Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: rechner startet sehr langsam; ip blacklisted (botnet infection)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.10.2013, 09:20   #1
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



hallo, vermutlich hängen beide probleme zusammen.
es dauert ewig vom windows logo über den willkommensbildschirm bis hin zum desktop. (dann auch noch mal ne ganze weile, bis ich dort was machen kann...)
das hat er öfter schon mal gehabt, aber so extrem bisher nicht.

wenn er diesen punkt dann mal überwunden hat, funktioniert alles reibungslos.

nun wurde ich zusätzlich gestern darauf aufmerksam gemacht, dass meine email via thunderbird nicht versendet werden könne, da meine ip auf gewissen servern geblacklisted sei. okay, ist also doch was im argen

kurzer check auf mxtoolbox ergab folgendes:
Zitat:
Inclusion in the Spamhaus-ZEN Blacklist results from sub-listings in one more the following Blacklists:

CBL - You have contracted a Virus or Malware that is operating a Botnet, either on your email server on a workstation behind the NAT - Continual delisting requests without eliminating the virus will result in permanent blacklisting;
XBL (Spamhaus Exploits Block List) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies;
PBL - Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
meine versuche dagegen vorzugehen, erspare ich euch jetzt
vllt (untertreibung) weiß eine_r rat?
lg, adh

Alt 13.10.2013, 09:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.10.2013, 10:09   #3
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by skynet (administrator) on SKYNERD on 13-10-2013 11:05:53
Running from C:\Users\skynet\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [Cm108Sound] - RunDll32 cm108.cpl,CMICtrlWnd
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [Google Update] - C:\Users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-24] (Google Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-10] (Spotify Ltd)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
MountPoints2: {84b57f9e-63a7-11e1-b93c-20cf30ab3407} - E:\autorun.exe -auto
MountPoints2: {e67fb239-aace-11e0-bb69-20cf30ab3407} - E:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE590571A38C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.startfenster.com
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\searchplugins\youtube.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\ich@maltegoetz.de
FF Extension: SearchIMDB - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\searchimdb@sogame.cat
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\staged
FF Extension: Yahoo! Toolbar - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: hdvc - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: isreaditlater - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\isreaditlater@ideashower.com.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{15a82062-5139-4855-9706-130a8a4be80c}.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "https://www.google.de/webhp?source=search_app"
CHR Plugin: (Shockwave Flash) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Checker Plus for Google Calendar\u2122) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\13.8.7_0
CHR Extension: (Stealthy) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files\HDvidCodec.com\HDvidCodec10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-11-16] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [615440 2012-12-17] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-01-01] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [867344 2012-12-17] (<Turtle Entertainment>)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-11-16] (Duplex Secure Ltd.)
R3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1517056 2013-01-16] (C-Media Electronics Inc)
S3 ALSysIO; \??\C:\Users\skynet\AppData\Local\Temp\ALSysIO.sys [x]
S2 eamonm; system32\DRIVERS\eamonm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 11:04 - 2013-10-13 11:05 - 01087213 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 21:55 - 2013-10-12 21:57 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:26 - 2013-10-12 12:26 - 00002084 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 12:26 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-12 12:26 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:25 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-12 12:24 - 2013-10-12 12:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00002128 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-10-12 11:51 - 2013-10-12 11:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 02:58 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:58 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:58 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:58 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 01:58 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 01:58 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 01:58 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 01:58 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 01:58 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 01:58 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 01:58 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 01:58 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 01:58 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 01:58 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 01:58 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 01:58 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-08 17:38 - 2013-10-08 17:38 - 00011190 _____ C:\Windows\PFRO.log
2013-10-08 13:03 - 2013-10-13 10:32 - 00003136 _____ C:\Windows\setupact.log
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 20:45 - 2013-10-08 17:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:17 - 2013-10-08 17:38 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014
2013-09-19 12:49 - 2013-10-03 10:54 - 00000000 ____D C:\Users\skynet\Documents\06-marktforschung
2013-09-13 17:21 - 2013-09-13 17:21 - 00000000 ____D C:\Users\skynet\Documents\Ubisoft
2013-09-13 00:39 - 2013-09-13 18:45 - 00000170 _____ C:\Users\skynet\Desktop\Splinter Cell Blacklist.url

