629-682003330-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-1960408961-1202660629-682003330-1002 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/28/2014 10:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 10:30:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 07:11:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.

Processing media-specific event for [plugin-container.exe!ws!]
 

Error: (11/27/2014 04:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.

Processing media-specific event for [plugin-container.exe!ws!]
 
 

System errors:

=============

Error: (11/28/2014 10:19:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058
 

Error: (11/28/2014 10:17:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 07:03:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058
 

Error: (11/28/2014 07:02:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:57:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Assistant service terminated unexpectedly.  It has done this 1 time(s).
 

Error: (11/28/2014 06:22:53 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:20:51 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:18:49 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 05:17:15 AM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.111.128 on the

Network Card with network address 000C299E86E6.
 

Error: (11/28/2014 00:19:03 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
 

Microsoft Office Sessions:

=========================

Error: (11/28/2014 10:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 10:30:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.00.0.0.000000000
 

Error: (11/28/2014 07:11:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/27/2014 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/27/2014 04:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.00.0.0.000000000
 

Error: (11/27/2014 04:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
 

Error: (11/27/2014 04:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
 
 

==================== Memory info =========================== 
 

Processor:  Intel(R) Core(TM) i5-2400S CPU @ 2.50GHz

Percentage of memory in use: 49%

Total physical RAM: 511.48 MB

Available physical RAM: 258.22 MB

Total Pagefile: 1246.56 MB

Available Pagefile: 526.67 MB

Total Virtual: 2047.88 MB

Available Virtual: 1949.04 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:39.99 GB) (Free:26.4 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (WXPPX86BE) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 40 GB) (Disk ID: 4D7B4D7B)

Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

FRST.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01

Ran by Admin at 2014-11-28 10:39:37

Running from C:\Documents and Settings\Admin\My Documents\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)

Assistant (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e64a4d03}) (Version:  - Verified Publisher) <==== ATTENTION

Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)

Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)

BitLocker To Go Reader (HKLM\...\KB970401) (Version:  - Microsoft Corporation)

BlackShot Á¦°Å (HKLM\...\BlackShot) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)

ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu)

Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )

ExeIcon (remove only) (HKU\S-1-5-21-1960408961-1202660629-682003330-1003\...\ExeIcon) (Version:  - )

Free Video Flip and Rotate version 2.1.9.822 (HKLM\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)

HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)

Havij 1.17 Pro (HKLM\...\Havij_is1) (Version:  - ITSecTeam)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)

K-Lite Mega Codec Pack 10.3.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.5 - )

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

ParetoLogic PC Health Advisor (HKLM\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.0.0 - ParetoLogic, Inc.)

Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )

RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)

saffeweb (HKLM\...\{497C131E-2032-051B-B32A-C69A960FBB13}) (Version: 4.3.0.1667 - seafeweB) <==== ATTENTION

Search Protect (HKLM\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION

SNT (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 1.1.0.1185 - SNT) <==== ATTENTION

SumatraPDF 2.4 (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)

SW.Booster (HKLM\...\S-5458797678) (Version: 3.1.0.1526 - PremiumSoft) <==== ATTENTION

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)

VMware Tools (HKLM\...\{A4226134-90A6-40A4-8F97-421F96EE8F2F}) (Version: 9.8.4.2202052 - VMware, Inc.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)

WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Wireshark 1.10.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1960408961-1202660629-682003330-1003_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli)

CustomCLSID: HKU\S-1-5-21-1960408961-1202660629-682003330-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll (Simon Bünzli)
 

==================== Restore Points  =========================
 

26-11-2014 09:58:32 Printer Driver TP PS Driver BF894F778A7842a6AED5B72B7 Installed

26-11-2014 10:01:44 Removed VMware Tools

26-11-2014 10:04:16 Printer Driver TP PS Driver 8C85E5423D5147b1B734D20DE Installed

26-11-2014 10:06:16 Printer Driver TP PS Driver 937CF1F11A8746f98DB287BCA Installed

26-11-2014 10:06:43 Printer Driver TP PS Driver AEEF591F75864349A13CB4F89 Installed

26-11-2014 15:52:06 Printer Driver TP PS Driver 2491E35ACAC5490f8E373554B Installed

26-11-2014 15:52:23 Printer Driver TP PS Driver ADEE24911D3541b6A715C0897 Installed

27-11-2014 21:09:37 Printer Driver TP PS Driver 73B6A9E71A44410294A61130A Installed

