Pop Up System32 beim starten des PC verschwindet sofort wieder PC ist sehr langsam geworden.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d61975459f74b7429fc2c028ad676718
# engine=13249
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-26 10:25:51
# local_time=2013-02-26 11:25:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 88 13184 138627423 0 0
# compatibility_mode=5893 16776574 100 94 25065 113547401 0 0
# scanned=229482
# found=4
# cleaned=0
# scan_time=8242
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2174489219-974603214-2956640213-1004\$623235fd9acb63d37cd05f847f298693\U\00000004.@.vir"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2174489219-974603214-2956640213-1004\$623235fd9acb63d37cd05f847f298693\U\000000cb.@.vir"
sh=061A3739739904F13A5B9ADCBF4AC2E8A3157B18 ft=1 fh=3f70b78fb0084ee4 vn="Win64/Sirefef.AW trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2174489219-974603214-2956640213-1004\$623235fd9acb63d37cd05f847f298693\U\80000000.@.vir"
sh=75BB04900AC0028C289D41EC423A1C898DB67CE2 ft=1 fh=2b46c437d4ba4830 vn="a variant of Win64/Sirefef.AN trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2174489219-974603214-2956640213-1004\$623235fd9acb63d37cd05f847f298693\U\80000064.@.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d61975459f74b7429fc2c028ad676718
# engine=13399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-16 10:37:25
# local_time=2013-03-16 11:37:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 91 349283 140140117 0 0
# compatibility_mode=5893 16776574 100 94 1541359 115060095 0 0
# scanned=183248
# found=0
# cleaned=0
# scan_time=58802
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d61975459f74b7429fc2c028ad676718
# engine=22587
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-21 09:42:38
# local_time=2015-02-21 10:42:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 92 6260848 188975448 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 51020789 176184808 0 0
# scanned=113699
# found=2
# cleaned=0
# scan_time=5537
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bina\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=C058C543D91955AA533C6C6840DCB1DC67E746B6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bina\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx"
         

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : BINA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Bina-PC\Bina
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-02-21 22:53:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 1.881.979
   Files scanned . . . . : 44.178
   Remnants scanned  . . : 668.268 files / 1.169.533 keys

Suspicious files ____________________________________________________________

   C:\Users\Bina\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 953.905 bytes
      Age  . . . . . . . : 971.1 days (2012-06-25 20:00:51)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9A5BDD44D0817FE21A154412B5989E157455BC24ADBCB238376F73FCEFB14696
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Bina\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 138.992 bytes
      Age  . . . . . . . : 971.1 days (2012-06-25 20:01:22)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 17E604316606C999C87C896508B3525E4897DFA1522FEE01B86524F46B3D9B3D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Bina\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
      Size . . . . . . . : 957.254 bytes
      Age  . . . . . . . : 800.4 days (2012-12-13 13:46:34)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 119B810057B5BEB396E0788D092661B805D7E9AF1AD066BA3BD952DBA6064C82
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Bina\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
      Size . . . . . . . : 141.072 bytes
      Age  . . . . . . . : 800.4 days (2012-12-13 13:47:00)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C3A38891678AC34784E90D385B3DDEAC690E11E05A7657F9D287E7DC373D2592
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Bina\Desktop\FRST64.exe
      Size . . . . . . . : 2.086.912 bytes
      Age  . . . . . . . : 20.4 days (2015-02-01 12:32:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : CF3043EEDAACEDF33C72A84670D8C24560054CEC81AB37FA58B3A4E1965A74F5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Bina\Desktop\FRST64.exe
          0.0s C:\Users\Bina\Downloads\FRST-OlderVersion\FRST64.exe

   C:\Users\Bina\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.131.456 bytes
      Age  . . . . . . . : 20.4 days (2015-02-01 12:32:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 75A43C7DCD832E78EE09AFE27A6C3C8EF33470D1323A781EEC04E13E4F3197A0
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Bina\Desktop\FRST64.exe
          0.0s C:\Users\Bina\Downloads\FRST-OlderVersion\FRST64.exe


Potential Unwanted Programs _________________________________________________

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)