==================== One Month Modified Files and Folders =======

2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 11:05 - 2013-10-13 11:04 - 01087213 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-13 10:50 - 2011-04-15 22:42 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 10:32 - 2013-10-08 13:03 - 00003136 _____ C:\Windows\setupact.log
2013-10-13 10:28 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-13 10:26 - 2013-08-07 15:03 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-13 10:24 - 2012-08-24 15:38 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
2013-10-13 10:24 - 2012-08-24 15:38 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
2013-10-13 10:09 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 10:09 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 10:07 - 2013-01-29 12:27 - 00000000 ____D C:\Program Files\Steam
2013-10-13 10:05 - 2013-01-23 10:10 - 01832615 _____ C:\Windows\WindowsUpdate.log
2013-10-13 10:02 - 2011-04-15 22:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 10:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-13 00:26 - 2011-04-15 22:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Adobe
2013-10-12 22:10 - 2011-05-21 22:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-12 22:03 - 2013-10-12 21:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 21:55 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:26 - 2013-10-12 12:26 - 00002084 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:25 - 2013-10-12 12:24 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00002128 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 20:09 - 2013-09-02 14:42 - 00000000 ____D C:\Users\skynet\Documents\kollektif
2013-10-11 18:38 - 2013-09-02 15:01 - 00000000 ____D C:\Users\skynet\AppData\Roaming\vlc
2013-10-11 16:04 - 2013-08-21 13:50 - 00000000 ____D C:\Users\skynet\AppData\Local\JDownloader v2.0
2013-10-11 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 10:53 - 2009-07-14 06:33 - 01665296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:53 - 2002-01-01 01:19 - 00000000 ____D C:\Windows\Panther
2013-10-11 03:01 - 2011-04-15 23:22 - 01593806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 03:00 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:58 - 2011-05-15 15:50 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 16:56 - 2011-04-30 14:35 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Winamp
2013-10-10 16:31 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Spotify
2013-10-08 17:38 - 2013-10-08 17:38 - 00011190 _____ C:\Windows\PFRO.log
2013-10-08 17:38 - 2013-09-27 20:45 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 17:38 - 2013-09-27 18:17 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014
2013-10-08 17:38 - 2013-03-18 19:37 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 11:59 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Local\Spotify
2013-10-08 11:57 - 2013-02-27 02:06 - 00000000 ____D C:\Users\skynet\AppData\Roaming\TS3Client
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:43 - 2013-01-23 13:36 - 00000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-08 10:43 - 2013-01-23 13:36 - 00000000 ____D C:\Program Files\CCleaner
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-07 11:21 - 2012-08-24 14:54 - 00002376 _____ C:\Users\skynet\Desktop\Google Chrome.lnk
2013-10-03 15:50 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Performance
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 10:54 - 2013-09-19 12:49 - 00000000 ____D C:\Users\skynet\Documents\06-marktforschung
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 10:55 - 2012-03-24 19:38 - 00129536 ___SH C:\Users\skynet\Documents\Thumbs.db
2013-09-27 10:54 - 2013-08-13 10:41 - 00017103 _____ C:\Users\skynet\Documents\shirtclub zitrone.ods
2013-09-23 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-23 12:36 - 2013-07-29 10:47 - 00014513 _____ C:\Users\skynet\Desktop\OpenDocument Text (neu).odt
2013-09-23 01:28 - 2013-10-11 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-11 02:58 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:30 - 2013-10-11 02:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-11 02:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-18 15:14 - 2013-05-31 14:20 - 00002601 _____ C:\Users\skynet\Desktop\Neues Textdokument.txt
2013-09-13 18:45 - 2013-09-13 00:39 - 00000170 _____ C:\Users\skynet\Desktop\Splinter Cell Blacklist.url
2013-09-13 17:21 - 2013-09-13 17:21 - 00000000 ____D C:\Users\skynet\Documents\Ubisoft
2013-09-13 17:21 - 2012-11-22 13:08 - 00000000 ____D C:\ProgramData\Orbit
2013-09-13 12:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 00:39 - 2011-06-18 17:11 - 00000000 ____D C:\Windows\system32\directx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 01:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by skynet at 2013-10-13 11:07:28
Running from C:\Users\skynet\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe AIR (Version: 3.5.0.600)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AIDA64 Extreme Edition v3.00 (Version: 3.00)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1116.1515.27190)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AMD VISION Engine Control Center (Version: 2012.1116.1515.27190)
Audacity 2.0
avast! Free Antivirus (Version: 8.0.1497.0)
BEHRINGER USB AUDIO DRIVER
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (Version: 2012.1116.1515.27190)
CBR (Version: 0.7)
CCC Help Chinese Standard (Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (Version: 2012.1116.1514.27190)
CCC Help Czech (Version: 2012.1116.1514.27190)
CCC Help Danish (Version: 2012.1116.1514.27190)
CCC Help Dutch (Version: 2012.1116.1514.27190)
CCC Help English (Version: 2012.1116.1514.27190)
CCC Help Finnish (Version: 2012.1116.1514.27190)
CCC Help French (Version: 2012.1116.1514.27190)
CCC Help German (Version: 2012.1116.1514.27190)
CCC Help Greek (Version: 2012.1116.1514.27190)
CCC Help Hungarian (Version: 2012.1116.1514.27190)
CCC Help Italian (Version: 2012.1116.1514.27190)
CCC Help Japanese (Version: 2012.1116.1514.27190)
CCC Help Korean (Version: 2012.1116.1514.27190)
CCC Help Norwegian (Version: 2012.1116.1514.27190)
CCC Help Polish (Version: 2012.1116.1514.27190)
CCC Help Portuguese (Version: 2012.1116.1514.27190)
CCC Help Russian (Version: 2012.1116.1514.27190)
CCC Help Spanish (Version: 2012.1116.1514.27190)
CCC Help Swedish (Version: 2012.1116.1514.27190)
CCC Help Thai (Version: 2012.1116.1514.27190)
CCC Help Turkish (Version: 2012.1116.1514.27190)
ccc-utility (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.06)
Counter-Strike: Global Offensive
CPUID CPU-Z 1.62
Dota 2
Dropbox (HKCU Version: 1.6.18)
Dual-Core Optimizer (Version: 1.1.4.0169)
ElsterFormular-Upgrade (Version: 14.1.11318)
energyXT2.07
ESL Wire 1.15.4
Far Cry 3 (Version: 1.04)
FreeArc 0.666 (Version: 0.666)
Google Chrome (HKCU Version: 30.0.1599.69)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript (Version: 9.04)
Grand Theft Auto IV (Version: 1.0.0013.131)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 4.0.0.009)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
JDownloader
JDownloader 2 (Version: 2.0)
LAME v3.99.3 (for Windows)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE (Version: 3.0.86.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MozBackup 1.4.10
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyPhoneExplorer (Version: 1.8.4)
Native Instruments AC Box Combo
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.3.5.667)
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig 5 (Version: 5.0.1.2447)
Native Instruments Guitar Rig Session I/O
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.5.596)
NVIDIA PhysX (Version: 9.12.0613)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
PC Probe II (Version: 1.04.88)
PDF Settings (Version: 1.0)
PDF24 Creator 3.2.0
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6151)
RedMon - Redirection Port Monitor
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Splinter Cell Blacklist (Version: 6.0)
Spotify (HKCU Version: 0.9.4.178.g259772ba)
Spybot - Search & Destroy (Version: 2.1.21)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
Steinberg Cubase 5 (Version: 5.1.2)
Steinberg Drum Loop Expansion 01 (Version: 1.0.0.1)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg HALionOne (Version: 1.1.0.457)
Steinberg HALionOne Additional Content Set 01 (Version: 1.0.0.001)
Steinberg HALionOne Expression Set (Version: 1.0.1.0)
Steinberg HALionOne GM Drum Set (Version: 1.0.1.457)
Steinberg HALionOne GM Set (Version: 1.0.1.457)
Steinberg HALionOne Pro Set (Version: 1.0.1.457)
Steinberg HALionOne Studio Drum Set (Version: 1.0.1.457)
Steinberg HALionOne Studio Set (Version: 1.0.1.457)
Steinberg LoopMash Content (Version: 1.0.0.005)
Steinberg REVerence Content 01 (Version: 1.0.0.006)
TeamSpeak 3 Client (Version: 3.0.10.1)
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (Version: 1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Uplay (Version: 2.0)
USB PnP Sound Device (Version:  )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.8 (Version: 2.0.8)
Winamp (Version: 5.601 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.00 beta 3 (32-bit) (Version: 4.00.3)