27-11-2014 21:20:13 Printer Driver TP PS Driver E16FF54404744f309ABACF87D Installed

27-11-2014 21:20:21 Printer Driver TP PS Driver EE633B7DEA834508B57DC68B5 Installed

28-11-2014 13:08:52 Printer Driver TP PS Driver ACD6A340157A4804AB0FF5D5B Installed

28-11-2014 13:09:31 Printer Driver TP PS Driver 1994A49397A74786955C0E175 Installed

28-11-2014 16:26:08 Printer Driver TP PS Driver 71A51C387A834df6A41252D21 Installed

28-11-2014 16:27:28 Printer Driver TP PS Driver EFB0B005E1544240801CA53BC Installed

28-11-2014 16:35:17 Installed Java 7 Update 71
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2008-04-14 05:00 - 2008-04-14 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll

Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

Task: C:\WINDOWS\Tasks\PC Health Advisor Defrag.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe

Task: C:\WINDOWS\Tasks\PC Health Advisor.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe

Task: C:\WINDOWS\Tasks\SW.Booster-S-5458797678.job => c:\documents and settings\all users\application data\puresafe\sw.booster\SW.Booster.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: 2dc89c3a03af5817f628726a3e4694ff => "C:\Documents and Settings\Admin\Local Settings\Temp\Trojan.exe" ..

MSCONFIG\startupreg: CoolSwitch => C:\WINDOWS\system32\taskswitch.exe

MSCONFIG\startupreg: scvcchost => C:\Documents and Settings\Admin\Application Data\scvcchost.exe

MSCONFIG\startupreg: svchost => C:\Documents and Settings\Admin\Application Data\svchost.exe
 

========================= Accounts: ==========================
 

Admin (S-1-5-21-1960408961-1202660629-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin

Administrator (S-1-5-21-1960408961-1202660629-682003330-500 - Administrator - Disabled)

ASPNET (S-1-5-21-1960408961-1202660629-682003330-1004 - Limited - Enabled)

Guest (S-1-5-21-1960408961-1202660629-682003330-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-1960408961-1202660629-682003330-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-1960408961-1202660629-682003330-1002 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/28/2014 10:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 10:30:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 07:11:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/28/2014 05:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application http_dos_cli.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [http_dos_cli.exe!ws!]
 

Error: (11/27/2014 04:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.

Processing media-specific event for [plugin-container.exe!ws!]
 

Error: (11/27/2014 04:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.

Processing media-specific event for [plugin-container.exe!ws!]
 
 

System errors:

=============

Error: (11/28/2014 10:19:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058
 

Error: (11/28/2014 10:17:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 07:03:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error: 

%%1058
 

Error: (11/28/2014 07:02:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:57:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Assistant service terminated unexpectedly.  It has done this 1 time(s).
 

Error: (11/28/2014 06:22:53 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:20:51 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 06:18:49 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 

Error: (11/28/2014 05:17:15 AM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.111.128 on the

Network Card with network address 000C299E86E6.
 

Error: (11/28/2014 00:19:03 AM) (Source: DCOM) (EventID: 10010) (User: WXPPX86BE-0637)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
 

Microsoft Office Sessions:

=========================

Error: (11/28/2014 10:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 10:30:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.00.0.0.000000000
 

Error: (11/28/2014 07:11:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/28/2014 05:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/27/2014 04:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.0unknown0.0.0.000000000
 

Error: (11/27/2014 04:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: http_dos_cli.exe0.0.0.00.0.0.000000000
 

Error: (11/27/2014 04:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
 

Error: (11/27/2014 04:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b
 
 

==================== Memory info =========================== 
 

Processor:  Intel(R) Core(TM) i5-2400S CPU @ 2.50GHz

Percentage of memory in use: 49%

Total physical RAM: 511.48 MB

Available physical RAM: 258.22 MB

Total Pagefile: 1246.56 MB

Available Pagefile: 526.67 MB

Total Virtual: 2047.88 MB

Available Virtual: 1949.04 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:39.99 GB) (Free:26.4 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (WXPPX86BE) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 40 GB) (Disk ID: 4D7B4D7B)

Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Vergessen zu erwähnen habe ich uch, dass ich mehrere System Neustadts hinter mir habe. Das Antiviren Programm ist auch schon etliche Male durchgerasselt. Problem besteht noch immer.

lG