==================== Restore Points  =========================

04-10-2013 19:16:07 Geplanter Prüfpunkt
08-10-2013 08:44:48 Removed AVG 2014
08-10-2013 08:47:43 Removed AVG 2014
10-10-2013 23:54:33 Windows Update
11-10-2013 00:57:41 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2012-04-30 16:30 - 00000913 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {102EA41D-BCA0-4818-AD17-3D6BAB1DFD41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {10339682-AD97-44B8-966E-CD7D022D3599} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {37190B5F-595D-4481-9DCA-A756C819C44C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA => C:\Users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24] (Google Inc.)
Task: {8F5FB1D3-221F-4540-B101-878460D98F7C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core => C:\Users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24] (Google Inc.)
Task: {9D6E6C12-CAF3-4646-BDD0-F8596556D6A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {A02042CA-AF54-4C8B-9FE7-D7AA91328FE3} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A4C84CE1-4FA7-4598-950B-A2C61432E539} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-15] (Google Inc.)
Task: {D79458D8-3DD7-42A9-9158-248FE2A2CB97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-15] (Google Inc.)
Task: {F8235BCB-06C9-48C7-B261-F60B00854494} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {FC9A651C-F1CE-4D42-90A5-89DB60872122} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => C:\Windows\System32\url.dll [2013-04-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job => C:\Users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job => C:\Users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-10-12 11:51 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-12 11:51 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-04-16 11:03 - 2010-12-20 15:44 - 00139264 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-02 13:05 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-11-16 16:26 - 2012-11-16 16:26 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-10-07 11:21 - 2013-10-03 08:02 - 00698832 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-07 11:21 - 2013-10-03 08:02 - 00099792 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-07 11:21 - 2013-10-03 08:03 - 04055504 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-07 11:21 - 2013-10-03 08:03 - 00415184 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-07 11:21 - 2013-10-03 08:02 - 01604560 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-10-12 12:27 - 2013-10-12 12:27 - 13584776 _____ () C:\Users\skynet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00053248 _____ () C:\Program Files\Winamp\nsutil.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00073728 _____ () C:\Program Files\Winamp\nde.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00047616 _____ () C:\Program Files\Winamp\zlib.dll
2013-10-13 10:32 - 2013-10-13 10:32 - 00010752 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\auth.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00069120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\burnlib.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00013824 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\dsp_sps.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00009728 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_aacplus.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_flac.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005632 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_lame.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_vorbis.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_wav.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006144 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\enc_wma.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00023552 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_classicart.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00007168 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_crasher.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00023040 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_ff.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_find_on_disk.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00011264 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_hotkeys.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00041984 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_jumpex.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00021504 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_ml.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00009216 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_nopro.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00007168 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_orgler.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00011776 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_skinmanager.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00010240 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_timerestore.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00008192 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_tray.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00010752 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\gen_undo.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_avi.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00014336 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_cdda.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006656 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_dshow.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005632 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_flac.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_flv.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_linein.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00020480 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_midi.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004608 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_mkv.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00018944 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_mod.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00023040 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_mp3.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_mp4.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00011776 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_nsv.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_swf.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00011264 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_vorbis.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006656 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_wav.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005632 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_wave.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00015360 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_wm.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004608 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\in_wv.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_addons.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006656 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_autotag.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_bookmarks.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00008192 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_devices.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00047616 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_disc.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00009728 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_downloads.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004608 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_enqplay.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00008704 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_history.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_impex.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00055808 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_local.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_nowplaying.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00014336 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_online.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_orb.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00012800 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_playlists.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00034304 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_plg.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00047104 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_pmp.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00005120 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_rg.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00008192 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_transcode.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00014848 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ml_wire.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00036352 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\ombrowser.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006144 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\out_disk.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00016384 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\out_ds.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00007680 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\out_wave.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003072 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\playlist.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004608 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_activesync.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00020480 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_android.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00036864 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_ipod.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00003584 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_njb.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_p4s.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00011776 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_usb.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00039424 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\pmp_wifi.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00006144 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\tagz.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00088064 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\vis_avs.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00155648 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\vis_milk2.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00007680 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\vis_nsfs.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00205312 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\winamp.lng
2013-10-13 10:32 - 2013-10-13 10:32 - 00004096 _____ () C:\Users\skynet\AppData\Local\Temp\WLZ9369.tmp\winampa.lng
2010-12-09 12:47 - 2011-04-30 14:35 - 00023040 _____ () C:\Program Files\Winamp\System\albumart.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00174080 _____ () C:\Program Files\Winamp\System\auth.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00019456 _____ () C:\Program Files\Winamp\System\bmp.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00044544 _____ () C:\Program Files\Winamp\System\devices.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00016896 _____ () C:\Program Files\Winamp\System\dlmgr.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00014336 _____ () C:\Program Files\Winamp\System\filereader.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00019456 _____ () C:\Program Files\Winamp\System\gif.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00016384 _____ () C:\Program Files\Winamp\System\gracenote.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00623616 _____ () C:\Program Files\Winamp\System\jnetlib.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00154624 _____ () C:\Program Files\Winamp\System\jpeg.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00084480 _____ () C:\Program Files\Winamp\System\playlist.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00086528 _____ () C:\Program Files\Winamp\System\png.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00013824 _____ () C:\Program Files\Winamp\System\primo.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00021504 _____ () C:\Program Files\Winamp\System\tagz.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00035328 _____ () C:\Program Files\Winamp\System\timer.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00090112 _____ () C:\Program Files\Winamp\System\xml.w5s
2010-12-09 12:47 - 2011-04-30 14:35 - 00068608 _____ () C:\Program Files\Winamp\Plugins\in_avi.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00102400 _____ () C:\Program Files\Winamp\Plugins\in_cdda.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00072192 _____ () C:\Program Files\Winamp\Plugins\in_dshow.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00060416 _____ () C:\Program Files\Winamp\Plugins\in_flac.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00043008 _____ () C:\Program Files\Winamp\Plugins\in_flv.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00007168 _____ () C:\Program Files\Winamp\Plugins\in_linein.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00109568 _____ () C:\Program Files\Winamp\Plugins\in_midi.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00049152 _____ () C:\Program Files\Winamp\Plugins\in_mkv.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00165376 _____ () C:\Program Files\Winamp\Plugins\in_mod.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00288256 _____ () C:\Program Files\Winamp\Plugins\in_mp3.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00050688 _____ () C:\Program Files\Winamp\Plugins\in_mp4.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00074752 _____ () C:\Program Files\Winamp\Plugins\in_nsv.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00023552 _____ () C:\Program Files\Winamp\Plugins\in_swf.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00252416 _____ () C:\Program Files\Winamp\Plugins\in_vorbis.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00016896 _____ () C:\Program Files\Winamp\Plugins\in_wave.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00253440 _____ () C:\Program Files\Winamp\libsndfile.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00313344 _____ () C:\Program Files\Winamp\Plugins\in_wm.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00022528 _____ () C:\Program Files\Winamp\Plugins\out_disk.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00052224 _____ () C:\Program Files\Winamp\Plugins\out_ds.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00018432 _____ () C:\Program Files\Winamp\Plugins\out_wave.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 01737216 _____ () C:\Program Files\Winamp\Plugins\gen_ff.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00083968 _____ () C:\Program Files\Winamp\tataki.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00027648 _____ () C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2010-11-10 19:29 - 2011-04-30 14:35 - 00183808 _____ () C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00307200 _____ () C:\Program Files\Winamp\Plugins\gen_ml.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00291840 _____ () C:\Program Files\Winamp\Plugins\ml_local.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00082944 _____ () C:\Program Files\Winamp\Plugins\ml_playlists.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00125952 _____ () C:\Program Files\Winamp\Plugins\ml_online.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00249856 _____ () C:\Program Files\Winamp\Plugins\ml_devices.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00200704 _____ () C:\Program Files\Winamp\Plugins\ml_disc.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00240128 _____ () C:\Program Files\Winamp\Plugins\ml_pmp.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00060928 _____ () C:\Program Files\Winamp\Plugins\pmp_android.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00167936 _____ () C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00020480 _____ () C:\Program Files\Winamp\Plugins\pmp_njb.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00118272 _____ () C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00053760 _____ () C:\Program Files\Winamp\Plugins\pmp_usb.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00113152 _____ () C:\Program Files\Winamp\Plugins\pmp_wifi.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00027648 _____ () C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00052224 _____ () C:\Program Files\Winamp\Plugins\ml_history.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00028672 _____ () C:\Program Files\Winamp\Plugins\ml_autotag.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00056320 _____ () C:\Program Files\Winamp\Plugins\ml_impex.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00079360 _____ () C:\Program Files\Winamp\Plugins\ml_plg.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00033792 _____ () C:\Program Files\Winamp\Plugins\ml_rg.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00032256 _____ () C:\Program Files\Winamp\Plugins\ml_transcode.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00057344 _____ () C:\Program Files\Winamp\Plugins\gen_orgler.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00025600 _____ () C:\Program Files\Winamp\Plugins\gen_tray.dll
2010-12-09 12:47 - 2011-04-30 14:35 - 00237056 _____ () C:\Program Files\Winamp\System\aacPlusDecoder.w5s

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/10/12 23:42:43.504]: [00002412]: Initialize TwdsMain Class failed!

Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/10/12 23:42:43.503]: [00002412]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2013/10/12 23:42:43.501]: [00002412]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (10/12/2013 00:58:58 PM) (Source: ESENT) (User: )
Description: Windows (1056) Windows: Versuch, aus Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" bei Offset 32768 (0x0000000000008000) für 32768 (0x00008000) Bytes zu lesen, ist nach Windows0 Sekunden mit Systemfehler 23 (0x00000017): "Datenfehler (CRC-Prüfung) " fehlgeschlagen. Fehler -1021 (0xfffffc03) bei Leseoperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (10/12/2013 00:58:10 PM) (Source: ESENT) (User: )
Description: Windows (1056) Windows: Versuch, aus Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" bei Offset 0 (0x0000000000000000) für 65536 (0x00010000) Bytes zu lesen, ist nach Windows0 Sekunden mit Systemfehler 23 (0x00000017): "Datenfehler (CRC-Prüfung) " fehlgeschlagen. Fehler -1021 (0xfffffc03) bei Leseoperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.

Error: (10/12/2013 00:25:38 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\skynet\AppData\Local\Temp\_av_sfx.tm~12ca4061-dd32-4eb4-956d-28be75e51088\avast.setup /sfx /sfxstorage "C:\Users\skynet\AppData\Local\Temp\_av_sfx.tm~12ca4061-dd32-4eb4-956d-28be75e51088" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "C:\Users\skynet\DOWNLO~1" /sfxname "avast_free_antivirus_setup"; Beschreibung = avast! Free Antivirus Setup; Fehler = 0x8007043c).

Error: (10/12/2013 00:13:30 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe Files\Spybot - Search & Destroy 2\SDCleaner.exe" ; Beschreibung = S; Fehler = 0x8007043c).

Error: (10/12/2013 00:13:06 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe Files\Spybot - Search & Destroy 2\SDCleaner.exe" ; Beschreibung = S; Fehler = 0x8007043c).

Error: (10/11/2013 10:54:18 AM) (Source: ESENT) (User: )
Description: taskhost (3952) Versuch, Datei "C:\Users\skynet\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (10/11/2013 01:58:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (10/13/2013 10:44:26 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:44:23 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:44:19 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:44:15 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:44:08 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:43:58 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:42:21 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:42:18 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:42:15 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/13/2013 10:42:12 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/10/12 23:42:43.504]: [00002412]: Initialize TwdsMain Class failed!

Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/10/12 23:42:43.503]: [00002412]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (10/12/2013 11:42:43 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2013/10/12 23:42:43.501]: [00002412]: GetDeviceList Failed! pStiInfo = 0x0..

Error: (10/12/2013 00:58:58 PM) (Source: ESENT)(User: )
Description: Windows1056Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb32768 (0x0000000000008000)32768 (0x00008000)-1021 (0xfffffc03)23 (0x00000017)Datenfehler (CRC-Prüfung) 47

Error: (10/12/2013 00:58:10 PM) (Source: ESENT)(User: )
Description: Windows1056Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb0 (0x0000000000000000)65536 (0x00010000)-1021 (0xfffffc03)23 (0x00000017)Datenfehler (CRC-Prüfung) 90

Error: (10/12/2013 00:25:38 PM) (Source: System Restore)(User: )
Description: C:\Users\skynet\AppData\Local\Temp\_av_sfx.tm~12ca4061-dd32-4eb4-956d-28be75e51088\avast.setup /sfx /sfxstorage "C:\Users\skynet\AppData\Local\Temp\_av_sfx.tm~12ca4061-dd32-4eb4-956d-28be75e51088" /GetEdition:free /edition "1" /brandcode "A"  /srcpath "C:\Users\skynet\DOWNLO~1" /sfxname "avast_free_antivirus_setup"avast! Free Antivirus Setup0x8007043c

Error: (10/12/2013 00:13:30 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe Files\Spybot - Search & Destroy 2\SDCleaner.exe" S0x8007043c

Error: (10/12/2013 00:13:06 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe Files\Spybot - Search & Destroy 2\SDCleaner.exe" S0x8007043c

Error: (10/11/2013 10:54:18 AM) (Source: ESENT)(User: )
Description: taskhost3952C:\Users\skynet\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (10/11/2013 01:58:47 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\mozbackup\dll\DelZip179.dllc:\program files\mozbackup\dll\DelZip179.dll8


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 3327.18 MB
Available physical RAM: 1304.8 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 4170.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.74 MB

==================== Drives ================================

Drive c: (/yard) (Fixed) (Total:98.57 GB) (Free:19.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (/vault) (Fixed) (Total:125.98 GB) (Free:10.38 GB) NTFS
Drive h: (marianengraben) (Fixed) (Total:931.51 GB) (Free:87.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3D5688B2)
Partition 1: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2876BAF5)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 13.10.2013, 14:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.10.2013, 21:09   #5
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



Code:
ATTFilter
ComboFix 13-10-13.01 - skynet 13.10.2013  16:50:17.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.2215 [GMT 2:00]
ausgeführt von:: c:\users\skynet\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\skynet\4.0
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.json
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome.manifest
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\extconfig.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYTBXPCOM.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogFileAppender.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.xpt
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\Lightening.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\ich@maltegoetz.de.json
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\ich@maltegoetz.de\chrome.manifest
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\ich@maltegoetz.de\chrome\proxtube.jar
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\ich@maltegoetz.de\defaults\preferences\prefs.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\ich@maltegoetz.de\install.rdf
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\isreaditlater@ideashower.com.json
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\isreaditlater@ideashower.com.xpi
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome.manifest
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\common.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\jquery-1.8.3.min.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\options.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\options.xul
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\overlay.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\overlay.xul
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\popup.html
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\popup.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\superfish_domains.json
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\content\tabs_listener.js
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\locale\en-US\settings.dtd
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic\button.png
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic\icon.png
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic\main.css
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic\overlay.css
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic\websiterecommendation.css
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\install.rdf
c:\users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\staged\WebSiteRecommendation@weliketheweb.com\readme.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-13 bis 2013-10-13  ))))))))))))))))))))))))))))))
.
.
2013-10-13 15:04 . 2013-10-13 15:04	--------	d-----w-	c:\users\skynet\AppData\Local\temp
2013-10-13 15:04 . 2013-10-13 15:04	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-10-13 15:04 . 2013-10-13 15:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-13 09:05 . 2013-10-13 09:05	--------	d-----w-	C:\FRST
2013-10-12 20:02 . 2013-10-12 20:02	12872	----a-w-	c:\windows\system32\bootdelete.exe
2013-10-12 19:57 . 2013-10-12 20:03	--------	d-----w-	c:\programdata\HitmanPro
2013-10-12 10:26 . 2013-08-30 07:48	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-10-12 10:26 . 2013-08-30 07:48	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-10-12 10:26 . 2013-08-30 07:48	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-10-12 10:26 . 2013-08-30 07:48	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-10-12 10:26 . 2013-08-30 07:48	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-10-12 10:26 . 2013-08-30 07:48	177864	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-10-12 10:26 . 2013-08-30 07:48	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-10-12 10:26 . 2013-08-30 07:48	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-10-12 10:26 . 2013-08-30 07:47	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-10-12 10:25 . 2013-08-30 07:47	41664	----a-w-	c:\windows\avastSS.scr
2013-10-12 10:25 . 2013-10-12 10:25	--------	d-----w-	c:\program files\AVAST Software
2013-10-12 10:24 . 2013-10-12 10:25	--------	d-----w-	c:\programdata\AVAST Software
2013-10-12 09:52 . 2009-01-25 11:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2013-10-12 09:51 . 2013-10-12 09:52	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-10-11 08:58 . 2013-09-15 22:50	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CD9456F-7A22-4074-8BE5-94F8DBE3F45B}\mpengine.dll
2013-10-10 23:58 . 2013-07-04 11:50	530432	----a-w-	c:\windows\system32\comctl32.dll
2013-09-27 18:45 . 2013-10-08 15:38	--------	d-----w-	c:\programdata\AVG2014
2013-09-27 16:17 . 2013-10-08 15:38	--------	d-----w-	c:\users\skynet\AppData\Local\Avg2014
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 02:22 . 2011-04-15 20:49	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-08-02 01:50 . 2013-09-12 07:57	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-12 07:57	293376	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 07:57	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-12 07:57	271360	----a-w-	c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-12 07:57	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 07:57	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 07:57	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 07:57	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-01 16:23 . 2013-08-01 16:23	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-01 16:23 . 2013-08-01 16:23	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-25 08:57 . 2013-08-14 22:19	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 22:19	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\skynet\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\skynet\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\skynet\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\skynet\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-10 1140736]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^skynet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\skynet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^skynet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\skynet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26	114688	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-10-10 14:23	1140736	----a-w-	c:\users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-07-26 22:46	1807272	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 ALSysIO;ALSysIO;c:\users\skynet\AppData\Local\Temp\ALSysIO.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2007-11-06 340480]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 10200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-12-17 867344]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-12-17 615440]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-08 166912]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2013-01-16 1517056]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-12 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-12 08:58]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 20:42]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 20:42]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
- c:\users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 13:38]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
- c:\users\skynet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 13:38]
.
2013-10-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-12 08:57]
.
2013-10-12 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-12 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cm108Sound - cm108.cpl
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-JDownloader - c:\program files\JDownloader\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.0"
"UniqueId"="0245299A4DD3F705"
"ScannerBuild"=dword:0000243b
"ScannerVersionId"=dword:000017f4
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-13  17:05:59
ComboFix-quarantined-files.txt  2013-10-13 15:05
.
Vor Suchlauf: 12 Verzeichnis(se), 21.501.353.984 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 21.329.895.424 Bytes frei
.
- - End Of File - - 82852998D52E8B1C7594842E1759D50B
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 14.10.2013, 11:44   #6
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> rechner startet sehr langsam; ip blacklisted (botnet infection)

Alt 14.10.2013, 18:00   #7
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



also der reihe nach:
malware bytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
skynet :: SKYNERD [Administrator]

14.10.2013 14:31:01
mbam-log-2013-10-14 (14-31-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466344
Laufzeit: 1 Stunde(n), 36 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
H:\005.avi\003.series\[weekly cartoon stuff]\sp1701720phxdimension.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

adwcleaner
Code:
ATTFilter
# AdwCleaner v3.007 - Bericht erstellt am 14/10/2013 um 18:39:55
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : skynet - SKYNERD
# Gestartet von : C:\Users\skynet\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\SimilarSites
Ordner Gelöscht : C:\Users\skynet\AppData\Roaming\SimilarSites
Ordner Gelöscht : C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\hdvc@hdvc.com.xpi
Datei Gelöscht : C:\Users\skynet\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\skynet\Desktop\HDVidCodec.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v16.0 (de)

[ Datei : C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.com");
Zeile gelöscht : user_pref("extensions.enabledItems", "linkuryfirefoxremoteplugin@linkury.com:1.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94,{6904342A-8307-11DF-A508-[...]
Zeile gelöscht : user_pref("extensions.tweakmdb.addit.remoteInstallItems", "{ \"software\": {\"63\": {\"id\": \"63\",\"title\": \"Result Browser\",\"type\": \"EXE\",\"url\": \"hxxps://www.radialsearch.com/downloads/re[...]

-\\ Google Chrome v

[ Datei : C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2969 octets] - [14/10/2013 18:37:23]
AdwCleaner[S0].txt - [2894 octets] - [14/10/2013 18:39:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2954 octets] ##########
         

jrt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x86
Ran by skynet on 14.10.2013 at 18:44:33,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\skynet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk"
Successfully deleted: [File] "C:\Users\skynet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.10.2013 at 18:46:05,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

frst

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by skynet (administrator) on SKYNERD on 14-10-2013 18:46:54
Running from C:\Users\skynet\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Spotify Ltd) C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-10] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE590571A38C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\searchplugins\youtube.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\ich@maltegoetz.de
FF Extension: SearchIMDB - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\searchimdb@sogame.cat
FF Extension: isreaditlater - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\isreaditlater@ideashower.com.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{15a82062-5139-4855-9706-130a8a4be80c}.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "https://www.google.de/webhp?source=search_app"
CHR Plugin: (Shockwave Flash) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\skynet\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Checker Plus for Google Calendar\u2122) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\13.8.7_0
CHR Extension: (Stealthy) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-11-16] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [615440 2012-12-17] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-01-01] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [867344 2012-12-17] (<Turtle Entertainment>)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-11-16] (Duplex Secure Ltd.)
R3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1517056 2013-01-16] (C-Media Electronics Inc)
S3 ALSysIO; \??\C:\Users\skynet\AppData\Local\Temp\ALSysIO.sys [x]
S3 catchme; \??\C:\Users\skynet\AppData\Local\Temp\catchme.sys [x]
S2 eamonm; system32\DRIVERS\eamonm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 18:46 - 2013-10-14 18:46 - 00000914 _____ C:\Users\skynet\Desktop\JRT.txt
2013-10-14 18:44 - 2013-10-14 18:44 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 18:31 - 2013-10-14 18:40 - 00000000 ____D C:\AdwCleaner
2013-10-14 14:29 - 2013-10-14 14:30 - 00000079 _____ C:\Windows\wininit.ini
2013-10-14 14:25 - 2013-10-14 14:26 - 01032220 _____ (Thisisu) C:\Users\skynet\Downloads\JRT.exe
2013-10-14 14:02 - 2013-10-14 14:02 - 01048960 _____ C:\Users\skynet\Downloads\adwcleaner.exe
2013-10-14 13:25 - 2013-10-14 13:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-14 13:25 - 2013-10-14 13:25 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 13:25 - 2013-10-14 13:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-14 13:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-13 17:06 - 2013-10-13 17:06 - 00031236 _____ C:\ComboFix.txt
2013-10-13 16:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-13 16:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-13 16:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-13 16:43 - 2013-10-13 17:06 - 00000000 ____D C:\Qoobox
2013-10-13 16:43 - 2013-10-13 17:05 - 00000000 ____D C:\Windows\erdnt
2013-10-13 16:42 - 2013-10-13 16:42 - 05132083 ____R (Swearware) C:\Users\skynet\Downloads\ComboFix.exe
2013-10-13 11:07 - 2013-10-13 11:07 - 00037280 _____ C:\Users\skynet\Downloads\Addition.txt
2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 11:04 - 2013-10-13 11:05 - 01087213 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 21:55 - 2013-10-12 21:57 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:26 - 2013-10-12 12:26 - 00002084 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 12:26 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-12 12:26 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-12 12:26 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:25 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-12 12:24 - 2013-10-12 12:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:51 - 2013-10-14 18:27 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 02:58 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:58 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:58 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:58 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 01:58 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 01:58 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 01:58 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 01:58 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 01:58 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 01:58 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 01:58 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 01:58 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 01:58 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 01:58 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 01:58 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 01:58 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-08 17:38 - 2013-10-14 18:27 - 00016692 _____ C:\Windows\PFRO.log
2013-10-08 13:03 - 2013-10-14 18:41 - 00004368 _____ C:\Windows\setupact.log
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 20:45 - 2013-10-08 17:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:17 - 2013-10-08 17:38 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014
2013-09-19 12:49 - 2013-10-03 10:54 - 00000000 ____D C:\Users\skynet\Documents\06-marktforschung

==================== One Month Modified Files and Folders =======

2013-10-14 18:46 - 2013-10-14 18:46 - 00000914 _____ C:\Users\skynet\Desktop\JRT.txt
2013-10-14 18:46 - 2011-05-21 23:57 - 00000000 ____D C:\Users\skynet\Documents\05-pc
2013-10-14 18:44 - 2013-10-14 18:44 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 18:42 - 2011-04-15 22:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 18:41 - 2013-10-08 13:03 - 00004368 _____ C:\Windows\setupact.log
2013-10-14 18:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 18:40 - 2013-10-14 18:31 - 00000000 ____D C:\AdwCleaner
2013-10-14 18:40 - 2013-01-23 10:10 - 01897273 _____ C:\Windows\WindowsUpdate.log
2013-10-14 18:36 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-14 18:36 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-14 18:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-14 18:27 - 2013-10-12 11:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-14 18:27 - 2013-10-08 17:38 - 00016692 _____ C:\Windows\PFRO.log
2013-10-14 18:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2013-10-14 18:24 - 2012-08-24 15:38 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
2013-10-14 17:50 - 2011-04-15 22:42 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 14:30 - 2013-10-14 14:29 - 00000079 _____ C:\Windows\wininit.ini
2013-10-14 14:26 - 2013-10-14 14:25 - 01032220 _____ (Thisisu) C:\Users\skynet\Downloads\JRT.exe
2013-10-14 14:02 - 2013-10-14 14:02 - 01048960 _____ C:\Users\skynet\Downloads\adwcleaner.exe
2013-10-14 13:25 - 2013-10-14 13:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-14 13:25 - 2013-10-14 13:25 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 13:25 - 2013-10-14 13:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-13 22:03 - 2013-08-07 15:03 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-13 17:06 - 2013-10-13 17:06 - 00031236 _____ C:\ComboFix.txt
2013-10-13 17:06 - 2013-10-13 16:43 - 00000000 ____D C:\Qoobox
2013-10-13 17:06 - 2011-12-25 17:43 - 00000000 ____D C:\Users\warez
2013-10-13 17:06 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-13 17:06 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-13 17:05 - 2013-10-13 16:43 - 00000000 ____D C:\Windows\erdnt
2013-10-13 17:04 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-13 17:03 - 2011-04-15 23:20 - 00000000 ____D C:\Users\skynet
2013-10-13 16:42 - 2013-10-13 16:42 - 05132083 ____R (Swearware) C:\Users\skynet\Downloads\ComboFix.exe
2013-10-13 11:07 - 2013-10-13 11:07 - 00037280 _____ C:\Users\skynet\Downloads\Addition.txt
2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 11:05 - 2013-10-13 11:04 - 01087213 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-13 10:28 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-13 10:24 - 2012-08-24 15:38 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
2013-10-13 10:07 - 2013-01-29 12:27 - 00000000 ____D C:\Program Files\Steam
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-13 00:26 - 2011-04-15 22:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Adobe
2013-10-12 22:10 - 2011-05-21 22:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-12 22:03 - 2013-10-12 21:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 21:55 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:26 - 2013-10-12 12:26 - 00002084 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:25 - 2013-10-12 12:24 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 20:09 - 2013-09-02 14:42 - 00000000 ____D C:\Users\skynet\Documents\kollektif
2013-10-11 18:38 - 2013-09-02 15:01 - 00000000 ____D C:\Users\skynet\AppData\Roaming\vlc
2013-10-11 16:04 - 2013-08-21 13:50 - 00000000 ____D C:\Users\skynet\AppData\Local\JDownloader v2.0
2013-10-11 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 10:53 - 2009-07-14 06:33 - 01665296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:53 - 2002-01-01 01:19 - 00000000 ____D C:\Windows\Panther
2013-10-11 03:01 - 2011-04-15 23:22 - 01593806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 03:00 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:58 - 2011-05-15 15:50 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 16:56 - 2011-04-30 14:35 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Winamp
2013-10-10 16:31 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Spotify
2013-10-08 17:38 - 2013-09-27 20:45 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 17:38 - 2013-09-27 18:17 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014
2013-10-08 17:38 - 2013-03-18 19:37 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 11:59 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Local\Spotify
2013-10-08 11:57 - 2013-02-27 02:06 - 00000000 ____D C:\Users\skynet\AppData\Roaming\TS3Client
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:43 - 2013-01-23 13:36 - 00000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-08 10:43 - 2013-01-23 13:36 - 00000000 ____D C:\Program Files\CCleaner
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-07 11:21 - 2012-08-24 14:54 - 00002376 _____ C:\Users\skynet\Desktop\Google Chrome.lnk
2013-10-03 15:50 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Performance
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 10:54 - 2013-09-19 12:49 - 00000000 ____D C:\Users\skynet\Documents\06-marktforschung
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 10:55 - 2012-03-24 19:38 - 00129536 ___SH C:\Users\skynet\Documents\Thumbs.db
2013-09-27 10:54 - 2013-08-13 10:41 - 00017103 _____ C:\Users\skynet\Documents\shirtclub zitrone.ods
2013-09-23 12:36 - 2013-07-29 10:47 - 00014513 _____ C:\Users\skynet\Desktop\OpenDocument Text (neu).odt
2013-09-23 01:28 - 2013-10-11 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-11 02:58 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:30 - 2013-10-11 02:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-11 02:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-18 15:14 - 2013-05-31 14:20 - 00002601 _____ C:\Users\skynet\Desktop\Neues Textdokument.txt

Some content of TEMP:
====================
C:\Users\skynet\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 01:57

==================== End Of Log ============================
         
--- --- ---

Alt 15.10.2013, 09:07   #8
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.10.2013, 10:52   #9
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



getern abend erst dazu gekommen, hier weiter zu machen.
eset läuft seit 11 std... 93%
2 treats.
kann es sein, dass er sich aufgehängt hat währenddessen?

Alt 16.10.2013, 11:28   #10
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



der dauert schon stunden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.10.2013, 00:46   #11
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



hatte es dann abgebrochen nach 11 std.
neustart: mittlerweile dauert es 54 std!
es "hängt" an einem backup set 2012-09-09 190002. was auch immer das ist. da kommt der scanner nur sehr langsam vorwärts. erst gings recht fix. so 10 min für 30%. dann gut 8 std bis 93%. von 93% auf 94% hat es über 12 std gedauert. und da bin ich jetzt auch noch..
andere möglichkeit gibt wohl nicht?

immer noch 94...

Alt 19.10.2013, 14:49   #12
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



Ok, lass ESET weg und mach nen Vollscan mit deinem AV Programm.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.10.2013, 10:17   #13
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



doch noch fertig geworden
(waren ja nur fast 72 std)

eset log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9af79396b215834691ea6cbab6aaba36
# engine=15500
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-16 09:52:14
# local_time=2013-10-16 11:52:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 90093 158627006 0 0
# compatibility_mode=5893 16776573 100 94 89920 133548325 0 0
# scanned=245324
# found=2
# cleaned=0
# scan_time=39847
sh=AE4A22F14D19ED4F0CFF2780CD4206F62BCC003A ft=1 fh=eb68dac137db7a4e vn="Win32/RiskWare.HackAV.MQ application" ac=I fn="C:\Users\skynet\Downloads\ESET NOD32 Antivirus 6\box, mara-fix 1.7\Eset fix.exe"
sh=F4E1A0B30C2633EC3585AEDEB8E3164CF1D0694F ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\skyrmwithallpackages\drgnbrn\SK_DRGB_GK13\SK_DRGB_GK13\rld-tesvskdb.iso"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9af79396b215834691ea6cbab6aaba36
# engine=15503
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-20 04:27:47
# local_time=2013-10-20 06:27:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 416226 158953139 0 0
# compatibility_mode=5893 16776573 100 94 416053 133874458 0 0
# scanned=251653
# found=9
# cleaned=0
# scan_time=66716
sh=AE4A22F14D19ED4F0CFF2780CD4206F62BCC003A ft=1 fh=eb68dac137db7a4e vn="Win32/RiskWare.HackAV.MQ application" ac=I fn="C:\Users\skynet\Downloads\ESET NOD32 Antivirus 6\box, mara-fix 1.7\Eset fix.exe"
sh=F4E1A0B30C2633EC3585AEDEB8E3164CF1D0694F ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\skyrmwithallpackages\drgnbrn\SK_DRGB_GK13\SK_DRGB_GK13\rld-tesvskdb.iso"
sh=0B00B130CA5635D87E6AB4A247F18E215CDF7A2B ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH trojan" ac=I fn="H:\SKYNERD\Backup Set 2012-11-25 190000\Backup Files 2013-01-07 113430\Backup files 3.zip"
sh=69AA171816379B9BF87605B54036FC4BF6FB2CB3 ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH trojan" ac=I fn="H:\SKYNERD\Backup Set 2013-02-17 190000\Backup Files 2013-02-17 190000\Backup files 13.zip"
sh=4F98360710FE9497E352C9E9387BEDFB031CA454 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\SKYNERD\Backup Set 2013-03-25 112314\Backup Files 2013-03-25 112314\Backup files 19.zip"
sh=7A5ADA3C6C2B2F7BF3528282A4E34D4C3B7A8FB6 ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.MQ application" ac=I fn="H:\SKYNERD\Backup Set 2013-04-28 190001\Backup Files 2013-04-28 190001\Backup files 14.zip"
sh=A263D43BDE61A37F58CB78224AA301BFF308CA9E ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.MQ application" ac=I fn="H:\SKYNERD\Backup Set 2013-06-16 190011\Backup Files 2013-06-16 190011\Backup files 18.zip"
sh=297EE54825F3992D89BBBB8DAAC5B26BC1B90C93 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="H:\SKYNERD\Backup Set 2013-06-16 190011\Backup Files 2013-06-30 190000\Backup files 3.zip"
sh=9B2AEE1ACB78D5978F2BF3BA9C0E2888020D3EC2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\SKYNERD\Backup Set 2013-07-28 190006\Backup Files 2013-07-28 190006\Backup files 18.zip"
         
security scan
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 11  
 Java version out of Date! 
 Adobe Reader XI  
 Mozilla Thunderbird (24.0.1) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
frst

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by skynet (administrator) on SKYNERD on 20-10-2013 11:15:57
Running from C:\Users\skynet\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9394792 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-10] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE590571A38C3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\skynet\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\searchplugins\youtube.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\ich@maltegoetz.de
FF Extension: SearchIMDB - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\searchimdb@sogame.cat
FF Extension: isreaditlater - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\isreaditlater@ideashower.com.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{15a82062-5139-4855-9706-130a8a4be80c}.xpi
FF Extension: No Name - C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (ProxTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Google Docs) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Checker Plus for Google Calendar\u2122) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\13.8.11_0
CHR Extension: (Stealthy) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Users\skynet\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-11-16] (Advanced Micro Devices, Inc.)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [615440 2012-12-17] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-01-01] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [867344 2012-12-17] (<Turtle Entertainment>)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-11-16] (Duplex Secure Ltd.)
R3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1517056 2013-01-16] (C-Media Electronics Inc)
S3 ALSysIO; \??\C:\Users\skynet\AppData\Local\Temp\ALSysIO.sys [x]
S3 catchme; \??\C:\Users\skynet\AppData\Local\Temp\catchme.sys [x]
S2 eamonm; system32\DRIVERS\eamonm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 11:14 - 2013-10-20 11:14 - 01087515 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-18 05:27 - 2013-10-18 05:29 - 00000000 ____D C:\Users\skynet\Downloads\American.Horror.Story.S01E01.Neuanfang.German.DD51.Dubbed.DL.720p.iTunesHD.AVC-TVS
2013-10-17 23:01 - 2013-10-17 23:35 - 104857600 _____ C:\Users\skynet\Downloads\AHS S01E01 (720p).part01.rar
2013-10-15 15:49 - 2013-10-16 21:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-15 10:52 - 2013-10-15 10:52 - 02347384 _____ (ESET) C:\Users\skynet\Downloads\esetsmartinstaller_enu.exe
2013-10-15 10:52 - 2013-10-15 10:52 - 00891167 _____ C:\Users\skynet\Desktop\SecurityCheck.exe
2013-10-14 18:46 - 2013-10-14 18:46 - 00000914 _____ C:\Users\skynet\Desktop\JRT.txt
2013-10-14 18:44 - 2013-10-14 18:44 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 18:31 - 2013-10-14 18:40 - 00000000 ____D C:\AdwCleaner
2013-10-14 14:29 - 2013-10-14 14:30 - 00000079 _____ C:\Windows\wininit.ini
2013-10-14 14:25 - 2013-10-14 14:26 - 01032220 _____ (Thisisu) C:\Users\skynet\Downloads\JRT.exe
2013-10-14 14:02 - 2013-10-14 14:02 - 01048960 _____ C:\Users\skynet\Downloads\adwcleaner.exe
2013-10-14 13:25 - 2013-10-14 13:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-14 13:25 - 2013-10-14 13:25 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 13:25 - 2013-10-14 13:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-14 13:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-13 17:06 - 2013-10-13 17:06 - 00031236 _____ C:\ComboFix.txt
2013-10-13 16:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-13 16:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-13 16:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-13 16:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-13 16:43 - 2013-10-13 17:06 - 00000000 ____D C:\Qoobox
2013-10-13 16:43 - 2013-10-13 17:05 - 00000000 ____D C:\Windows\erdnt
2013-10-13 16:42 - 2013-10-13 16:42 - 05132083 ____R (Swearware) C:\Users\skynet\Downloads\ComboFix.exe
2013-10-13 11:07 - 2013-10-13 11:07 - 00037280 _____ C:\Users\skynet\Downloads\Addition.txt
2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 21:55 - 2013-10-12 21:57 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:26 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:24 - 2013-10-12 12:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:51 - 2013-10-14 18:27 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 02:58 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 02:58 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 02:58 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 02:58 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 02:58 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 02:58 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 01:58 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 01:58 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 01:58 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 01:58 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 01:58 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 01:58 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 01:58 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 01:58 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 01:58 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 01:58 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 01:58 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 01:58 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 01:58 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 01:58 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 01:58 - 2012-11-29 00:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-08 17:38 - 2013-10-14 18:27 - 00016692 _____ C:\Windows\PFRO.log
2013-10-08 13:03 - 2013-10-20 10:23 - 00007168 _____ C:\Windows\setupact.log
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 20:45 - 2013-10-08 17:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:17 - 2013-10-08 17:38 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014

==================== One Month Modified Files and Folders =======

2013-10-20 11:14 - 2013-10-20 11:14 - 01087515 _____ (Farbar) C:\Users\skynet\Downloads\FRST.exe
2013-10-20 11:05 - 2011-04-15 22:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Adobe
2013-10-20 10:56 - 2011-04-15 22:42 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 10:24 - 2012-08-24 15:38 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
2013-10-20 10:24 - 2012-08-24 15:38 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
2013-10-20 10:23 - 2013-10-08 13:03 - 00007168 _____ C:\Windows\setupact.log
2013-10-20 03:00 - 2013-01-23 10:10 - 02058366 _____ C:\Windows\WindowsUpdate.log
2013-10-19 22:56 - 2011-04-15 22:42 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 18:24 - 2013-09-02 15:01 - 00000000 ____D C:\Users\skynet\AppData\Roaming\vlc
2013-10-19 17:08 - 2013-08-21 13:50 - 00000000 ____D C:\Users\skynet\AppData\Local\JDownloader v2.0
2013-10-18 14:28 - 2012-08-24 14:54 - 00002376 _____ C:\Users\skynet\Desktop\Google Chrome.lnk
2013-10-18 05:29 - 2013-10-18 05:27 - 00000000 ____D C:\Users\skynet\Downloads\American.Horror.Story.S01E01.Neuanfang.German.DD51.Dubbed.DL.720p.iTunesHD.AVC-TVS
2013-10-17 23:35 - 2013-10-17 23:01 - 104857600 _____ C:\Users\skynet\Downloads\AHS S01E01 (720p).part01.rar
2013-10-16 21:39 - 2013-10-15 15:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-15 23:17 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 23:17 - 2009-07-14 06:34 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 23:09 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 10:52 - 2013-10-15 10:52 - 02347384 _____ (ESET) C:\Users\skynet\Downloads\esetsmartinstaller_enu.exe
2013-10-15 10:52 - 2013-10-15 10:52 - 00891167 _____ C:\Users\skynet\Desktop\SecurityCheck.exe
2013-10-15 10:51 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-14 19:05 - 2012-03-24 19:38 - 00129536 ___SH C:\Users\skynet\Documents\Thumbs.db
2013-10-14 18:49 - 2011-05-21 23:57 - 00000000 ____D C:\Users\skynet\Documents\05-pc
2013-10-14 18:46 - 2013-10-14 18:46 - 00000914 _____ C:\Users\skynet\Desktop\JRT.txt
2013-10-14 18:44 - 2013-10-14 18:44 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 18:40 - 2013-10-14 18:31 - 00000000 ____D C:\AdwCleaner
2013-10-14 18:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-14 18:27 - 2013-10-12 11:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-14 18:27 - 2013-10-08 17:38 - 00016692 _____ C:\Windows\PFRO.log
2013-10-14 18:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2013-10-14 14:30 - 2013-10-14 14:29 - 00000079 _____ C:\Windows\wininit.ini
2013-10-14 14:26 - 2013-10-14 14:25 - 01032220 _____ (Thisisu) C:\Users\skynet\Downloads\JRT.exe
2013-10-14 14:02 - 2013-10-14 14:02 - 01048960 _____ C:\Users\skynet\Downloads\adwcleaner.exe
2013-10-14 13:25 - 2013-10-14 13:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-10-14 13:25 - 2013-10-14 13:25 - 00001076 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 13:25 - 2013-10-14 13:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-13 17:06 - 2013-10-13 17:06 - 00031236 _____ C:\ComboFix.txt
2013-10-13 17:06 - 2013-10-13 16:43 - 00000000 ____D C:\Qoobox
2013-10-13 17:06 - 2011-12-25 17:43 - 00000000 ____D C:\Users\warez
2013-10-13 17:06 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-13 17:06 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-13 17:05 - 2013-10-13 16:43 - 00000000 ____D C:\Windows\erdnt
2013-10-13 17:04 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-13 17:03 - 2011-04-15 23:20 - 00000000 ____D C:\Users\skynet
2013-10-13 16:42 - 2013-10-13 16:42 - 05132083 ____R (Swearware) C:\Users\skynet\Downloads\ComboFix.exe
2013-10-13 11:07 - 2013-10-13 11:07 - 00037280 _____ C:\Users\skynet\Downloads\Addition.txt
2013-10-13 11:05 - 2013-10-13 11:05 - 00000000 ____D C:\FRST
2013-10-13 10:07 - 2013-01-29 12:27 - 00000000 ____D C:\Program Files\Steam
2013-10-13 00:35 - 2013-10-13 00:35 - 00000000 ____D C:\Users\skynet\Documents\facebook pics
2013-10-12 22:10 - 2011-05-21 22:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-12 22:03 - 2013-10-12 21:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-10-12 22:02 - 2013-10-12 22:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-10-12 21:57 - 2013-10-12 21:55 - 09186416 _____ (SurfRight B.V.) C:\Users\skynet\Downloads\hitmanpro.exe
2013-10-12 12:25 - 2013-10-12 12:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 12:25 - 2013-10-12 12:24 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 12:23 - 2013-10-12 12:23 - 131918888 _____ C:\Users\skynet\Downloads\avast_free_antivirus_setup.exe
2013-10-12 12:23 - 2013-10-12 12:23 - 122946048 _____ C:\Users\skynet\Downloads\avira14_free_antivirus_de.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-12 11:52 - 2013-10-12 11:52 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-12 11:51 - 2013-10-12 11:51 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\skynet\Downloads\spybotsd-2.1.21-SR2.exe
2013-10-11 20:09 - 2013-09-02 14:42 - 00000000 ____D C:\Users\skynet\Documents\kollektif
2013-10-11 11:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 10:53 - 2009-07-14 06:33 - 01665296 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:53 - 2002-01-01 01:19 - 00000000 ____D C:\Windows\Panther
2013-10-11 03:01 - 2011-04-15 23:22 - 01593806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 03:00 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 02:58 - 2011-05-15 15:50 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 16:56 - 2011-04-30 14:35 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Winamp
2013-10-10 16:31 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Roaming\Spotify
2013-10-08 17:38 - 2013-09-27 20:45 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 17:38 - 2013-09-27 18:17 - 00000000 ____D C:\Users\skynet\AppData\Local\Avg2014
2013-10-08 17:38 - 2013-03-18 19:37 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 13:03 - 2013-10-08 13:03 - 00000000 _____ C:\Windows\setuperr.log
2013-10-08 11:59 - 2013-02-20 17:41 - 00000000 ____D C:\Users\skynet\AppData\Local\Spotify
2013-10-08 11:57 - 2013-02-27 02:06 - 00000000 ____D C:\Users\skynet\AppData\Roaming\TS3Client
2013-10-08 10:43 - 2013-10-08 10:43 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406 (1).exe
2013-10-08 10:43 - 2013-01-23 13:36 - 00000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-08 10:43 - 2013-01-23 13:36 - 00000000 ____D C:\Program Files\CCleaner
2013-10-08 10:29 - 2013-10-08 10:29 - 04369632 _____ (Piriform Ltd) C:\Users\skynet\Downloads\ccsetup406.exe
2013-10-03 15:50 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Performance
2013-10-03 13:22 - 2013-10-03 13:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\skynet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 10:54 - 2013-09-19 12:49 - 00000000 ____D C:\Users\skynet\Documents\06-marktforschung
2013-10-01 14:39 - 2013-10-01 14:39 - 00161093 _____ C:\Users\skynet\Downloads\proxtube_1.2.4.crx
2013-10-01 14:39 - 2013-10-01 14:39 - 00000000 ____D C:\Users\skynet\Downloads\00.extensionschrome
2013-09-27 10:54 - 2013-08-13 10:41 - 00017103 _____ C:\Users\skynet\Documents\shirtclub zitrone.ods
2013-09-23 12:36 - 2013-07-29 10:47 - 00014513 _____ C:\Users\skynet\Desktop\OpenDocument Text (neu).odt
2013-09-23 01:28 - 2013-10-11 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-11 02:58 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-11 02:58 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 02:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:30 - 2013-10-11 02:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-11 02:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\skynet\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 01:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 20.10.2013, 17:34   #14
schrauber
/// the machine
/// TB-Ausbilder
 

rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.10.2013, 15:05   #15
adh
 
rechner startet sehr langsam; ip blacklisted (botnet infection) - Standard

rechner startet sehr langsam; ip blacklisted (botnet infection)



okay, soweit alles gemacht. java update, alles "andere" entfernt, etc
ccleaner werde ich dann mal schnellstens entsorgen. (von allen rechnern *hust* )
surfe mit chrome, nicht ie. hab dort eigentlich auch diverse add-ons, die der sicherheit dienen aktiviert. hab wot mal hinzugefügt.
die automatischen updates von windows waren eigentlich immer aktiviert. danke für die anderen tipps.
eine letzte frage hab ich noch, bevor das dann geschlossen/ab-abonniert werden kann:
wo genau haben wir denn nun die threads entschärft, die der eset gefunden hatte? war doch lediglich ein scan, oder?
Zitat:
Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
oder sollte die mein normales virenprogramm nun auch finden und löschen können? vorher war das offensichtlich nicht der fall?! zu welchem programm würdest du mir denn hier raten? bisher hatte ich avast. ob ich damit zufrieden bin, weiß ich nicht so recht, immerhin hat der virus (gabs überhaupt einen?) sich dort auch eingenistet und auto-updates ausgeschaltet und so weiter..

und natürlich: kann ich jetzt beantragen, von der blacklist (siehe ausgangspost) wieder entfernt zu werden ohne befürchten zu müssen, dass ich da gleich wieder drauf lande und dann ggf permanent?

Antwort

Themen zu rechner startet sehr langsam; ip blacklisted (botnet infection)
bot, check, email, folge, folgendes, funktioniert, gen, hängen, illegal, infected, internet, langsam, malware, not, opera, pcs, probleme, rechner, server, smtp, startet, virus, windows, workstation, zusätzlich



Ähnliche Themen: rechner startet sehr langsam; ip blacklisted (botnet infection)


  1. Windows bzw. ganzer Rechner läuft sehr sehr langsam.....
    Plagegeister aller Art und deren Bekämpfung - 28.09.2015 (11)
  2. Rechner startet ziemlich langsam, Firefox sehr lahm
    Log-Analyse und Auswertung - 11.09.2015 (21)
  3. Win8.1 startet sehr langsam und fährt auch langsam herunter, Festplattenauslastung
    Alles rund um Windows - 27.04.2014 (8)
  4. Notebook startet sehr langsam und Performance ist sehr schlecht
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (15)
  5. Der Rechner startet sehr langsam und es gibt Probleme mit Viren bzw. Adware
    Log-Analyse und Auswertung - 11.11.2013 (3)
  6. Gerät startet sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (14)
  7. Rechner kann Systemabbild nicht schreiben und startet sehr langsam
    Log-Analyse und Auswertung - 24.09.2013 (5)
  8. Rechner startet sehr langsam
    Alles rund um Windows - 03.07.2013 (5)
  9. Laptop startet sehr langsam
    Alles rund um Windows - 28.12.2012 (10)
  10. Rechner startet sehr langsam und Programme brauchen ewig zum öffnen
    Log-Analyse und Auswertung - 09.03.2009 (1)
  11. Mein rechner ist seit eine viren attake sehr sehr langsam
    Log-Analyse und Auswertung - 10.02.2009 (0)
  12. PC Startet sehr langsam
    Log-Analyse und Auswertung - 29.07.2008 (3)
  13. Windows startet sehr langsam
    Log-Analyse und Auswertung - 28.02.2008 (4)
  14. PC startet sehr, sehr langsam!!!
    Log-Analyse und Auswertung - 06.01.2008 (1)
  15. Bei ICQ-Start startet Rechner neu. Dannach ist Rechner langsam
    Log-Analyse und Auswertung - 19.11.2007 (2)
  16. IExplorer startet sehr langsam
    Log-Analyse und Auswertung - 23.11.2006 (1)
  17. pc startet sehr langsam
    Log-Analyse und Auswertung - 05.09.2005 (6)

Zum Thema rechner startet sehr langsam; ip blacklisted (botnet infection) - hallo, vermutlich hängen beide probleme zusammen. es dauert ewig vom windows logo über den willkommensbildschirm bis hin zum desktop. (dann auch noch mal ne ganze weile, bis ich dort was - rechner startet sehr langsam; ip blacklisted (botnet infection)...
Archiv
Du betrachtest: rechner startet sehr langsam; ip blacklisted (botnet infection) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.